Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant clean virus, or its not found? many problems


  • Please log in to reply

#1
karenM5757

karenM5757

    Member

  • Member
  • PipPip
  • 19 posts
Usual symptoms at first slow cmptr, 100% CPU usage, connection problems, progressed to icons/shortcuts will not work I tried fixit solutions no luck. I have run spybot, MSE , tdsskiller,cccleaner, some free online scans etc , the only thing found are trojans, I remove them but they come back. Problems getting worse recycle bin corrupt i saw. Some malware removed,comes back. services get turned off, security get turned off, files missing. All bad. I have't the time to learn how to on removal. My laptop is shared and i believe porn is where it started? Dont know what to look for in logs, I may have made it worse running and fixing without knowing what I was doing and in a hurry.
I really do not know where to start or go from here, I appreciate your patience and your time greatly.
Thank you in advance for your assistance if you can.

OTL logfile created on: 4/5/2013 10:44:43 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\karen whatever1\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 38.72% Memory free
6.86 Gb Paging File | 4.07 Gb Available in Paging File | 59.33% Paging File free
Paging file location(s): c:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 179.07 Gb Free Space | 60.09% Space Free | Partition Type: NTFS

Computer Name: KARENWHATEVER1 | User Name: karen whatever1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/05 10:43:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\karen whatever1\Downloads\OTL.exe
PRC - [2013/03/21 15:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 15:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll
MOD - [2013/03/21 15:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013/03/21 15:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/21 15:49:41 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013/03/21 15:49:40 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013/03/21 15:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/07/29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/03 20:35:28 | 000,183,264 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV:64bit: - [2013/02/03 20:35:22 | 000,552,928 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2013/02/03 20:32:58 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/05 16:55:08 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2011/04/08 17:09:28 | 000,290,816 | ---- | M] (Puran Software) [On_Demand | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/16 19:10:46 | 001,039,872 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2009/10/02 15:24:36 | 000,786,976 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/09/04 16:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2013/03/13 01:49:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/22 11:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/12/20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/12/07 23:34:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/13 18:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/15 17:32:06 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2013/02/11 21:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2013/02/03 20:32:42 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/23 12:03:56 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2011/06/07 13:35:46 | 000,389,664 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/06/07 13:35:44 | 000,067,360 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 01:57:54 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/08 17:03:46 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/08 20:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/18 20:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...f4-001f1699175e
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...f4-001f1699175e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {B9DC1357-8AC5-460D-AF25-55F9B3CBD6FC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B9DC1357-8AC5-460D-AF25-55F9B3CBD6FC}: "URL" = http://search.certif...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://search.certif...e=true&tid=592"
FF - prefs.js..keyword.URL: "http://search.certif...592&bs=true&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files (x86)\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\karen whatever1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\karen whatever1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\karen whatever1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/06 22:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/13 12:38:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/31 16:56:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/31 16:56:19 | 000,000,000 | ---D | M]

[2013/03/22 01:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions
[2011/12/31 01:07:41 | 000,000,000 | ---D | M] (AP Layers) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions\[email protected]
[2011/12/31 01:07:26 | 000,000,000 | ---D | M] (GetDislike) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions\[email protected]
[2012/01/01 18:29:19 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions\[email protected]
[2012/05/21 02:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions\staged
[2012/05/21 02:08:17 | 000,021,699 | ---- | M] () (No name found) -- C:\Users\karen whatever1\AppData\Roaming\Mozilla\Firefox\Profiles\eqw61min.default\extensions\staged\[email protected]
[2013/04/04 19:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/24 00:23:33 | 000,003,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DX Studio Plugin (Enabled) = C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npDXStudioPlugin.DLL
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\karen whatever1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\karen whatever1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\karen whatever1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2013/03/24 23:25:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (no name) - {3D8C4102-F73D-4fb2-96A1-264BF5D98DB6} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30421E54-3B57-4E5B-947C-9B6BEEA57683} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\karen whatever1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/08/25 03:36:45 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26FC7D72-85D1-4146-9240-206EF9DA641B}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9056C828-04FA-4518-B67C-A3B198B3C305}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE9F0A9B-B95D-4B3C-87F9-AEB72EB155B7}: DhcpNameServer = 192.168.14.1 66.233.170.12 64.13.115.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC403430-B48A-4DAD-96B5-5F433F845AFE}: DhcpNameServer = 66.233.170.12 64.13.115.12
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 19:57:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/04 19:52:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/04/02 23:52:27 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\jeffgames
[2013/03/30 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\me
[2013/03/30 20:06:52 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/03/27 15:31:42 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\court
[2013/03/24 23:04:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/24 23:04:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/24 23:04:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/24 15:56:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/24 15:55:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/24 15:48:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/23 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/03/23 22:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/03/23 22:32:01 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/03/23 22:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaagniPico
[2013/03/23 22:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MaagniPico
[2013/03/23 22:08:32 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Roaming\player
[2013/03/22 12:43:04 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013/03/22 12:43:04 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013/03/22 12:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2013/03/22 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2013/03/22 12:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2013/03/22 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\FORSALE
[2013/03/20 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\JW
[2013/03/19 14:45:21 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Local\Temp
[2013/03/17 22:31:55 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Documents\Graboid
[2013/03/17 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Local\Graboid_Inc
[2013/03/17 22:24:20 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Local\Graboid Inc
[2013/03/17 22:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2013/03/17 22:24:18 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Local\Graboid
[2013/03/17 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2013/03/17 22:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2013/03/17 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/03/17 22:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2013/03/17 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/03/15 17:54:03 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\AppData\Roaming\QuickScan
[2013/03/14 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\karen whatever1\Desktop\PDFW2s-(3.14.2013)-(19.46.40.550)
[2013/03/14 17:35:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\W2 Mate 2012
[2013/03/10 12:54:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/03/10 02:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/03/10 02:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/09/28 15:27:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\karen whatever1\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/04/05 10:48:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 10:26:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/05 10:01:24 | 000,879,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/05 10:01:24 | 000,733,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/05 10:01:24 | 000,145,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/05 10:01:23 | 000,010,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 10:01:23 | 000,010,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 09:58:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-382808121-4162746689-1787036098-1000UA.job
[2013/04/05 09:56:17 | 000,000,443 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/04/05 09:55:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/04/05 09:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 00:58:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-382808121-4162746689-1787036098-1000Core.job
[2013/04/04 21:30:52 | 000,000,988 | RHS- | M] () -- C:\Users\karen whatever1\ntuser.pol
[2013/04/04 19:33:46 | 000,000,306 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB15B311-6F61-42D5-80BF-666934BCAE28}.job
[2013/04/04 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/04/04 13:19:20 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013/04/03 13:22:05 | 000,000,134 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Microsoft Fix it.url
[2013/04/02 23:48:37 | 000,001,058 | ---- | M] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/04/02 11:15:26 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2013/04/01 01:10:14 | 000,001,057 | ---- | M] () -- C:\Users\karen whatever1\AppData\Roaming\vso_ts_preview.xml
[2013/04/01 00:00:33 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/30 14:23:57 | 000,000,020 | ---- | M] () -- C:\0.bak
[2013/03/29 21:15:52 | 000,000,632 | ---- | M] () -- C:\0
[2013/03/28 13:59:31 | 000,115,425 | ---- | M] () -- C:\Users\karen whatever1\Desktop\416016a0.pdf
[2013/03/25 15:43:47 | 006,061,909 | ---- | M] () -- C:\Users\karen whatever1\Desktop\all.zip
[2013/03/24 23:51:02 | 000,002,260 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Google Chrome (2).lnk
[2013/03/24 23:25:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/24 23:17:34 | 000,007,601 | ---- | M] () -- C:\Users\karen whatever1\AppData\Local\Resmon.ResmonCfg
[2013/03/24 22:58:44 | 000,001,301 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Microsoft Security Client - Shortcut.lnk
[2013/03/24 15:16:19 | 000,001,354 | ---- | M] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/24 15:16:19 | 000,001,330 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Spybot - Search & Destroy.lnk
[2013/03/24 15:03:57 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 15:03:57 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/24 11:35:39 | 000,428,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/23 22:33:33 | 000,001,306 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Revo Uninstaller.lnk
[2013/03/23 22:32:06 | 000,001,143 | ---- | M] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/23 22:32:03 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/23 22:23:15 | 000,000,112 | ---- | M] () -- C:\prefs.js
[2013/03/23 21:30:27 | 000,028,614 | ---- | M] () -- C:\Users\karen whatever1\Desktop\cc_20130323_212828.reg
[2013/03/22 16:32:37 | 000,221,616 | ---- | M] () -- C:\Users\karen whatever1\Desktop\6766828_ra.jpg;canvasHeight=500
[2013/03/17 22:23:40 | 000,001,323 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Graboid Video.lnk
[2013/03/17 00:44:59 | 000,004,582 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Download (1).pdf
[2013/03/16 20:16:55 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/16 20:16:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/15 17:32:06 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2013/03/14 23:23:04 | 000,138,823 | ---- | M] () -- C:\Users\karen whatever1\Desktop\xxxxxxz.JPG
[2013/03/14 23:05:50 | 000,199,493 | ---- | M] () -- C:\Users\karen whatever1\Desktop\l.JPG
[2013/03/14 21:13:47 | 000,188,538 | ---- | M] () -- C:\Users\karen whatever1\Desktop\w2.JPG
[2013/03/12 22:33:10 | 000,016,917 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Co-Founder Equity Calculator.htm
[2013/03/12 14:22:08 | 000,332,436 | ---- | M] () -- C:\Users\karen whatever1\Desktop\CreditCheck® Total.htm
[2013/03/12 01:59:59 | 000,134,524 | ---- | M] () -- C:\Users\karen whatever1\Desktop\cc_20130312_015758.reg
[2013/03/11 15:35:59 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/03/10 14:33:50 | 000,002,802 | ---- | M] () -- C:\Users\karen whatever1\Desktop\Google.lnk
[2013/03/06 11:26:11 | 000,583,576 | ---- | M] () -- C:\Users\karen whatever1\Desktop\cbsidlm-tr1_11-Paycheck_Stub_Templates-SEO-75758618.exe
[2013/03/06 10:52:01 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/04/04 21:25:57 | 000,000,988 | RHS- | C] () -- C:\Users\karen whatever1\ntuser.pol
[2013/04/04 19:33:46 | 000,000,306 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB15B311-6F61-42D5-80BF-666934BCAE28}.job
[2013/04/03 13:22:05 | 000,000,134 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Microsoft Fix it.url
[2013/04/02 23:48:37 | 000,001,058 | ---- | C] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/03/30 14:23:57 | 000,000,020 | ---- | C] () -- C:\0.bak
[2013/03/28 13:59:30 | 000,115,425 | ---- | C] () -- C:\Users\karen whatever1\Desktop\416016a0.pdf
[2013/03/28 12:24:59 | 000,000,632 | ---- | C] () -- C:\0
[2013/03/25 15:43:34 | 006,061,909 | ---- | C] () -- C:\Users\karen whatever1\Desktop\all.zip
[2013/03/24 23:51:02 | 000,002,260 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Google Chrome (2).lnk
[2013/03/24 23:04:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/24 23:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/24 23:04:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/24 23:04:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/24 23:04:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/24 22:58:44 | 000,001,301 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Microsoft Security Client - Shortcut.lnk
[2013/03/24 11:35:27 | 000,428,272 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/23 22:33:33 | 000,001,306 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Revo Uninstaller.lnk
[2013/03/23 22:32:05 | 000,001,143 | ---- | C] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/03/23 22:32:03 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/03/23 22:23:15 | 000,000,112 | ---- | C] () -- C:\prefs.js
[2013/03/23 21:28:43 | 000,028,614 | ---- | C] () -- C:\Users\karen whatever1\Desktop\cc_20130323_212828.reg
[2013/03/22 16:32:32 | 000,221,616 | ---- | C] () -- C:\Users\karen whatever1\Desktop\6766828_ra.jpg;canvasHeight=500
[2013/03/17 22:23:40 | 000,001,323 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Graboid Video.lnk
[2013/03/17 00:44:54 | 000,004,582 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Download (1).pdf
[2013/03/16 20:16:55 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/16 20:16:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/15 17:32:06 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2013/03/14 23:11:07 | 000,138,823 | ---- | C] () -- C:\Users\karen whatever1\Desktop\xxxxxxz.JPG
[2013/03/14 23:05:48 | 000,199,493 | ---- | C] () -- C:\Users\karen whatever1\Desktop\l.JPG
[2013/03/14 21:13:47 | 000,188,538 | ---- | C] () -- C:\Users\karen whatever1\Desktop\w2.JPG
[2013/03/12 22:33:09 | 000,016,917 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Co-Founder Equity Calculator.htm
[2013/03/12 14:22:08 | 000,332,436 | ---- | C] () -- C:\Users\karen whatever1\Desktop\CreditCheck® Total.htm
[2013/03/12 01:58:07 | 000,134,524 | ---- | C] () -- C:\Users\karen whatever1\Desktop\cc_20130312_015758.reg
[2013/03/11 15:35:59 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/10 14:33:50 | 000,003,197 | ---- | C] () -- C:\Users\karen whatever1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google.lnk
[2013/03/10 14:33:50 | 000,002,802 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Google.lnk
[2013/03/10 02:16:43 | 000,001,354 | ---- | C] () -- C:\Users\karen whatever1\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/03/10 02:16:43 | 000,001,330 | ---- | C] () -- C:\Users\karen whatever1\Desktop\Spybot - Search & Destroy.lnk
[2013/03/06 11:26:04 | 000,583,576 | ---- | C] () -- C:\Users\karen whatever1\Desktop\cbsidlm-tr1_11-Paycheck_Stub_Templates-SEO-75758618.exe
[2012/11/19 23:43:40 | 000,220,508 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/11/19 23:43:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/11/04 10:18:15 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/11/04 10:18:15 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/08/25 16:12:14 | 000,000,238 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2012/06/01 22:48:59 | 000,113,884 | ---- | C] () -- C:\Users\karen whatever1\authroot.stl
[2012/05/30 00:45:38 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/03/28 18:59:31 | 000,006,560 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/23 20:35:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/24 15:18:04 | 004,794,880 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/01/23 21:13:51 | 000,000,000 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\{870D7FA4-C1F0-4325-8434-5D6DB7AB3B0D}
[2012/01/23 14:40:07 | 000,000,400 | ---- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/11/08 19:08:38 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2011/09/28 15:27:59 | 000,099,384 | ---- | C] () -- C:\Users\karen whatever1\AppData\Roaming\inst.exe
[2011/09/28 15:27:59 | 000,007,859 | ---- | C] () -- C:\Users\karen whatever1\AppData\Roaming\pcouffin.cat
[2011/09/28 15:27:59 | 000,001,167 | ---- | C] () -- C:\Users\karen whatever1\AppData\Roaming\pcouffin.inf
[2011/09/28 15:08:33 | 000,001,057 | ---- | C] () -- C:\Users\karen whatever1\AppData\Roaming\vso_ts_preview.xml
[2011/09/28 02:35:24 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2011/09/27 23:10:26 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2011/09/27 23:05:37 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTICDMK7.dll
[2011/09/27 23:04:48 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIMPEG2.dll
[2011/09/27 23:04:48 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIMP3.dll
[2011/09/27 23:04:48 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIFCD3.dll
[2011/09/18 21:40:43 | 000,008,192 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 22:55:37 | 000,000,000 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\{DBBB5E03-49A2-465B-B962-5DC67960AA40}
[2011/07/29 05:56:39 | 000,000,000 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\{3CF5FF57-F319-444E-AACC-715998C2B48A}
[2011/07/29 05:55:03 | 000,000,000 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\{D76FFBDB-6117-4987-81CA-561EF878D722}
[2011/07/12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/27 03:59:55 | 000,000,220 | -HS- | C] () -- C:\Windows\dwin.sys
[2011/04/25 20:14:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/04/25 20:14:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/04/25 20:14:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/04/25 20:14:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011/04/25 11:07:59 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/25 11:07:59 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/28 22:41:56 | 000,181,760 | ---- | C] () -- C:\Users\karen whatever1\01018452.mpt
[2010/10/09 22:36:36 | 000,007,601 | ---- | C] () -- C:\Users\karen whatever1\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/12/09 00:32:12 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Ashampoo
[2011/10/10 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\BenjaminMoore.PCV3.USEN.DA6CDF681F87B6FCFCE07B9D05DADF40E81244E5.1
[2012/03/14 00:51:57 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
[2012/06/07 22:28:10 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Blender Foundation
[2012/04/12 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Charles
[2011/01/02 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1
[2013/03/22 12:33:21 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Downloaded Installations
[2010/10/13 20:05:09 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\DriverCure
[2010/12/19 18:43:54 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Easeware
[2011/03/03 03:55:08 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\eTeks
[2012/03/23 01:08:22 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Firestorm
[2012/02/23 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\FLV Extract
[2012/02/04 02:27:03 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\FreeAudioPack
[2012/02/22 01:34:38 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\FreeBurner
[2012/02/21 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\FreeCDRipper
[2013/01/27 17:09:04 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Gamers Unite! Snag Bar
[2010/10/24 14:48:48 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\HamsterSoft
[2011/01/20 18:57:00 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\IMSIDesign
[2010/10/22 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\iolo
[2011/01/16 22:19:47 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Netgear Live Parental Controls
[2013/03/09 22:56:59 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Nitro PDF
[2012/05/14 03:30:11 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Opera
[2011/12/17 13:08:47 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\PamFax Office Integrations
[2011/11/29 02:34:07 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\PamFaxOutlookAddIn2010
[2012/06/10 21:49:25 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\ParetoLogic
[2011/01/29 18:07:13 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Philipp Winterberg
[2013/03/24 01:36:00 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\player
[2013/03/17 21:49:11 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\QuickScan
[2011/04/08 23:36:34 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\RadarSync
[2012/01/08 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Samsung
[2011/11/21 22:44:02 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Scendix Software
[2010/09/03 01:30:16 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\SecondLife
[2012/04/19 17:59:10 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Sierra Wireless
[2010/12/27 21:21:07 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\SmartDraw
[2011/11/21 22:43:50 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Softland
[2013/02/07 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Soluto
[2013/04/01 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\tixati
[2011/01/29 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\VS Revo Group
[2013/04/01 01:10:14 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Vso
[2012/01/24 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\VSRevoGroup
[2012/01/26 23:53:24 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Win7codecs
[2012/01/13 03:28:23 | 000,000,000 | ---D | M] -- C:\Users\karen whatever1\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D2C8DFF8

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

If you have already run a scan you can skip it and go on to the next.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.





Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i am posting what I have done tonight. ill do remaining scans in am. thank you so much.

C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip Win32/Bagle.gen.zip worm
C:\Users\karen whatever1\Downloads\Need_for_Speed_Most_Wanted_XBOX360-STRANGE.exe Win32/Adware.1ClickDownload.W application

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f2285555e8070c44b43b6ac4ad53a4b3
# engine=13577
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-09 05:58:31
# local_time=2013-04-08 10:58:31 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26002370 117030561 0 0
# scanned=235676
# found=3
# cleaned=0
# scan_time=20795
sh=DB1C37D04E0AB7ABD610B70A0B027A8912543D37 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip"
sh=DB1C37D04E0AB7ABD610B70A0B027A8912543D37 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\BarowwsoeSave6.zip"
sh=5E560B626A30292E21B76C686B941C4E827C2EFE ft=1 fh=fdaa542244c69e91 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\karen whatever1\Downloads\Need_for_Speed_Most_Wanted_XBOX360-STRANGE.exe"


QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Mon Apr 08 23:09:39 2013
Machine ID: EA320253



No infection found.
-------------------



Processes
---------
(unsigned) TeaTimer.exe 3804 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(verified) DefaultSettingEXE Application 3692 C:\Windows\PLFSetI.exe
(verified) Google Chrome 408 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 1524 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2312 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3636 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4216 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) InstallShield ® 1960 C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
(verified) Microsoft® Windows® Operating System 4512 C:\Windows\SysWOW64\dllhost.exe
(verified) Microsoft® Windows® Operating System 2324 C:\Windows\SysWOW64\perfhost.exe
(verified) Microsoft® Windows® Operating System 1900 C:\Windows\SysWOW64\svchost.exe
(verified) RAID Monitor 3352 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(verified) Spybot - Search & Destroy 3504 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(verified) SpybotSD.exe 4836 C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
(verified) Windows® Internet Explorer 2688 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 37.59.67.149
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 37.59.67.149
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 37.59.67.149
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 66.235.142.14
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 173.194.33.4
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 173.194.33.4
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 64.94.107.49
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 2.19.143.139
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 173.194.33.26
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 173.194.33.25
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 74.125.28.106
Process iexplore.exe (2688) connected on port 80 (HTTP) --> 66.235.142.14



Autoruns and critical files
---------------------------
(unsigned) TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(unsigned) Update Application C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\karen whatever1\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) PC Health Advisor C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
(verified) RealNetworks Installer (32-bit) C:\Users\karen whatever1\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe


Browser plugins
---------------
(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) RealJukebox NS Plugin c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
(unsigned) RealNetworks™ Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
(unsigned) RealPlayer Version Plugin c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
(unsigned) RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) BrowserPlus (from Yahoo!) v2.9.8 C:\Users\karen whatever1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
(verified) DivX Plus Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
(verified) DivX VOD Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
(verified) Google Talk Plugin C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Talk Plugin Video Renderer C:\Users\karen whatever1\AppData\Roaming\Mozilla\plugins\npo1d.dll
(verified) Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
(verified) Google Update C:\Users\karen whatever1\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
(verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
(verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
(verified) Java Deployment Toolkit 7.0.170.2 C:\Windows\SysWOW64\npDeployJava1.dll
(verified) Java™ Platform SE 7 U17 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
(verified) Java™ Platform SE 7 U17 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
(verified) Java™ Platform SE 7 U17 c:\program files (x86)\java\jre7\bin\ssv.dll
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Nitro PDF Plug-In C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32_11_6_602_180.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
(verified) sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
(verified) Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll


Scan
----
MD5: f98d0295aa90cf67341886b1b23af732 C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
MD5: 1c82bfa19154d658e62743b98216a3a6 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 590520edf6f92ca360792c8529fcb0f8 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: ba6bf673832b3212aac8426a344ae972 c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
MD5: 8c5463bbf6451367eea8c0f6947645cb c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MD5: bca25a87ad78fedac5c5abd92db3becd C:\Program Files\Soluto\SolutoRemoteService.exe
MD5: 92e874667621a2a475fc8ea91dd763a2 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 94a6e06bf6531d623fe30a7c38e65f61 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 4676a8e1ee37e71486717ecd1e61c17b C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 38a0be38eb53510ab425e33ea0847ad6 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_6_602_180.ocx


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.00 MB sent, 0.04 KB recvd
Scanned 401 files and modules - 6 seconds


--- Search result list ---
ilivid.Toolbar: [SBI $AD51DBF4] Program directory (Directory, nothing done)
C:\Users\karen whatever1\AppData\LocalLow\DataMngr\

ilivid.Toolbar: [SBI $72236153] Link (File, nothing done)
C:\Users\karen whatever1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
Properties.size=1058
Properties.md5=F761206E360789AA57DCC2893C9D9AD3
Properties.filedate=1364971718
Properties.filedatetext=2013-04-02 23:48:37

SpySheriff: [SBI $9302253C] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn

Barowwsoe2Save: [SBI $ACCD80B7] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Barowwsoe2Save: [SBI $ACCD80B7] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Barowwsoe2Save: [SBI $092123B5] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Barowwsoe2Save: [SBI $092123B5] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-03-10 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-12-17 Includes\Adware.sbi (*)
2013-04-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-03-26 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-04-03 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-03-25 Includes\TrojansC-02.sbi (*)
2013-04-03 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-02-28 Includes\TrojansC-05.sbi (*)
2013-03-26 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Browsing Protection (DISABLED)
command: "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
file: C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA

Located: HK_LM:Run, NPSStartup (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-382808121-4162746689-1787036098-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887



--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 9/20/2009 1:15:26 PM
Date (last access): 12/31/2012 4:56:20 PM
Date (last write): 9/20/2009 1:15:26 PM
Filesize: 328248
Attributes: archive
MD5: C05A0B625DFE1F6D25E5430746A180D1
CRC32: 4F156357
Version: 131.1.35898.0

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 9/23/2012 9:43:36 PM
Date (last access): 12/31/2012 8:59:22 PM
Date (last write): 9/23/2012 9:43:36 PM
Filesize: 60568
Attributes: archive
MD5: F9616D202B0124D373D2D82A4AA66B1D
CRC32: 6A203B7B
Version: 11.0.0.379

{3049C3E9-B461-4BC5-8870-4C09146192CA} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{3D8C4102-F73D-4fb2-96A1-264BF5D98DB6} (AP Layers)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AP Layers

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~1\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 1/21/2010 6:51:12 PM
Date (last access): 1/28/2011 3:23:52 PM
Date (last write): 1/21/2010 6:51:12 PM
Filesize: 4222864
Attributes: archive
MD5: 86D177F43030F61A8610259A2E8F07FE
CRC32: 76B314D0
Version: 14.0.4734.1000

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files (x86)\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 3/15/2012 9:35:56 PM
Date (last access): 3/15/2012 9:35:56 PM
Date (last write): 1/9/2013 9:23:40 PM
Filesize: 192144
Attributes: archive
MD5: B9497C5ACAEA521663BFFBB321DD3AFA
CRC32: 4D49531B
Version: 7.4.3607.2246

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~1\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 1/16/2010 9:59:00 AM
Date (last access): 1/28/2011 3:23:56 PM
Date (last write): 1/16/2010 9:59:00 AM
Filesize: 561552
Attributes: archive
MD5: 2AE50EAB7F4EFC00D3133D806457E3FA
CRC32: 1FEF5D17
Version: 14.0.4732.1000

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/10/2013 1:06:38 PM
Date (last access): 3/10/2013 1:06:38 PM
Date (last write): 3/10/2013 1:06:38 PM
Filesize: 170912
Attributes: archive
MD5: 27861540F6A834218C9ED6E2FE75E32B
CRC32: F1C125FC
Version: 10.17.2.2

{F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 9/20/2009 1:15:26 PM
Date (last access): 12/31/2012 4:56:18 PM
Date (last write): 9/20/2009 1:15:26 PM
Filesize: 509496
Attributes: archive
MD5: 67A7E5DACA78544C826B16CD8C816A5C
CRC32: 2EEE8ABA
Version: 131.1.35898.0



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name:
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/10/2013 1:06:38 PM
Date (last access): 3/10/2013 1:06:38 PM
Date (last write): 3/10/2013 1:06:38 PM
Filesize: 197024
Attributes: archive
MD5: 998432769728DDF30ECB104CBE6C5DC1
CRC32: F7824314
Version: 10.17.2.2

{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_32
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/10/2013 1:06:38 PM
Date (last access): 3/10/2013 1:06:38 PM
Date (last write): 3/10/2013 1:06:38 PM
Filesize: 197024
Attributes: archive
MD5: 998432769728DDF30ECB104CBE6C5DC1
CRC32: F7824314
Version: 10.17.2.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 10.17.2
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre7\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/10/2013 1:06:38 PM
Date (last access): 3/10/2013 1:06:38 PM
Date (last write): 3/10/2013 1:06:38 PM
Filesize: 197024
Attributes: archive
MD5: 998432769728DDF30ECB104CBE6C5DC1
CRC32: F7824314
Version: 10.17.2.2

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.ad...Plus/1.6/gp.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 3692 (2936) C:\Windows\PLFSetI.exe
size: 200704
MD5: 2F2DF068BED6E62E4C007DF7446B4F19
PID: 3804 (2936) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 4512 ( 768) C:\Windows\SysWOW64\DllHost.exe
size: 7168
MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID: 4836 (2936) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 356 ( 4) smss.exe
PID: 476 ( 428) csrss.exe
PID: 528 ( 428) wininit.exe
size: 96256
PID: 536 ( 520) csrss.exe
PID: 592 ( 520) winlogon.exe
PID: 620 ( 528) services.exe
PID: 640 ( 528) lsass.exe
PID: 648 ( 528) lsm.exe
PID: 768 ( 620) svchost.exe
size: 20992
PID: 832 ( 620) PresentationFontCache.exe
PID: 876 ( 620) svchost.exe
size: 20992
PID: 920 ( 620) MsMpEng.exe
PID: 488 ( 620) svchost.exe
size: 20992
PID: 608 ( 620) svchost.exe
size: 20992
PID: 988 ( 620) svchost.exe
size: 20992
PID: 1048 ( 620) svchost.exe
size: 20992
PID: 1128 ( 620) svchost.exe
size: 20992
PID: 1168 ( 620) svchost.exe
size: 20992
PID: 1252 ( 620) svchost.exe
size: 20992
PID: 1528 ( 620) svchost.exe
size: 20992
PID: 1620 ( 620) spoolsv.exe
PID: 2024 ( 620) alg.exe
PID: 1092 ( 620) aspnet_state.exe
PID: 1440 ( 620) svchost.exe
size: 20992
PID: 1328 ( 620) svchost.exe
size: 20992
PID: 1900 ( 620) svchost.exe
size: 20992
PID: 1960 ( 620) IDriverT.exe
PID: 2136 ( 620) svchost.exe
size: 20992
PID: 2172 ( 620) msdtc.exe
PID: 2240 ( 620) svchost.exe
size: 20992
PID: 2284 ( 620) svchost.exe
size: 20992
PID: 2324 ( 620) perfhost.exe
size: 20992
PID: 2372 ( 620) Locator.exe
PID: 2404 ( 620) svchost.exe
size: 20992
PID: 2444 ( 620) TCPSVCS.EXE
size: 9216
PID: 2476 ( 620) SolutoLauncherService.exe
PID: 2500 ( 620) SolutoService.exe
PID: 2808 ( 620) C:\Windows\System32\taskhost.exe
PID: 2904 ( 608) C:\Windows\System32\dwm.exe
PID: 2936 (2888) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 3032 ( 620) svchost.exe
size: 20992
PID: 3056 ( 620) svchost.exe
size: 20992
PID: 2212 ( 620) vds.exe
PID: 2728 ( 620) svchost.exe
size: 20992
PID: 3164 ( 620) svchost.exe
size: 20992
PID: 3252 ( 620) SMSvcHost.exe
PID: 3504 ( 620) SDWinSec.exe
PID: 3680 (2936) C:\Windows\System32\igfxpers.exe
PID: 3732 ( 768) C:\Windows\System32\igfxsrvc.exe
PID: 3772 (2936) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
size: 221728
MD5: 62020712B5D86CCBF66EA23F16E709E2
PID: 3788 (2936) C:\Program Files\Soluto\Soluto.exe
size: 1229280
MD5: DF8DD27A5195C80F9AB6944FA811CE3D
PID: 3824 ( 768) C:\Windows\System32\wbem\unsecapp.exe
PID: 3876 ( 768) WmiPrvSE.exe
PID: 4076 ( 620) NisSrv.exe
PID: 392 ( 620) SearchIndexer.exe
size: 427520
PID: 4424 ( 768) dllhost.exe
size: 7168
PID: 3352 ( 620) IAANTmon.exe
PID: 4496 ( 620) svchost.exe
size: 20992
PID: 4600 ( 620) snmptrap.exe
PID: 776 ( 620) UI0Detect.exe
PID: 4656 ( 620) WmiApSrv.exe
PID: 3748 ( 768) dllhost.exe
size: 7168
PID: 2304 ( 488) audiodg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/8/2013 4:23:01 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Preserve
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://searchou.com/...f4-001f1699175e
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft..../?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com


--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



--- Uninstall list ---
(Ad-Aware Browsing Protection)
install location: C:\ProgramData\Ad-Aware Browsing Protection
uninstall cmd: C:\ProgramData\Ad-Aware Browsing Protection\uninstall.exe
publisher: Lavasoft

(AddressBook)

Adobe AIR 3.3.0.3560 (Adobe AIR)
version (major): 3
version (minor): 3
install location: c:\Program Files (x86)\Common Files\Adobe AIR\
uninstall cmd: c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
publisher: Adobe Systems Incorporated

Adobe Flash Player 11 ActiveX 11.6.602.180 (Adobe Flash Player ActiveX)
version (major): 11
version (minor): 6
estimated size: 6144
uninstall cmd: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -maintain activex
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/

Adobe Flash Player 11 Plugin 11.6.602.180 (Adobe Flash Player Plugin)
version (major): 11
version (minor): 6
estimated size: 6144
uninstall cmd: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -maintain plugin
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/

Adobe Photoshop 6.0 6.0 (Adobe Photoshop 6.0)
version (major): 6
install location: C:\Program Files (x86)\Adobe\Photoshop 6.0
install source: D:\Adobe Photoshop 6\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 6.0\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe Shockwave Player 11.6 11.6.4.634 (Adobe Shockwave Player)
version (major): 11
version (minor): 1
install location: C:\Windows\system32\Adobe
uninstall cmd: "C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

Belarc Advisor 8.1 (Belarc Advisor)
uninstall cmd: "C:\PROGRA~2\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG"

(Connection Manager)

(DirectDrawEx)

DivX Setup 2.6.1.8 (DivX Setup)
install location: C:\ProgramData\DivX\Setup
uninstall cmd: C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
publisher: DivX, LLC

Firestorm-Release (remove only) (Firestorm-Release)
uninstall cmd: "C:\Program Files (x86)\Firestorm-Release\uninst.exe"

(Fontcore)

Free Mp3 Wma Converter V 2.2 2.2.0.0 (Free Mp3 Wma Converter_is1)
estimated size: 39012
install date: 20120204
install location: C:\Program Files (x86)\Free mp3 Wma Converter\
uninstall cmd: "C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe"
publisher: Koyote Soft
help link: http://www.koyotesoft.com/indexEn.html

Free RAR Extract Frog 2.50 (Free RAR Extract Frog)
uninstall cmd: C:\Program Files (x86)\Free RAR Extract Frog\uninstall.exe
publisher: Philipp Winterberg
comments: Easy usage and a very small footprint makes Free RAR Extract Frog one of the best bargains on the Web... (ehow.com)
help link: http://www.free-rar-...ct_frog_faq.php
readme: C:\Program Files (x86)\Free RAR Extract Frog\ReadMe.txt

Google Chrome 26.0.1410.43 (Google Chrome)
version (major): 1410
version (minor): 43
install date: 20121105
install location: C:\Program Files (x86)\Google\Chrome\Application
uninstall cmd: "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
publisher: Google Inc.

Graboid Video 3.58 3.58 (Graboid Video)
uninstall cmd: C:\Program Files (x86)\Graboid\uninst.exe
publisher: Graboid Inc.

(HP Smart Web Printing)
help link: www.HP.com/support

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

NTI CD & DVD-Maker 7 Platinum 7.7.0.11 (InstallShield_{ADCC857B-9A9E-411F-A441-8FDCD120043A})
version: 117899264
version (major): 7
version (minor): 7
estimated size: 36547
install date: 20110927
install location: C:\Program Files (x86)\NewTech Infosystems\NTI CD & DVD-Maker 7\
install source: C:\Users\KARENW~1\AppData\Local\Temp\_is96C8\
uninstall cmd: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ADCC857B-9A9E-411F-A441-8FDCD120043A} CDM7
publisher: NewTech Infosystems
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505

Malwarebytes Anti-Malware version 1.70.0.1100 1.70.0.1100 (Malwarebytes' Anti-Malware_is1)
estimated size: 18895
install date: 20130306
install location: C:\Program Files (x86)\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation

(MobileOptionPack)

Network Play System (Patching) (Network Play System (Patching))
uninstall cmd: C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Electronic Arts\Network Play System\NPSPatch.isu"

NirSoft BlueScreenView (NirSoft BlueScreenView)
install location: C:\Program Files (x86)\NirSoft\BlueScreenView
uninstall cmd: "C:\Program Files (x86)\NirSoft\BlueScreenView\uninst.exe"

2.5 (NTI Digital Flix 2.5_is1)
publisher: NTI

PowerISO 4.6 (PowerISO)
install location: C:\Program Files (x86)\PowerISO
uninstall cmd: "C:\Program Files (x86)\PowerISO\uninstall.exe"
publisher: PowerISO Computing, Inc.

(RealPlayer 12.0)

RealPlayer (RealPlayer 15.0)
install location: c:\program files (x86)\real\realplayer\realplay.exe
uninstall cmd: c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
publisher: RealNetworks
comments: Play, Save, and Organize your music and videos, Burn a CD, or simply take your music with you.
contact: RealNetworks

Revo Uninstaller 1.93 1.93 (Revo Uninstaller)
install location: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller
uninstall cmd: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
publisher: VS Revo Group
comments: Thank you for choosing Revo Uninstaller!
help link: http://www.revouninstaller.com

(SchedulingAgent)

SecondLifeViewer (remove only) (SecondLifeViewer)
uninstall cmd: "C:\Program Files (x86)\SecondLifeViewer\uninst.exe"

(SP_008a99b9)
install date: 20120323
uninstall cmd: "C:\Program Files (x86)\MagniPic\uninstall.exe" /FULLPATH="C:\Program Files (x86)\MagniPic"

Tixati (tixati)
uninstall cmd: C:\Program Files (x86)\tixati\uninstall.exe

TurboTax 2009 (TurboTax 2009)
uninstall cmd: C:\Program Files (x86)\TurboTax\Premier 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
publisher: Intuit, Inc

Ultimate Media Player 2011.6.0.0 (Ultimate Media Player)
version (major): 2011
version (minor): 6
install location: C:\Program Files\Ultimate Media Player
uninstall cmd: "C:\ProgramData\{065E61A5-8EBF-4FD0-B4F4-9E3DC8089AD0}\UMPSetup.exe" REMOVE=TRUE MODIFY=FALSE
publisher: Ultimate Software, LLC
comments: All rights reserved
contact: Ultimate Software, LLC
help link: http://www.ultimatemediaplayer.net/

(WIC)

Windows Live Essentials 15.4.3508.1109 (WinLiveSuite)
install location: C:\Program Files (x86)\Windows Live\
uninstall cmd: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
publisher: Microsoft Corporation

Microsoft Research Mesh Virtual WIFI 1.0.000 ({034A32D5-699E-4AED-A2EB-2CCB6E7F37F1})
version: 16777216
version (major): 1
estimated size: 23436
install date: 20120420
install source: C:\Users\karen whatever1\Downloads\
uninstall cmd: MsiExec.exe /I{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}
publisher: Microsoft Research
comments: Microsoft Research Installation Project
contact: Microsoft
help link: http://research.microsoft.com

({037524F1-D279-4FD5-A5DE-19B241F4ED4E})
uninstall cmd: C:\ProgramData\{065E61A5-8EBF-4FD0-B4F4-9E3DC8089AD0}\UMPSetup.exe

Windows Live Installer 15.4.3502.0922 ({0B0F231F-CE6A-483D-AA23-77B364F75917})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 10300
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a8c4dc511cc16d704\
uninstall cmd: MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
publisher: Microsoft Corporation

Status 130.0.469.000 ({0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC})
version (major): 130
estimated size: 7989
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\status\
publisher: Hewlett-Packard

Scan 13.0.0.0 ({0F367CA3-3B2F-43F9-A44A-25A8EE69E45D})
version: 218103808
version (major): 13
estimated size: 14064
install date: 20120524
install source: D:\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

AIO_Scan 130.0.421.000 ({104066F4-5897-4067-85D3-4C88B67CCF75})
version (major): 130
estimated size: 9690
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\AIO_scan\
publisher: Hewlett-Packard

MarketResearch 130.0.374.000 ({175F0111-2968-4935-8F70-33108C6A4DE3})
version (major): 130
estimated size: 3251
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\MarketResearch\
publisher: Hewlett-Packard

Google Toolbar for Internet Explorer 1.0.0 ({18455581-E099-4BA8-BC6B-F34B2F06600C})
version: 16777216
version (major): 1
estimated size: 29
install date: 20120315
install location: C:\Program Files (x86)\Google\Installers\
install source: C:\Program Files (x86)\Google\Google Toolbar\
uninstall cmd: MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
publisher: Google Inc.

Windows Live Movie Maker 15.4.3502.0922 ({19BA08F7-C728-469C-8A35-BFBD3633BE08})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 172
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\e666ed051cc174e40\
uninstall cmd: MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
publisher: Microsoft Corporation

TrayApp 130.0.422.000 ({1EC71BFB-01A3-4239-B6AF-B1AE656B15C0})
version (major): 130
estimated size: 1257
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\TrayApp\
publisher: Hewlett-Packard

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 ({1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
version: 151025673
version (major): 9
estimated size: 596
install date: 20100901
install source: c:\7ef3bd0b9f0b51a87ac60e0a8e6fb3\
uninstall cmd: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
publisher: Microsoft Corporation

Junk Mail filter update 15.4.3502.0922 ({1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 3512
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\392f0dc61cc16d81b\
uninstall cmd: MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
publisher: Microsoft Corporation

Windows Live SOXE Definitions 15.4.3502.0922 ({200FEC62-3C34-4D60-9CE8-EC372E01C08F})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 104
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d6705b121cc16d70a\
uninstall cmd: MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
publisher: Microsoft Corporation

Google Toolbar for Internet Explorer 7.4.3607.2246 ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
install location: C:\Program Files (x86)\Google\Google Toolbar\
uninstall cmd: "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe" /uninstall
publisher: Google Inc.

Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 1054877
install date: 20100909
install location: C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\
install source: D:\Adobe® Photoshop® CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

({26A24AE4-039D-4CA4-87B4-2F83216023FB})

({26A24AE4-039D-4CA4-87B4-2F83216024FB})

({26A24AE4-039D-4CA4-87B4-2F83216026FB})

({26A24AE4-039D-4CA4-87B4-2F83216029FB})

Java™ 6 Update 32 6.0.320 ({26A24AE4-039D-4CA4-87B4-2F83216032FF})
version: 100663616
version (major): 6
estimated size: 97999
install date: 20120503
install location: C:\Program Files (x86)\Java\jre6\
install source: C:\Users\karen whatever1\AppData\LocalLow\Sun\Java\jre1.6.0_32\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216032FF}
publisher: Oracle
contact: http://java.com
help link: http://java.com
readme: C:\Program Files (x86)\Java\jre6\README.txt

({26A24AE4-039D-4CA4-87B4-2F83217011FB})

Java 7 Update 17 7.0.170 ({26A24AE4-039D-4CA4-87B4-2F83217017FF})
version: 117440682
version (major): 7
estimated size: 132159
install date: 20130310
install location: C:\Program Files (x86)\Java\jre7\
install source: C:\Users\karen whatever1\AppData\LocalLow\Sun\Java\jre1.7.0_17\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF}
publisher: Oracle
contact: http://java.com
help link: http://java.com
readme: C:\Program Files (x86)\Java\jre7\README.txt

Atheros WLAN and Bluetooth Client Installation Program 9.0 ({28006915-2739-4EBE-B5E8-49B25D32EB33})
version: 150994944
install date: 20120620
install location: C:\Program Files (x86)\Atheros
install source: C:\Users\karen whatever1\AppData\Local\Temp\Temp1_Atheros AR5B91 Wireless Network Adapter cd9fe37dc93f08fe58d770d323dd96cc.zip\Install_CD\
uninstall cmd: C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Atheros

RealUpgrade 1.1 1.1.0 ({28C2DED6-325B-4CC7-983A-1777C8F7FBAB})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1618
install date: 20120315
install source: C:\Users\NEWUSE~1\AppData\Local\Temp\~rnsetup\UPGRADE\
uninstall cmd: MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
publisher: RealNetworks, Inc.

Windows Live Mesh ActiveX Control for Remote Connections 15.4.5722.2 ({2902F983-B4C1-44BA-B85D-5C6D52E2C441})
version: 251926106
version (major): 15
version (minor): 4
estimated size: 5708
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\f49189801cc174e44\
uninstall cmd: MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
publisher: Microsoft Corporation

Toolbox 140.0.428.000 ({292F0F52-B62D-4E71-921B-89A682402201})
version (major): 140
estimated size: 6886
install date: 20120605
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS52D4\setup\Toolbox\
publisher: Hewlett-Packard

BufferChm 130.0.331.000 ({2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C})
version (major): 130
estimated size: 4395
install date: 20120524
install source: D:\setup\BufferChm\
publisher: Hewlett-Packard

DeviceDiscovery 130.0.465.000 ({2FF8C687-DB7D-4adc-A5DC-57983EC25046})
version (major): 130
estimated size: 1080
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\DeviceDiscovery\
publisher: Hewlett-Packard

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver 1.0.0.33 ({3108C217-BE83-42E4-AE9E-A56A2A92E549})
version: 16777216
install date: 20120908
install location: C:\Program Files (x86)\Atheros Communications Inc.\Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
install source: C:\Users\karen whatever1\Downloads\Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 37a91f185d2ae0c06b9029f1d759be92\Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 37a91f185d2ae0c06b9029f1d759be92\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Atheros Communications Inc.

Windows Live Photo Gallery 15.4.3502.0922 ({3336F667-9049-4D46-98B6-4C743EEBC5B1})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 46992
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\9003586f1cc16d82a\
uninstall cmd: MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
publisher: Microsoft Corporation

Windows Live Photo Gallery 15.4.3502.0922 ({34F4D9A4-42C2-4348-BEF4-E553C84549E7})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 6180
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\a0bbd54c1cc16d82c\
uninstall cmd: MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
publisher: Microsoft Corporation

TurboTax 2009 wcaiper 009.000.1050 ({360EDFB0-EAA2-012B-AD16-000000000000})
version: 150995994
version (major): 9
estimated size: 17764
install date: 20110609
install location: C:\Program Files (x86)\TurboTax\Premier 2009\
install source: C:\ProgramData\Intuit\Common\Update Service\v2\Data\38975f50eaa2012badb4000000000000\C\C-wcaiper\009.000.1050_msi\v1\F\
uninstall cmd: MsiExec.exe /I{360EDFB0-EAA2-012B-AD16-000000000000}
publisher: Intuit Inc.

TurboTax 2009 WinPerFedFormset 009.000.2881 ({3881DB80-EAA2-012B-ADAE-000000000000})
version: 150997825
version (major): 9
estimated size: 100784
install date: 20110415
install location: C:\Program Files (x86)\TurboTax\Premier 2009\
install source: C:\Users\karen whatever1\AppData\Local\Temp\ckz_O1GD\TurboTax 2009\MSI\
uninstall cmd: MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
publisher: Intuit Inc.

TurboTax 2009 WinPerReleaseEngine 009.000.0328 ({38975F50-EAA2-012B-ADB4-000000000000})
version: 150995272
version (major): 9
estimated size: 57599
install date: 20110415
install location: C:\Program Files (x86)\TurboTax\Premier 2009\
install source: C:\Users\karen whatever1\AppData\Local\Temp\ckz_O1GD\TurboTax 2009\MSI\
uninstall cmd: MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
publisher: Intuit Inc.

TurboTax 2009 WinPerTaxSupport 009.000.0245 ({38A34630-EAA2-012B-ADB6-000000000000})
version: 150995189
version (major): 9
estimated size: 12969
install date: 20110415
install location: C:\Program Files (x86)\TurboTax\Premier 2009\
install source: C:\Users\karen whatever1\AppData\Local\Temp\ckz_O1GD\TurboTax 2009\MSI\
uninstall cmd: MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
publisher: Intuit Inc.

TurboTax 2009 wrapper 009.000.0145 ({3C5A81D0-EAA2-012B-AE9F-000000000000})
version: 150995089
version (major): 9
estimated size: 4233
install date: 20110415
install location: C:\Program Files (x86)\TurboTax\Premier 2009\
install source: C:\Users\karen whatever1\AppData\Local\Temp\ckz_O1GD\TurboTax 2009\MSI\
uninstall cmd: MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
publisher: Intuit Inc.

Copy 130.0.428.000 ({3C92B2E6-380D-4fef-B4DF-4A3B4B669771})
version (major): 130
estimated size: 2154
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\Copy\
publisher: Hewlett-Packard

ParetoLogic PC Health Advisor 3.1.3.0 ({3CBF3EBB-235D-4c29-A68B-2BB1F428586E})
version (major): 3
version (minor): 1
install location: C:\Program Files (x86)\ParetoLogic\PCHA
uninstall cmd: C:\Program Files (x86)\ParetoLogic\PCHA\uninstall.exe
publisher: ParetoLogic, Inc.

Acer PowerSmart Manager 4.07.3008 ({3DB0448D-AD82-4923-B305-D001E521A964})
version: 67570624
install date: 20100902
install location: C:\Program Files\Acer\Acer PowerSmart Manager
install source: C:\Users\karen whatever1\AppData\Local\Temp\Temp1_PowerSmart Manager_Acer_4.07.3008_W7x64W7x86_A.zip\PowerSmart_acer_4.07.3008_Win7x86x64\Power_Management_Utility_v4.07.3008_20091002_1627_signed.exe
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Acer Incorporated
comments: Acer PowerSmart Manager
contact: http://www.acer.com
help link: http://www.acer.com

WebReg 130.0.132.017 ({43CDF946-F5D9-4292-B006-BA0D92013021})
version (major): 130
estimated size: 1542
install date: 20120524
install source: D:\setup\WebReg\
publisher: Hewlett-Packard

Fax 130.0.418.000 ({440B915A-0C85-45DB-92AE-75AE14704A64})
version (major): 130
estimated size: 22334
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\Fax\
publisher: Hewlett-Packard

Java Auto Updater 2.1.9.0 ({4A03706F-666A-4037-7777-5F2748764D10})
version: 33619977
version (major): 2
version (minor): 1
estimated size: 1202
install date: 20121202
install source: C:\Users\karen whatever1\AppData\LocalLow\Sun\Java\AU\
publisher: Sun Microsystems, Inc.

SolutionCenter 130.0.373.000 ({4A70EF07-7F88-4434-BB61-D1DE8AE93DD4})
version (major): 130
estimated size: 13488
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\SolutionCenter\
publisher: Hewlett-Packard

UnloadSupport 11.0.0 ({4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35})
version: 184549376
version (major): 11
estimated size: 3334
install date: 20121104
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS3C62\setup\UnloadSupport\
publisher: Hewlett-Packard

NVIDIA GAME System Software 2.8.1 2.8.1 ({4F0C7CCF-5666-474B-B02E-AC514A95EC93})
version: 34078721
version (major): 2
version (minor): 8
estimated size: 10260
install date: 20110512
install source: C:\Program Files\Worldweaver\DX Studio Player\v3.2.68\
uninstall cmd: MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
publisher: NVIDIA Corporation

Messenger Companion 15.4.3502.0922 ({50816F92-1652-4A7C-B9BC-48F682742C4B})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 96
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d4c1371cc174f47\
uninstall cmd: MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
publisher: Microsoft Corporation

Windows Live UX Platform Language Pack 15.4.3508.1109 ({579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 28
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\9b4b1bde1cc16d703\
uninstall cmd: MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
publisher: Microsoft Corporation

bpd_scan 3.00.0000 ({5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021})
version: 50331648
version (major): 3
estimated size: 2150
install date: 20120524
install source: D:\setup\bpd_scan\
publisher: Hewlett-Packard

({5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1})

swMSM 12.0.0.1 ({612C34C7-5E90-47D8-9B5C-0F717DD82726})
version: 201326592
version (major): 12
estimated size: 2073
install date: 20120129
install location: C:\Windows\My Product Name\
install source: C:\Windows\SysWOW64\Adobe\Shockwave 11\
uninstall cmd: MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
publisher: Adobe Systems, Inc
comments: Adobe Shockwave Player Merge Module
contact: http://www.adobe.com
help link: http://www.adobe.com/support
help telephone: 1-800-833-6687

GPBaseService2 130.0.371.000 ({63FF21C9-A810-464F-B60A-3111747B1A6D})
version (major): 130
estimated size: 13592
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\GPBaseService2\
publisher: Hewlett-Packard

Adobe AIR 3.3.0.3560 ({65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 40343
install date: 20120516
install location: c:\Program Files (x86)\Common Files\Adobe AIR\
install source: c:\users\karenw~1\appdata\local\temp\airb37a.tmp\
uninstall cmd: MsiExec.exe /I{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}
publisher: Adobe Systems Incorporated

HPPhotoSmartDiscLabelContent1 2.04.0000 ({681B698F-C997-42C3-B184-B489C6CA24C9})
version: 33816576
version (major): 2
version (minor): 4
estimated size: 4365
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\hpphotosmartdisclabelcontent1\
publisher: Hewlett-Packard

Windows Live SOXE 15.4.3502.0922 ({682B3E4F-696A-42DE-A41C-4C07EA1678B4})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 292
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\da1554db1cc16d70b\
uninstall cmd: MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
publisher: Microsoft Corporation

Google Earth 7.0.2.8415 ({6F545E5E-4595-11E2-93B6-B8AC6F97B88E})
version: 117440514
version (major): 7
estimated size: 177706
install date: 20130226
install location: C:\Program Files (x86)\Google\Google Earth\
install source: C:\Users\karen whatever1\AppData\Local\Temp\._msige61\
uninstall cmd: MsiExec.exe /X{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}
publisher: Google

Microsoft Visual C++ 2005 Redistributable 8.0.61001 ({710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
version: 134278729
version (major): 8
estimated size: 300
install date: 20110615
install source: C:\Windows\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
publisher: Microsoft Corporation

({7110AE1B-CFB7-EF96-54FC-BF893A8C5895})

Acer Crystal Eye Webcam 5.2.7.1 ({7760D94E-B1B5-40A0-9AA0-ABF942108755})
version: 84017159
install date: 20121129
install location: C:\Program Files (x86)\Suyin Optronics Corp\Acer Crystal Eye Webcam
install source: C:\Users\karen whatever1\AppData\Local\Temp\Temp1_Camera_Suyin_5.2.7.1_W7x64W7x86_A.zip\WebCam(AP)_Suyin_v5.2.7.1_Win7x86x64\Setup.exe
uninstall cmd: C:\Program Files (x86)\InstallShield Installation Information\{7760D94E-B1B5-40A0-9AA0-ABF942108755}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Suyin Optronics Corp

RealNetworks - Microsoft Visual C++ 2008 Runtime 9.0 ({7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA})
version: 150994944
version (major): 9
estimated size: 1380
install date: 20120315
install source: C:\Users\NEWUSE~1\AppData\Local\Temp\~rnsetup\
uninstall cmd: MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
publisher: RealNetworks, Inc
comments: Copyright © Microsoft Corporation, All rights reserved.
contact: Microsoft Corporation

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20100909
install location: C:\Program Files (x86)\Adobe\Adobe Stock Photos\
install source: D:\Adobe® Photoshop® CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Apple Software Update 2.1.3.127 ({789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE})
version: 33619971
version (major): 2
version (minor): 1
estimated size: 2441
install date: 20121231
install location: C:\Program Files (x86)\Apple Software Update\
install source: C:\Users\KARENW~1\AppData\Local\Temp\E7A204~1\
uninstall cmd: MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Windows Live Messenger Companion Core 15.4.3502.0922 ({78A96B4C-A643-4D0F-98C2-A8E16A6669F9})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 5008
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d44d545d1cc174e3e\
uninstall cmd: MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
publisher: Microsoft Corporation

({7B63B2922B174135AFC0E1377DD81EC2})

Windows Live Messenger 15.4.3502.0922 ({80956555-A512-4190-9CAD-B000C36D6B6B})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 11432
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc410c91cc16d819\
uninstall cmd: MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
publisher: Microsoft Corporation

Windows Live PIMT Platform 15.4.3508.1109 ({83C292B7-38A5-440B-A731-07070E81A64F})
version: 251923892
version (major): 15
version (minor): 4
estimated size: 2112
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ed8470641cc16d710\
uninstall cmd: MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
publisher: Microsoft Corporation

HPDiagnosticAlert 1.00.0000 ({846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE})
version: 16777216
version (major): 1
estimated size: 421
install date: 20130228
install location: C:\Users\NEWUSE~1\AppData\Local\Temp\HPDiagnosticAlert\
install source: C:\Users\NEWUSE~1\AppData\Local\Temp\7zS6E44\
uninstall cmd: MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
publisher: Microsoft

MSXML 4.0 SP2 (KB954430) 4.20.9870.0 ({86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
version: 68429454
version (major): 4
version (minor): 20
estimated size: 1307
install date: 20110122
install source: c:\406c7fb3185d3114f4\
uninstall cmd: MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/954430

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 9.0.30729.5570 ({86CE85E6-DBAC-3FFD-B977-E4B79F83C909})
version: 151025673
version (major): 9
estimated size: 598
install date: 20110520
install source: c:\cbdec9731cd252b2de5d224e\
uninstall cmd: MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
publisher: Microsoft Corporation

Win7codecs 3.4.1 ({8C0CAA7A-3272-4991-A808-2C7559DE3409})
version: 50593793
version (major): 3
version (minor): 4
estimated size: 65628
install date: 20120126
install location: C:\Program Files (x86)\Win7codecs\
install source: C:\ProgramData\Win7codecs\{62F43F6F-177B-4F7F-89BA-1BEC62F9C7B7}\
publisher: Shark007
comments: TO UNINSTALL, go to the Help TAB of the Settings Application
contact: SHARK0~1|Shark007 Codecs
help telephone: xxx-xxx-xxxx

Mesh Runtime 15.4.5722.2 ({8C6D6116-B724-4810-8F2D-D047E6B7D68E})
version: 251926106
version (major): 15
version (minor): 4
estimated size: 14796
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\f725c3d71cc16d83b\
uninstall cmd: MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
publisher: Microsoft Corporation

MSVCRT 15.4.2862.0708 ({8DD46C6A-0056-4FEC-B70A-28BB16A1F11F})
version: 251923246
version (major): 15
version (minor): 4
estimated size: 4572
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\c4f9e29c1cc16d708\
uninstall cmd: MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
publisher: Microsoft

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2162169)

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472)

Update for Microsoft .NET Framework 4 Extended (KB2468871) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2468871.
help link: http://support.micro....com/kb/2468871

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2478063)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2487367.
help link: http://support.micro....com/kb/2487367

Update for Microsoft .NET Framework 4 Extended (KB2533523) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2533523.
help link: http://support.micro....com/kb/2533523

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514)

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2572063)

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2599651)

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211)

Update for Microsoft .NET Framework 4 Extended (KB2600217) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2600217.
help link: http://support.micro....com/kb/2600217

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2604121)

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2639327)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2656351.
help link: http://support.micro....com/kb/2656351

({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2682543)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2736428.
help link: http://support.micro....com/kb/2736428

Security Update for Microsoft .NET Framework 4 Extended (KB2742595) 1 ({8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595)
uninstall cmd: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Extended.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2742595.
help link: http://support.micro....com/kb/2742595

Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136562
install date: 20100909
install location: C:\Program Files (x86)\Common Files\Adobe\
install source: D:\Adobe® Photoshop® CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

Windows Live Movie Maker 15.4.3502.0922 ({92EA4134-10D1-418A-91E1-5A0453131A38})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 15280
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\e532786e1cc16d837\
uninstall cmd: MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
publisher: Microsoft Corporation

VC80CRTRedist - 8.0.50727.6195 1.2.0 ({933B4015-4618-4716-A828-5289FC03165F})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 1592
install date: 20110928
install source: C:\Program Files (x86)\Common Files\DivX Shared\
uninstall cmd: MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
publisher: DivX, Inc
comments: Install VC80 C++ Runtimes
contact: DivX, Inc

Realtek USB 2.0 Card Reader 6.1.7100.30093 ({96AE7E41-E34E-47D0-AC07-1091A8127911})
version: 100735932
install date: 20100902
install location: C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader
install source: C:\Users\karen whatever1\Desktop\drivers\CardReader_Realtek_6.1.7100.30093_W7x64W7x86_A\CardReader_Realtek(RTS5159)_v6.1.7100.30093_Win7x86x64\
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Realtek Semiconductor Corp.

HP Update 5.005.000.002 ({97486FBE-A3FC-4783-8D55-EA37E9D171CC})
version: 84213760
version (major): 5
version (minor): 5
estimated size: 4080
install date: 20130207
install location: C:\Program Files (x86)\HP\HP Software Update
install source: C:\Windows\Hewlett-Packard\Setup Files\HP Software Update\{95B575BF-548F-4085-AABA-D4DA6716A5C7}\
uninstall cmd: MsiExec.exe /X{97486FBE-A3FC-4783-8D55-EA37E9D171CC}
publisher: Hewlett-Packard
contact: http://www.hp.com/support

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 ({9A25302D-30C0-39D9-BD6F-21E6EC160475})
version: 151025673
version (major): 9
estimated size: 238
install date: 20101207
install source: C:\072fabb053502b800d99b82de0cee73e\
uninstall cmd: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
publisher: Microsoft Corporation

Personal Color Viewer 3.0.2 ({9AB4D07D-3754-1CD4-1E25-0C1AF3355921})
version: 50331650
version (major): 3
estimated size: 119578
install date: 20120314
install location: C:\Program Files (x86)\Benjamin Moore\PCV3
install source: C:\Users\karen whatever1\AppData\Local\Temp\fla79E1.tmp\
uninstall cmd: MsiExec.exe /I{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}
publisher: Eco Color Company

DocProc 13.0.0.0 ({9B362566-EC1B-4700-BB9C-EC661BDE2175})
version: 218103808
version (major): 13
estimated size: 76377
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161 ({9BE518E6-ECC6-35A9-88E4-87755C07200F})
version: 151025673
version (major): 9
estimated size: 600
install date: 20110615
install source: c:\7618e399f6309c3423804f74713bfd\
uninstall cmd: MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
publisher: Microsoft Corporation

Windows Live Mail 15.4.3502.0922 ({9D56775A-93F3-44A3-8092-840E3826DE30})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 18416
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\4a10e52e1cc16d81f\
uninstall cmd: MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
publisher: Microsoft Corporation

AIO_CDB_Software 130.0.365.000 ({9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB})
version (major): 130
estimated size: 22269
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\software\
publisher: Hewlett-Packard

Windows Live Mesh 15.4.3502.0922 ({A0C91188-C88F-4E86-93E6-CD7C9A266649})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 32
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\f7f3acee1cc174e45\
uninstall cmd: MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
publisher: Microsoft Corporation

Windows Live Writer 15.4.3502.0922 ({A726AE06-AAA3-43D1-87E3-70F510314F04})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 624
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ee2b33bf1cc16d839\
uninstall cmd: MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
publisher: Microsoft Corporation

AIO_CDA_Software 130.0.365.000 ({A7AEE29F-839E-46B5-B347-6D430618129F})
version (major): 130
estimated size: 22184
install date: 20121104
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS3C62\setup\software\
publisher: Hewlett-Packard

LightScribe 1.4.136.1 1.4.136.1 ({A87B11AC-4344-4E5D-8B12-8F471A87DAD9})
version: 17039496
version (major): 1
version (minor): 4
estimated size: 4293
install date: 20110927
install location: C:\Program Files (x86)\Common Files\LightScribe\
install source: C:\Windows\SysWOW64\
publisher: http://www.lightscribe.com
comments: LightScribe
contact: LightScribe
help link: http://www.lightscribe.com
help telephone: 1-000-000-0000

Google Update Helper 1.3.21.135 ({A92DAB39-4E2C-4304-9AB6-BC44E68B55E2})
version: 16973845
version (major): 1
version (minor): 3
estimated size: 29
install date: 20130207
install source: C:\Program Files (x86)\Google\Update\1.3.21.135\
uninstall cmd: MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
publisher: Google Inc.

Windows Live Photo Common 15.4.3502.0922 ({A9BDCA6B-3653-467B-AC83-94367DA3BFE3})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 11104
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\59930981cc16d813\
uninstall cmd: MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
publisher: Microsoft Corporation

Google Talk Plugin 3.17.0.12440 ({A9CE0266-6801-3B33-94AD-00520085CF4B})
version: 51445760
version (major): 3
version (minor): 17
estimated size: 20968
install date: 20130402
install source: C:\Users\karen whatever1\AppData\Local\Google\Update\Install\{7A9DE378-5708-4C38-80C8-559BF32E8D1D}\
uninstall cmd: MsiExec.exe /I{A9CE0266-6801-3B33-94AD-00520085CF4B}
publisher: Google

Windows Live Writer 15.4.3502.0922 ({AAAFC670-569B-4A2F-82B4-42945E0DE3EF})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 10768
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\5c435d641cc16d821\
uninstall cmd: MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
publisher: Microsoft Corporation

Windows Live Writer 15.4.3502.0922 ({AAF454FC-82CA-4F29-AB31-6A109485E76E})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 68
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\ed00a0d31cc174e42\
uninstall cmd: MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
publisher: Microsoft Corporation

Adobe Reader XI (11.0.02) 11.0.02 ({AC76BA86-7AD7-1033-7B44-AB0000000001})
version: 184549378
version (major): 11
estimated size: 128373
install date: 20130315
install location: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\
install source: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files (x86)\Adobe\Reader 11.0\Readme.htm

NTI CD & DVD-Maker 7.7.0.11 ({ADCC857B-9A9E-411F-A441-8FDCD120043A})
version: 117899264
version (major): 7
version (minor): 7
estimated size: 36547
install date: 20110927
install location: C:\Program Files (x86)\NewTech Infosystems\NTI CD & DVD-Maker 7\
install source: C:\Users\KARENW~1\AppData\Local\Temp\_is96C8\
publisher: NewTech Infosystems
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505

Optical Drive Power Management 1.01.3002 ({AE09C972-EEB2-4DA5-8090-0FCF54576854})
version: 16845754
install date: 20121118
install location: C:\Program Files\Acer\Optical Drive Power Management
install source: C:\Users\karen whatever1\AppData\Local\Temp\Temp2_OpticalDrive PM_Acer_1.01.3002_W7x64W7x86_A.zip\Optical Drive Power Management v1.01.3002.exe
uninstall cmd: "C:\Program Files (x86)\InstallShield Installation Information\{AE09C972-EEB2-4DA5-8090-0FCF54576854}\setup.exe" -runfromtemp -l0x0009 -removeonly
publisher: Acer Incorporated

QuickTime 7.73.80.64 ({AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A})
version: 122224720
version (major): 7
version (minor): 73
estimated size: 74914
install date: 20121122
install location: C:\Program Files (x86)\QuickTime\
install source: C:\Users\karen whatever1\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20130310
install location: C:\Program Files (x86)\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-net...hp?page=support

Adobe Bridge 1.0 001.000.004 ({B74D4E10-6884-0000-0000-000000000103})
version: 16777219
version (major): 1
estimated size: 89211
install date: 20100909
install location: C:\Program Files (x86)\Adobe\Adobe Bridge\
install source: C:\Users\KARENW~1\AppData\Local\Temp\
uninstall cmd: MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html

Graboid Video 3.58 Setup 3.5.8 ({bcb1ff51-51a4-4048-b534-3a9b3aa4acce})
estimated size: 31837
uninstall cmd: "C:\ProgramData\Package Cache\{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}\GraboidVideoInstaller-3.58.exe" /uninstall
publisher: FUSENET
help link: http://www.graboid.com

Destinations 130.0.0.0 ({BD7204BA-DD64-499E-9B55-6A282CDF4FA4})
version (major): 130
estimated size: 6965
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\Destinations\
publisher: Hewlett-Packard

HPProductAssistant 130.0.371.000 ({C43326F5-F135-4551-8270-7F7ABA0462E1})
version (major): 130
estimated size: 391
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\HPProductAssistant\
publisher: Hewlett-Packard

Windows Live Mail 15.4.3502.0922 ({C66824E4-CBB3-4851-BB3F-E8CFD6350923})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 4340
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\6eee3bad1cc16d825\
uninstall cmd: MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
publisher: Microsoft Corporation

Safari 5.34.57.2 ({C779648B-410E-4BBA-B75B-5815BCEFE71D})
version: 86114361
version (major): 5
version (minor): 34
estimated size: 106756
install date: 20130105
install location: C:\Program Files (x86)\Safari\
install source: C:\Users\KARENW~1\AppData\Local\Temp\IXP303.TMP\
uninstall cmd: MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

HPPhotoGadget 130.0.282.000 ({CAE4213F-F797-439D-BD9E-79B71D115BE3})
version (major): 130
estimated size: 774
install date: 20121104
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS3C62\setup\HPPhotoGadget\
publisher: Hewlett-Packard

Windows Live UX Platform 15.4.3502.0922 ({CE95A79E-E4FC-4FFF-8A75-29F04B942FF2})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 13436
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\89b66c971cc16d701\
uninstall cmd: MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
publisher: Microsoft Corporation

MSVCRT_amd64 15.4.2862.0708 ({D0B44725-3666-492D-BEF6-587A14BD9BD9})
version: 251923246
version (major): 15
version (minor): 4
estimated size: 52
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\3d7775e31cc16d81c\
uninstall cmd: MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
publisher: Microsoft

Windows Live Photo Common 15.4.3502.0922 ({D436F577-1695-4D2F-8B44-AC76C99E0002})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 1464
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\1d95ad811cc16d817\
uninstall cmd: MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
publisher: Microsoft Corporation

Windows Live Communications Platform 15.4.3502.0922 ({D45240D3-B6B3-4FF9-B243-54ECE3E10066})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 4680
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\e18484391cc16d70d\
uninstall cmd: MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
publisher: Microsoft Corporation

HPPhotosmartEssential 2.04.0000 ({D79113E7-274C-470B-BD46-01B10219DF6A})
version: 33816576
version (major): 2
version (minor): 4
estimated size: 47927
install date: 20121119
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS337F\setup\HPPhotoSmartEssential\
publisher: Hewlett-Packard

ConvertXtoDVD 4.1.10.348 4.1.10.348 ({DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1)
estimated size: 69770
install date: 20110928
install location: C:\Program Files (x86)\VSO\ConvertX\4\
uninstall cmd: "C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
help link: http://www.vso-software.fr

SmartWebPrinting 130.0.457.000 ({DC635845-46D3-404B-BCB1-FC4A91091AFA})
version (major): 130
estimated size: 23250
install date: 20121231
install source: C:\Users\KARENW~1\AppData\Local\Temp\7zS67EF\setup\WebPrinting\
publisher: Hewlett-Packard

Windows Live Writer Resources 15.4.3502.0922 ({DDC8BDEE-DCAC-404D-8257-3E8D4B782467})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 3900
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\673be7d31cc16d823\
uninstall cmd: MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
publisher: Microsoft Corporation

Windows Live Mesh 15.4.3502.0922 ({DECDCB7C-58CC-4865-91AF-627F9798FE48})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 5716
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\5cac23c1cc16d93d\
uninstall cmd: MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
publisher: Microsoft Corporation

D3DX10 15.4.2368.0902 ({E09C4DB7-630C-4F06-A631-8EA7239923AF})
version: 251922752
version (major): 15
version (minor): 4
estimated size: 2232
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\d2bd57541cc16d709\
uninstall cmd: MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
publisher: Microsoft

Windows Media Center Add-in for Flash 4.1.2.0 ({E2D09AC2-4153-4817-AAEB-24F92A8BCE88})
version: 67174402
version (major): 4
version (minor): 1
estimated size: 317
install date: 20100907
install source: C:\Users\karen whatever1\AppData\Local\Temp\3rpznrzr.vlt\
uninstall cmd: MsiExec.exe /X{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}
publisher: Microsoft Corporation

AIO_CDB_ProductContext 130.0.365.000 ({E7112940-5F8E-4918-B9FE-251F2F8DC81F})
version (major): 130
estimated size: 2975
install date: 20130312
install source: C:\Program Files (x86)\HP\Digital Imaging\{B61ED343-0B14-4241-999C-490CB1A20DA4}\
publisher: Hewlett-Packard

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20100909
install location: C:\Program Files (x86)\Adobe\Adobe Help Center\
install source: D:\Adobe® Photoshop® CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

({EB03EF39-C655-D560-FA95-79182B837D64})
install date: 20120323
uninstall cmd: "C:\ProgramData\MaagniPico\uninstall.exe" /path=C:\ProgramData\MaagniPico
publisher: MagniPic

Windows Live Messenger 15.4.3502.0922 ({EB4DF488-AAEF-406F-A341-CB2AAA315B90})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 25540
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\1188a1c51cc16d815\
uninstall cmd: MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
publisher: Microsoft Corporation

Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000 ({F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 1740
install date: 20110520
install location: C:\Program Files (x86)\Microsoft SQL Server Compact Edition\
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\768035cd1cc16d827\
uninstall cmd: MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
publisher: Microsoft Corporation
help link: http://www.microsoft.../sql/everywhere

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219 ({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
version: 167812379
version (major): 10
estimated size: 16931
install date: 20120605
install source: c:\2110dc87bd77d756025f\
uninstall cmd: MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
publisher: Microsoft Corporation
comments: Caution. Removing this product might prevent some applications from running.
help link: http://go.microsoft..../?LinkId=146008

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063)

({F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573)

Realtek High Definition Audio Driver 6.0.1.5911 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 38862848
install date: 20100902
install location: C:\Program Files\Realtek\Audio\HDA
install source: C:\Users\karen whatever1\AppData\Local\Temp\Temp1_Audio_Realtek_6.0.1.5911_W7x64W7x86_A.zip\Audio_Realtek_v6.0.1.5911_Win7x86x64\
uninstall cmd: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
publisher: Realtek Semiconductor Corp.

Visual C++ 2008 x86 Runtime - (v9.0.30729) 9.0.30729 ({F333A33D-125C-32A2-8DCE-5C5D14231E27})
version: 151025673
version (major): 9
estimated size: 248
install date: 20110228
install source: C:\Users\KARENW~1\AppData\Local\Temp\mia9EA1.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll\bag\
uninstall cmd: MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
publisher: Microsoft Corporation

Visual C++ 2008 x86 Runtime - v9.0.30729.01 9.0.30729.01 ({F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01)
uninstall cmd: C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2028562)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2160841.
help link: http://support.micro....com/kb/2160841

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2162169)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2446708.
help link: http://support.micro....com/kb/2446708

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708v2)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2468871.
help link: http://support.micro....com/kb/2468871

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228)

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2478663.
help link: http://support.micro....com/kb/2478663

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2514805)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2518870.
help link: http://support.micro....com/kb/2518870

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2533523.
help link: http://support.micro....com/kb/2533523

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2539636.
help link: http://support.micro....com/kb/2539636

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514)

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2572078.
help link: http://support.micro....com/kb/2572078

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2599651)

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2600217.
help link: http://support.micro....com/kb/2600217

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2604121.
help link: http://support.micro....com/kb/2604121

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2633870.
help link: http://support.micro....com/kb/2633870

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2639327)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2656351.
help link: http://support.micro....com/kb/2656351

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2656368.
help link: http://support.micro....com/kb/2656368

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) 2 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2656368.
help link: http://support.micro....com/kb/2656368

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2656405.
help link: http://support.micro....com/kb/2656405

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2686827.
help link: http://support.micro....com/kb/2686827

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2698021)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2729449.
help link: http://support.micro....com/kb/2729449

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2732797)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2736428.
help link: http://support.micro....com/kb/2736428

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2737019.
help link: http://support.micro....com/kb/2737019

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2742595.
help link: http://support.micro....com/kb/2742595

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) 1 ({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642)
uninstall cmd: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit http://support.micro...com/kb/2789642.
help link: http://support.micro....com/kb/2789642

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB982638)

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB983182)

({F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB983571)

MSXML 4.0 SP2 (KB973688) 4.20.9876.0 ({F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
version: 68429460
version (major): 4
version (minor): 20
estimated size: 1365
install date: 20110122
install source: c:\b2d29baf2022a841b4de38\
uninstall cmd: MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/973688

Windows Live Essentials 15.4.3502.0922 ({FE044230-9CA5-43F7-9B58-5AC5A28A1F33})
version: 251923886
version (major): 15
version (minor): 4
estimated size: 2020
install date: 20110520
install source: C:\Program Files (x86)\Common Files\Windows Live\.cache\b9a1f8b71cc16d706\
uninstall cmd: MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
publisher: Microsoft Corporation
help link: http://explore.live....live-essentials

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 9.0.21022 ({FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
version: 151015966
version (major): 9
estimated size: 1456
install date: 20101012
install source: c:\1e32e4b6460959fbb7a70fa3ca73af\
uninstall cmd: MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
publisher: Microsoft Corporation



--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Memory Cache 4.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller
Image path: \SystemRoot\system32\drivers\1394ohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI Power Meter Driver
Image path: \SystemRoot\system32\drivers\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Adobe LM Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe LM Service
Description: AdobeLM Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 72704
Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AdobeARMservice
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Acrobat Update Service
Description: Adobe Acrobat Updater keeps your Adobe software up to date.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Image size: 65192
Image MD5: 3927397AC60D943DAF8808AFFED582B7
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): AdobeFlashPlayerUpdateSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Flash Player Update Service
Description: This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
Object name: LocalSystem
Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Image size: 253656
Image MD5: EA856F4A46320389D1899B2CAA7BF40F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Experience
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Layer Gateway Service
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\amdxata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): AppHostSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Host Helper Service
Description: @%windir%\system32\inetsrv\iisres.dll,-30012
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k apphost
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache

Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Identity
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Information
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 57008
Image MD5: 4FE5C6D40664AE07BE5105874357D2ED
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Management
Description: @appmgmts.dll,-3251
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ASP.NET
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_4.0.30319
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ASP.NET_64_2.0.50727
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): aspnet_state
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
Image size: 44376
Image MD5: 9217D874131AE6FF8F642F124F00A555
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): athr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Atheros Extensible Wireless LAN device driver
Image path: system32\DRIVERS\athrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio Endpoint Builder
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Audio
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ActiveX Installer (AxInstSV)
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): b57nd60a
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60a.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): bcm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WiMAX Network Adapter
Image path: system32\DRIVERS\drxvi314_64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): bcmbusctr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WiMAX Bus Driver
Image path: system32\DRIVERS\BcmBusCtr_64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BitLocker Drive Encryption Service
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Base Filtering Engine
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BingDesktopUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bing Desktop Update service
Description: Bing Desktop Update Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe"
Image size: 166424
Image MD5: 8DC837789BBF0E1BEF252A8F7C101F7B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 462184
Image MD5: EBBCD5DFBB1DE70E8F4AF8FA59E401FD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Bridge
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bridgeres.dll,-3
Image path: system32\DRIVERS\bridge.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BridgeMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bridgeres.dll,-1
Image path: system32\DRIVERS\bridge.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Computer Browser
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Support Service
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BVRPMPR5a64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BVRPMPR5a64 NDIS Protocol Driver
Image path: \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\ComboFix\catchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Certificate Propagation
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): clr_optimization_v2.0.50727_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Image size: 89920
Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Image size: 138576
Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AC Adapter Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Composite Bus Enumerator Driver
Image path: \SystemRoot\system32\drivers\CompositeBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ System Application
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): cpuz135
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cpuz135
Image path: \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cpuz136
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cpuz136
Image path: \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cryptographic Services
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): CSC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\cscsvc.dll,-202
Description: @%systemroot%\system32\cscsvc.dll,-203
Image path: system32\drivers\csc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: rdbss

Service (registry key): CscService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Offline Files
Description: @%systemroot%\system32\cscsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dc3d
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Hardware Device Detection Driver
Image path: system32\DRIVERS\dc3d.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Defragmenter
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DHCP Client
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DNS Client
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wired AutoConfig
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): Dot4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS IEEE-1284.4 Driver
Image path: system32\DRIVERS\Dot4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Class Driver for IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Diagnostic Policy Service
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Extensible Authentication Protocol
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Encrypting File System (EFS)
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 696832
Image MD5: C4002B6B41975F057D98C439030CEA07
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 127488
Image MD5: 4705E8EF9934482C5BB488CE28AFC681
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ePowerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acer ePower Service
Description: Acer ePower Service
Object name: LocalSystem
Image path: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
Image size: 786976
Image MD5: 7B1EE19B7FBD5365E1935F6AAB7E48A7
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Hardware Error Device Driver
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Event Log
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: COM+ Event System
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fax
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Function Discovery Provider Host
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Function Discovery Resource Publication
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): FLEXnet Licensing Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FLEXnet Licensing Service
Description: This service performs licensing functions on behalf of FLEXnet enabled products.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
Image size: 655624
Image MD5: BB0667B0171B632B97EA759515476F07
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Font Cache Service
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Presentation Foundation Font Cache 3.0.0.0
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): fsbts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: fsbts
Image path: system32\Drivers\fsbts.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0

Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr

Service (registry key): fssfltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FssFltr
Image path: system32\DRIVERS\fssfltr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): fsssvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Family Safety Service
Description: This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
Image size: 1493352
Image MD5: 4CE9DAC1518FF7E77BD213E6394B9D77
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0

Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k GPSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): gupdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdate)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Image size: 136176
Image MD5: F02A533F517EB38333CB12A9E8963773
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gupdatem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdatem)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
Image size: 136176
Image MD5: F02A533F517EB38333CB12A9E8963773
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Software Updater
Description: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 194032
Image MD5: 5D4BC124FAAE6730AC002CDB67BF1A1C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: \SystemRoot\system32\drivers\HdAudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: \SystemRoot\system32\drivers\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Human Interface Device Access
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Health Key and Certificate Management
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HomeGroup Listener
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanServer

Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HomeGroup Provider
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost

Service (registry key): hpqcxs08
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpqcxs08
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqddsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP CUE DeviceDiscovery Service
Description: This service detects and monitors CUE devices on the system.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HPSLPSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Network Devices Support
Description: Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k HPService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: \SystemRoot\system32\drivers\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IAANTMON
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® Matrix Storage Event Monitor
Object name: LocalSystem
Image path: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
Image size: 354840
Image MD5: 7548066DF68A8A1A56B043359F915F37
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: winmgmt

Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AHCI Controller
Image path: system32\DRIVERS\iaStor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Windows 7
Image path: \SystemRoot\system32\drivers\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Image size: 73728
Image MD5: 6F95324909B502E2651442C1548AB12F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows CardSpace
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 856400
Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): igfx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igdkmd64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IKE and AuthIP IPsec Keying Modules
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): InetInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IntuitUpdateService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intuit Update Service
Description: @C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateServiceWin32Resources.dll,-101
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
Image size: 13088
Image MD5: 7BDB4E00E1CB174B56E5B2C31DDE68A7
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP-X IP Bus Enumerator
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 641352
Image MD5: 44886233135241F3990724082EB104EE
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: system32\DRIVERS\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: \SystemRoot\system32\drivers\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: \SystemRoot\system32\drivers\kbdhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CNG Key Isolation
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): ksthunk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Streaming Thunks
Image path: \SystemRoot\system32\drivers\ksthunk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: KtmRm for Distributed Transaction Coordinator
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): L1C
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
Image path: system32\DRIVERS\L1C62x64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Server
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Workstation
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): Lavasoft Kernexplorer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lavasoft helper driver
Image path: \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LightScribeService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LightScribeService Direct Disc Labeling Service
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
Image size: 61440
Image MD5: 559C9B7800FAC92FC515CD0003D7C631
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP NetBIOS Helper
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): lxdx_device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: lxdx_device
Object name: LocalSystem
Image path: C:\Windows\system32\lxdxcoms.exe -service
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Media Center Extender Service
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Microsoft SharePoint Workspace Audit Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft SharePoint Workspace Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
Image size: 51445112
Image MD5: 616DBE6BF666B012EEA2AA5CED910264
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Multimedia Class Scheduler
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MpFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Malware Protection Driver
Description: Microsoft On-Access Malware Protection Mini-Filter Driver
Image path: system32\DRIVERS\MpFilter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Transaction Coordinator
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): MSDTC Bridge 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msisadrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft iSCSI Initiator Service
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Installer
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsMpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Antimalware Service
Description: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-240
Object name: LocalSystem
Image path: "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
Image size: 22056
Image MD5: E07DEC52FF801841BA9B6878A60304FB
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: \SystemRoot\system32\drivers\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Access Protection Agent
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Netlogon
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Connections
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): NetMsmqActivator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Msmq Listener Adapter
Description: @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8194
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
Image size: 124240
Image MD5: D22CD77D4F0D63D1169BB35911BFF12D
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: was,msmq

Service (registry key): NetPipeActivator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Pipe Listener Adapter
Description: @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8196
Object name: NT AUTHORITY\LocalService
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Image size: 124240
Image MD5: D22CD77D4F0D63D1169BB35911BFF12D
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: was

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network List Service
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpActivator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Tcp Listener Adapter
Description: @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8198
Object name: NT AUTHORITY\LocalService
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Image size: 124240
Image MD5: D22CD77D4F0D63D1169BB35911BFF12D
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: was,NetTcpPortSharing

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net.Tcp Port Sharing Service
Description: @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Image size: 124240
Image MD5: D22CD77D4F0D63D1169BB35911BFF12D
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): NisDrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Network Inspection System
Description: NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
Image path: system32\DRIVERS\NisDrvWFP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: BFE

Service (registry key): NisSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243
Description: @c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-242
Object name: NT AUTHORITY\LocalService
Image path: "c:\Program Files\Microsoft Security Client\NisSrv.exe"
Image size: 379360
Image MD5: C6E15F2F95F9C0A6098D43510B604E52
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: NisDrv

Service (registry key): NitroDriverReadSpool2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NitroPDFDriverCreatorReadSpool2
Description: Nitro PDF Driver Read Spool 2
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe"
Image size: 216072
Image MD5: 385A3F3346669DB51644CFF0EA40E345
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Location Awareness
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): nlsX86cc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Nalpeiron Licensing Service
Description: Nalpeiron Licensing Service
Object name: LocalSystem
Image path: C:\Windows\SysWOW64\NLSSRV32.EXE
Image size: 68896
Image MD5: 9A5F53B55E09ECC2DAB8C74E4DD18B8D
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Store Interface Service
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): NuidFltr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NUID filter driver
Image path: system32\DRIVERS\NuidFltr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ODDPwrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Acer ODD Power Service
Description: Acer ODD Power Service
Object name: LocalSystem
Image path: C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
Image size: 158240
Image MD5: FF0A17B7DA1467FE4172BA545BC1060A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller (Legacy)
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ose64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office 64 Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 174440
Image MD5: 4965B005492CBA7719E82B71E3245495
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): osppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Software Protection Platform
Description: Office Software Protection Platform Service (unlocalized description)
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Image size: 4925184
Image MD5: 61BFFB5F57AD12F83AB64B7181829B34
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): Outlook
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Peer Networking Identity Manager
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Peer Networking Grouping
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): PasscapeLoader64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Passcape 64-bit Loader Service
Object name: LocalSystem
Image path: "H:\WPR\loader64.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Program Compatibility Assistant Service
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PCTINDIS5X64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCTINDIS5X64 NDIS Protocol Driver
Image path: \??\C:\Windows\system32\PCTINDIS5X64.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PeerDistSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BranchCache
Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k PeerDist
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: http

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counter DLL Host
Description: @%systemroot%\SysWow64\perfhost.exe,-1
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\SysWow64\perfhost.exe
Image size: 20992
Image MD5: E495E408C93141E8FC72DC0C6046DDFA
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Logs & Alerts
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PNRP Machine Name Publication Service
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Peer Name Resolution Protocol
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): Point64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IntelliPoint Filter Driver
Image path: system32\DRIVERS\point64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPsec Policy Agent
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Power
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protected Storage
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): PuranDefrag
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PuranDefrag
Object name: LocalSystem
Image path: "C:\Windows\system32\PuranDefragS.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Quality Windows Audio Video Experience
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Manager
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Connection Manager
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: system32\DRIVERS\rdpbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPDISPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\rdpdispm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDPDR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: System32\drivers\rdpdr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: RDBSS

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPUDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RdpVideoMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Video Miniport Driver
Image path: System32\drivers\rdpvideominiport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Routing and Remote Access
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Registry
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Revoflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Revoflt
Description: Revo Uninstaller Filter driver
Image path: system32\DRIVERS\revoflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): RimUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: BlackBerry Smartphone
Image path: System32\Drivers\RimUsb_AMD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RimVSerPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RIM Virtual Serial Port v2
Image path: system32\DRIVERS\RimSerial_AMD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): ROOTMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Legacy Modem Driver
Image path: System32\Drivers\RootMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Procedure Call (RPC) Locator
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): RSUSBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RtsUStor.Sys Realtek USB Card Reader
Image path: System32\Drivers\RtsUStor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RtsUIR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek IR Driver
Image path: system32\DRIVERS\Rts516xIR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): s3cap
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vms3cap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Accounts Manager
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): SCDEmu
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Smart Card Removal Policy
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SDFirewallService
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: Offers malware scanning services to Spybot-S&D modules.
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Backup
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secondary Logon
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Event Notification Service
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): SensrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adaptive Brightness
Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Configuration
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Shell Hardware Detection
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): simptcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Simple TCP/IP Services
Description: @%SystemRoot%\system32\simptcp.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\tcpsvcs.exe
Image size: 9216
Image MD5: F5AAA8CDDA25B6387AF590D676D25BAD
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: afd

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SMSvcHost 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SNMP Trap
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Soluto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Soluto
Description: Soluto Mini-Filter Driver
Image path: system32\DRIVERS\Soluto.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): SolutoLauncherService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Soluto Launcher Service
Description: Soluto Launcher Service
Object name: LocalSystem
Image path: "C:\Program Files\Soluto\SolutoLauncherService.exe"
Image size: 183264
Image MD5: ACF7389DA65760FED2B224C51EDC3A2B
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): SolutoRemoteService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Soluto Remote Service
Description: Soluto Remote Access Service
Object name: LocalSystem
Image path: "C:\Program Files\Soluto\SolutoRemoteService.exe" -service
Image size: 1239552
Image MD5: BCA25A87AD78FEDAC5C5ABD92DB3BECD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): SolutoService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Soluto PCGenome Core Service
Description: Soluto PCGenome Core Service
Object name: LocalSystem
Image path: "C:\Program Files\Soluto\SolutoService.exe"
Image size: 552928
Image MD5: F6D4A0E0C37B0ED1361D23FF672E8BF7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Protection
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SPP Notification Service
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSDP Discovery
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secure Socket Tunneling Protocol Service
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Image Acquisition (WIA)
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): storflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vmstorfltres.dll,-1000
Image path: system32\drivers\vmstorfl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): storvsc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\storvsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: \SystemRoot\system32\drivers\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Software Shadow Copy Provider
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Synth3dVsc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\synth3dvsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Superfetch
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tablet PC Input Service
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Telephony
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TPM Base Services
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: \SystemRoot\system32\drivers\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Services
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): TFsExDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TFsExDisk
Description: TFsExDisk
Image path: \??\C:\Windows\System32\Drivers\TFsExDisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Themes
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Thread Ordering Server
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Distributed Link Tracking Client
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Modules Installer
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 194048
Image MD5: 773212B2AAA24C1E31F10246B15B276C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TsUsbFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
Image path: system32\drivers\tsusbflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tsusbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\tsusbhub.sys,-1
Description: @%SystemRoot%\system32\drivers\tsusbhub.sys,-2
Image path: system32\drivers\tsusbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Interactive Services Detection
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: system32\DRIVERS\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UmRdpService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Services UserMode Port Redirector
Description: @%SystemRoot%\system32\umrdp.dll,-1001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: TermService,RDPDR

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UPnP Device Host
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): USBAAPL64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBCCID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek Smartcard Reader Driver
Image path: system32\DRIVERS\RtsUCcid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbrndis6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB RNDIS6 Adapter
Image path: \SystemRoot\system32\drivers\usb80236.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Scanner Driver
Image path: system32\DRIVERS\usbscan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbser
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Video Device (WDM)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Desktop Window Manager Session Manager
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Credential Manager
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual Drive Enumerator Driver
Image path: system32\drivers\vdrvroot.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual Disk
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): VGPU
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\rdvgkmd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): vmbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vmbusres.dll,-1000
Image path: system32\drivers\vmbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): VMBusHID
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\VMBusHID.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Shadow Copy
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Bus Driver
Description: Virtual WiFi Bus Driver
Image path: system32\DRIVERS\vwifibus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): vwififlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Image path: system32\DRIVERS\vwififlt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): vwifimp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual WiFi Miniport Service
Image path: system32\DRIVERS\vwifimp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: World Wide Web Publishing Service
Description: @%windir%\system32\inetsrv\iisres.dll,-30004
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k iissvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: WAS,HTTP

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): WAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Process Activation Service
Description: @%windir%\system32\inetsrv\iisres.dll,-30002
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k iissvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): WatAdminSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Activation Technologies Service
Description: @%SystemRoot%\system32\Wat\WatUX.exe,-602
Object name: LocalSystem
Image path: %SystemRoot%\system32\Wat\WatAdminSvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Block Level Backup Engine Service
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Biometric Service
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Connect Now - Config Registrar
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Color System
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
Image path: system32\drivers\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Diagnostic Service Host
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Diagnostic System Host
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebClient
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Event Collector
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Problem Reports and Solutions Control Panel Support
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Error Reporting Service
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0

Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Windows Workflow Foundation 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Remote Management (WS-Management)
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WLAN AutoConfig
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): wlcrasvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live Mesh remote connections service
Description: @C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll,-102
Object name: LocalSystem
Image path: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
Image size: 57184
Image MD5: 06C8FA1CF39DE6A735B54D906BA791C6
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): wlidsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Live ID Sign-in Assistant
Description: Enables Windows Live ID authentication.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
Image size: 2286976
Image MD5: 7E47C328FC4768CB8BEAFBCFAFA70362
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WMI Performance Adapter
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Media Player Network Sharing Service
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Portable Device Enumerator Service
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WprPasscapeLoader
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WPR Passcape Loader Service
Object name: LocalSystem
Image path: "H:\WPR\loader.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Search
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 427520
Image MD5: 236F286E103FD44BD85FDD93097FD5DD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Update
Description: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf

Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WWAN AutoConfig
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {26FC7D72-85D1-4146-9240-206EF9DA641B}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {3CFE5D71-3F3B-4E23-BA6B-A15AB17944CC}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {9056C828-04FA-4518-B67C-A3B198B3C305}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {DE9F0A9B-B95D-4B3C-87F9-AEB72EB155B7}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {FC403430-B48A-4DAD-96B5-5F433F845AFE}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0




==============================================================================

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-08 23:13:53
-----------------------------
23:13:53.231 OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:53.231 Number of processors: 1 586 0x170A
23:13:53.233 ComputerName: KARENWHATEVER1 UserName:
23:13:54.166 Initialize success
23:13:59.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:13:59.869 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
23:13:59.973 Disk 0 MBR read successfully
23:13:59.977 Disk 0 MBR scan
23:13:59.980 Disk 0 Windows 7 default MBR code
23:13:59.990 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:13:59.999 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
23:14:00.013 Disk 0 scanning C:\Windows\system32\drivers
23:14:07.565 Service scanning
23:14:28.646 Modules scanning
23:14:28.658 Disk 0 trace - called modules:
23:14:28.690 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
23:14:28.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800484b060]
23:14:28.703 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> [0xfffffa80046c8520]
23:14:29.050 5 ACPI.sys[fffff88000f157a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046cb050]
23:14:29.059 Scan finished successfully
23:14:57.868 Disk 0 MBR has been saved successfully to "C:\Users\karen whatever1\Desktop\help\MBR.dat"
23:14:58.000 The log file has been saved successfully to "C:\Users\karen whatever1\Desktop\help\aswMBR.txt"


so far
  • 0

#4
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
procexp64.exe 29.16 29,432 K 55,924 K 5992 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 26.71 0 K 24 K 0
svchost.exe 11.11 86,960 K 99,820 K 604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 6.15 43,200 K 28,700 K 3912 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
TeaTimer.exe 4.53 70,144 K 73,708 K 3460 System settings protector Safer-Networking Ltd. (No signature was present in the subject) Safer-Networking Ltd.
Interrupts 4.46 0 K 0 K n/a Hardware Interrupts and DPCs
Soluto.exe 4.35 49,456 K 6,736 K 2808 Soluto Soluto (Verified) Soluto
lsass.exe 2.99 4,544 K 12,360 K 632 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 2.29 67,080 K 91,168 K 2408 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1.90 2,316 K 12,748 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 1.68 67,356 K 64,832 K 920 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
System 1.28 112 K 304 K 4
SolutoService.exe 1.03 160,164 K 59,872 K 2528 Soluto Soluto (Verified) Soluto
svchost.exe 0.85 42,352 K 54,432 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.79 45,568 K 63,688 K 3984 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.45 9,372 K 14,112 K 3796 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 15,748 K 18,084 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 11,692 K 15,364 K 2280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 37,760 K 46,004 K 4836 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.03 11,796 K 20,768 K 392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.02 11,856 K 27,352 K 1912 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 20,272 K 20,112 K 5092 Google Chrome Google Inc. (Verified) Google Inc
SearchIndexer.exe 0.02 38,316 K 22,288 K 3392 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 72,596 K 77,056 K 4852 Google Chrome Google Inc. (Verified) Google Inc
snmptrap.exe 0.01 1,316 K 4,092 K 3104 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 9,652 K 18,188 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 0.01 34,416 K 24,048 K 3044 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 4,344 K 5,056 K 2316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 60,964 K 48,808 K 4952 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 4,436 K 8,308 K 876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SolutoLauncherService.exe < 0.01 1,056 K 3,372 K 2504 Soluto Launcher Service Soluto (Verified) Soluto
svchost.exe < 0.01 14,268 K 18,036 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,364 K 4,260 K 1300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,608 K 6,224 K 3724 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiApSrv.exe 1,472 K 4,860 K 3612 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,448 K 6,832 K 592 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,324 K 4,232 K 528 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vds.exe 1,400 K 5,020 K 2760 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,416 K 4,848 K 3036 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 2,152 K 6,720 K 4480 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
TCPSVCS.EXE 1,360 K 3,960 K 2468 TCP/IP Services Application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,448 K 4,688 K 936 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 22,092 K 23,796 K 492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,100 K 5,488 K 4812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,792 K 8,888 K 768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,192 K 9,724 K 2812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,036 K 7,840 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,496 K 5,636 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,332 K 4,328 K 1928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,108 K 3,256 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,300 K 3,988 K 2428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,688 K 5,256 K 2680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,296 K 4,248 K 2700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 744 K 2,412 K 2968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,240 K 15,224 K 1744 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 372 K 1,044 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,296 K 10,092 K 612 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SDWinSec.exe 4,156 K 8,596 K 2748 Spybot-S&D Security Center integration Safer Networking Ltd. (Verified) Safer Networking Ltd.
procexp.exe 2,296 K 7,652 K 5976 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 27,180 K 19,708 K 832 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
PLFSetI.exe 1,736 K 6,600 K 728 DefaultSettingEXE MFC Application (No signature was present in the subject)
perfhost.exe 648 K 2,424 K 2348 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
OSE.EXE 1,008 K 2,884 K 4296 Office Source Engine Microsoft Corporation (Verified) Microsoft Corporation
ODDPWR.exe 2,544 K 5,828 K 1676 ODDPWR Acer Incorporated (Verified) Acer Incorporated
NisSrv.exe 8,372 K 5,584 K 3420 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msiexec.exe 1,820 K 5,684 K 2240 Windows® installer Microsoft Corporation (Verified) Microsoft Windows
msdtc.exe 3,428 K 7,452 K 2200 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 2,168 K 4,044 K 640 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 588 K 1,888 K 2400 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
igfxsrvc.exe 1,684 K 5,560 K 3148 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,636 K 5,656 K 1568 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IDriverT.exe 2,824 K 8,760 K 1652 IDriverT Module Macrovision Corporation (No signature was present in the subject) Macrovision Corporation
IAANTmon.exe 1,864 K 5,904 K 4160 RAID Monitor Intel Corporation (Verified) Intel Corporation
dllhost.exe 7,328 K 11,144 K 4056 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,272 K 4,556 K 4388 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,056 K 6,672 K 4608 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,948 K 4,700 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3,804 K 7,824 K 2840 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 16,724 K 16,952 K 1108 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
aspnet_state.exe 2,008 K 5,300 K 1696 Microsoft ASP.NET State Server Microsoft Corporation (Verified) Microsoft Corporation
alg.exe 1,300 K 4,576 K 1668 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
  • 0

#5
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/04/2013 12:20:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/04/2013 6:47:50 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 09/04/2013 6:45:49 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 09/04/2013 6:45:36 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Log: 'System' Date/Time: 09/04/2013 6:44:40 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/04/2013 6:48:03 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.254.30 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 09/04/2013 6:45:30 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 09/04/2013 6:44:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#6
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
there is everything . The only thing i couldnt run is combofix but i can keep trying to disable my antivirus.
thank you so much for helping me
sorry for my delay in replying
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Log: 'System' Date/Time: 09/04/2013 6:44:40 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.


This is a sign of problems with either the hard drive or your RAM. Let's try a disk check:


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Then run Process Explorer as before. Make sure you wait at least 60 seconds after starting the program before you save the log.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop
then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Without rebooting after running Process Explorer:

Copy the next two lines:

tasklist /svc > \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad will open. Copy the text from notepad into a reply or attach the file c:\junk.txt
  • 0

#8
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/04/2013 10:16:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 5:13:40 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 5:11:02 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 10/04/2013 5:10:50 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Log: 'System' Date/Time: 10/04/2013 5:10:48 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 10/04/2013 5:10:48 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 5:10:39 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 3:34:17 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/04/2013 10:17:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2013 3:34:12 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-382808121-4162746689-1787036098-1000:
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Internet Explorer\Main
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 388 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Policies
  • 0

#9
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
wmpnetwk.exe 39.82 35,032 K 30,152 K 4564 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 23.97 298,464 K 269,300 K 904 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 18.96 28,732 K 52,728 K 5064 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 1.47 0 K 0 K n/a Hardware Interrupts and DPCs
TeaTimer.exe 1.43 71,520 K 74,424 K 3172 System settings protector Safer-Networking Ltd. (No signature was present in the subject) Safer-Networking Ltd.
lsass.exe 1.52 4,520 K 12,336 K 656 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.79 220,716 K 150,000 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 4.67 47,508 K 41,616 K 3812 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.72 112 K 304 K 4
csrss.exe 0.42 2,148 K 13,680 K 548 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.28 12,136 K 13,096 K 3656 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2.01 36,868 K 56,672 K 2896 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 9,456 K 18,128 K 1280 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,424 K 9,960 K 2864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 22,248 K 25,460 K 424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 1.02 51,476 K 47,048 K 4356 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,388 K 8,284 K 852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 0.67 5,184 K 11,708 K 4300 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 11,620 K 20,636 K 528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 99,924 K 111,372 K 504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 43,044 K 59,548 K 1444 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.01 1,924 K 4,688 K 496 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 0.01 812 K 2,724 K 5888 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 15,276 K 17,928 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 12,012 K 15,648 K 2500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe < 0.01 34,372 K 23,992 K 3064 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 4,348 K 5,004 K 2556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
snmptrap.exe < 0.01 1,312 K 4,092 K 3888 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 62,900 K 67,168 K 4760 Google Chrome Google Inc. (Verified) Google Inc
TCPSVCS.EXE 1,360 K 3,960 K 2676 TCP/IP Services Application Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,244 K 3,900 K 2644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 3,136 K 7,036 K 5576 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 1,724 K 6,088 K 4536 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6,080 K 11,088 K 976 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,768 K 6,580 K 3176 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiApSrv.exe 1,420 K 4,848 K 4892 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,452 K 6,780 K 604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,364 K 4,324 K 536 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vds.exe 1,372 K 5,000 K 2828 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,428 K 4,936 K 2652 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe < 0.01 2,156 K 6,736 K 988 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 19,408 K 23,256 K 2116 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 K 24 K 0
svchost.exe 15,144 K 18,948 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,348 K 8,860 K 1516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,660 K 5,260 K 2732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,244 K 4,224 K 2752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,516 K 5,656 K 1124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,892 K 8,932 K 788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,280 K 4,312 K 2100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,052 K 7,816 K 2184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,108 K 3,264 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,360 K 4,248 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 748 K 2,420 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,100 K 5,488 K 5100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,128 K 15,108 K 1704 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 376 K 1,044 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,964 K 13,420 K 624 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 0.91 6,188 K 14,448 K 1480 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
SDWinSec.exe 4,164 K 8,576 K 3084 Spybot-S&D Security Center integration Safer Networking Ltd. (Verified) Safer Networking Ltd.
procexp.exe 2,292 K 7,412 K 4764 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PLFSetI.exe 1,740 K 6,652 K 2368 DefaultSettingEXE MFC Application (No signature was present in the subject)
perfhost.exe 656 K 2,424 K 2580 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
OSE.EXE 1,012 K 2,892 K 2088 Office Source Engine Microsoft Corporation (Verified) Microsoft Corporation
ODDPWRSvc.exe 1,804 K 6,128 K 2460 ODDPwr service Acer Incorporated (Verified) Acer Incorporated
ODDPWR.exe 1,760 K 5,700 K 2428 ODDPWR Acer Incorporated (Verified) Acer Incorporated
NisSrv.exe 8,392 K 5,084 K 3508 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msdtc.exe 3,408 K 7,484 K 2340 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
MpSigStub.exe 2,796 K 5,604 K 152 Microsoft Malware Protection Signature Update Stub Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 2,920 K 7,420 K 5868 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 1,924 K 4,376 K 5828 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 1,756 K 5,084 K 2056 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,256 K 4,036 K 664 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 588 K 1,888 K 2616 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 8,152 K 15,224 K 4412 Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
IntuitUpdateService.exe 20,400 K 756 K 1628 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxtray.exe 1,808 K 5,712 K 3516 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,688 K 5,600 K 3772 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,604 K 5,644 K 2288 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IDriverT.exe 2,784 K 8,772 K 2212 IDriverT Module Macrovision Corporation (No signature was present in the subject) Macrovision Corporation
IAANTmon.exe 1,904 K 5,940 K 2032 RAID Monitor Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 3,664 K 8,240 K 4420 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hkcmd.exe 1,728 K 5,656 K 3616 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 2,068 K 6,672 K 3588 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,268 K 4,580 K 4908 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 9,368 K 13,176 K 5116 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
ClearStick64.exe 1,064 K 3,840 K 4524 (No signature was present in the subject)
chrome.exe 0.01 187,600 K 181,172 K 3204 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 20,312 K 20,260 K 3332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,808 K 7,796 K 2040 Google Chrome Google Inc. (Verified) Google Inc
BingDesktopUpdater.exe 1,156 K 3,936 K 1252 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
aspnet_state.exe 1,992 K 5,292 K 1984 Microsoft ASP.NET State Server Microsoft Corporation (Verified) Microsoft Corporation
armsvc.exe 1,124 K 3,812 K 1168 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AM_Delta_Patch_1.147.1339.0.exe 552 K 2,464 K 5512 AntiMalware Definition Update Microsoft Corporation (Verified) Microsoft Corporation
alg.exe 1,264 K 4,552 K 1348 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
  • 0

#10
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 356 N/A
csrss.exe 496 N/A
wininit.exe 536 N/A
csrss.exe 548 N/A
winlogon.exe 604 N/A
services.exe 624 N/A
lsass.exe 656 EFS, KeyIso, ProtectedStorage, SamSs,
VaultSvc
lsm.exe 664 N/A
svchost.exe 788 DcomLaunch, PlugPlay, Power
svchost.exe 852 RpcEptMapper, RpcSs
MsMpEng.exe 904 MsMpSvc
svchost.exe 424 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 504 AudioEndpointBuilder, CscService, dot3svc,
hidserv, HomeGroupListener, IPBusEnum,
Netman, PcaSvc, SysMain, TrkWks,
UmRdpService, UxSms, Wlansvc, WPDBusEnum,
wudfsvc
svchost.exe 528 EventSystem, fdPHost, FontCache, netprofm,
nsi, SstpSvc, THREADORDER, WdiServiceHost,
WebClient, WinHttpAutoProxySvc
svchost.exe 880 AeLookupSvc, Appinfo, AppMgmt, BITS,
Browser, CertPropSvc, EapHost, hkmsvc,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
MSiSCSI, ProfSvc, RasAuto, RasMan,
RemoteAccess, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, Themes,
wercplsupport, Winmgmt, wuauserv
svchost.exe 1088 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TapiSrv, TermService, Wecsvc, WinRM
svchost.exe 1124 gpsvc
svchost.exe 1280 AppIDSvc, FDResPub, Mcx2Svc, QWAVE,
SCardSvr, SensrSvc, SSDPSRV, upnphost,
wcncsvc
svchost.exe 1560 BFE, DPS, MpsSvc, pla, WwanSvc
spoolsv.exe 1704 Spooler
armsvc.exe 1168 AdobeARMservice
alg.exe 1348 ALG
svchost.exe 1516 AppHostSvc
aspnet_state.exe 1984 aspnet_state
BingDesktopUpdater.exe 1252 BingDesktopUpdate
mDNSResponder.exe 2056 Bonjour Service
svchost.exe 2076 bthserv
svchost.exe 2100 defragsvc
svchost.exe 2184 hpqcxs08, hpqddsvc
IDriverT.exe 2212 IDriverT
svchost.exe 2304 KtmRm
msdtc.exe 2340 MSDTC
ODDPWRSvc.exe 2460 ODDPwrSvc
svchost.exe 2500 p2pimsvc, p2psvc, PNRPAutoReg, PNRPsvc
svchost.exe 2556 PeerDistSvc
perfhost.exe 2580 PerfHost
Locator.exe 2616 RpcLocator
svchost.exe 2644 SDRSVC
TCPSVCS.EXE 2676 simptcp
svchost.exe 2732 stisvc
svchost.exe 2752 swprv
vds.exe 2828 vds
svchost.exe 2864 W3SVC, WAS
svchost.exe 3024 WerSvc
SMSvcHost.exe 3064 NetPipeActivator, NetTcpActivator,
NetTcpPortSharing
SDWinSec.exe 3084 SBSDWSCService
NisSrv.exe 3508 NisSrv
dllhost.exe 3588 N/A
taskhost.exe 3656 N/A
dwm.exe 3812 N/A
explorer.exe 2896 N/A
igfxpers.exe 2288 N/A
PLFSetI.exe 2368 N/A
ODDPWR.exe 2428 N/A
unsecapp.exe 2652 N/A
igfxtray.exe 3516 N/A
hkcmd.exe 3616 N/A
igfxsrvc.exe 3772 N/A
TeaTimer.exe 3172 N/A
WmiPrvSE.exe 3176 N/A
SearchIndexer.exe 4356 WSearch
jusched.exe 4412 N/A
hpwuschd2.exe 4420 N/A
ClearStick64.exe 4524 N/A
wmpnetwk.exe 4564 WMPNetworkSvc
dllhost.exe 4908 N/A
SearchProtocolHost.exe 4300 N/A
IAANTmon.exe 2032 IAANTMON
chrome.exe 4760 N/A
IntuitUpdateService.exe 1628 IntuitUpdateService
chrome.exe 3204 N/A
chrome.exe 3332 N/A
chrome.exe 1444 N/A
chrome.exe 2040 N/A
OSE.EXE 2088 ose64
svchost.exe 5100 PolicyAgent
snmptrap.exe 3888 SNMPTRAP
UI0Detect.exe 988 UI0Detect
WmiApSrv.exe 4892 wmiApSrv
WmiPrvSE.exe 976 N/A
dllhost.exe 5116 N/A
wuauclt.exe 4536 N/A
TrustedInstaller.exe 2116 TrustedInstaller
procexp.exe 4764 N/A
procexp64.exe 5064 N/A
audiodg.exe 5124 N/A
cmd.exe 3412 N/A
conhost.exe 5780 N/A
SearchFilterHost.exe 4264 N/A
tasklist.exe 2860 N/A
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Process Explorer is telling me that the two worst offenders are Windows Media Player Network Sharing Service and Windows Defender. Don't know why either is running. Hopefully you aren't trying to watch a movie or listen to music while working on this.

Windows Defender should have been turned off when you installed MSSE. So it should not be running.

Let's see if we can turn then off. Right click on Computer and select Manage (Continue or OK) and then Services and Applications then Services. Find Windows Media Player Network Sharing Service and right click on it and select Properties. Change the Startup type to Disabled then Apply. STOP the service.

Repeat for Windows Defender.

You might also look for

Simple TCP/IP Services
Net.Msmq Listener Adapter

These are causing errors and are not normally running. So Disable them the same way.

HP Network Devices Support
Apple Mobile Device
They are also causing errors. If you need one of them you need to uninstall the associated program and then reinstall.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Now run Process Explorer as before and let's see if things have improved any.
  • 0

#12
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2013 1:20:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 8:19:47 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 8:17:42 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 8:20:06 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.16.61 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 10/04/2013 8:17:24 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 8:16:35 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2013 7:49:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2013 1:21:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2013 8:10:31 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: HPProductAssistant -- Error 1706. An installation package for the product HPProductAssistant cannot be found. Try the installation again using a valid copy of the installation package 'HPProductAssistant.msi'.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2013 8:16:18 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-382808121-4162746689-1787036098-1000:
Process 6044 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
im having a hard time uninstalling HP . its my printer software. Ill keep trying and repost the same?

i ran these anyway:

Log: 'Application' Date/Time: 10/04/2013 8:09:59 PM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{C43326F5-F135-4551-8270-7F7ABA0462E1}', feature 'RedboxMM' failed during request for component '{8F4D65F4-EE60-4594-AB60-8A45F6DDE85A}'

Log: 'Application' Date/Time: 10/04/2013 8:09:59 PM
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{C43326F5-F135-4551-8270-7F7ABA0462E1}', feature 'RedboxMM', component '{441D92DE-69F0-4CA8-A87F-9F69D0EBDE57}' failed. The resource 'C:\ProgramData\HP Product Assistant\HPProductAssistant.ini' does not exist.
  • 0

#13
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i got hp off except the one i use and one is stuck but i think it is an empty file?
here are new runs:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/04/2013 6:08:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2013 11:10:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/04/2013 8:35:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/04/2013 12:52:55 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 12/04/2013 12:50:54 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 10/04/2013 11:27:01 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 11:24:59 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 10/04/2013 11:13:05 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 11:11:03 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 10/04/2013 11:10:36 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 3:11:58 PM on ?4/?10/?2013 was unexpected.

Log: 'System' Date/Time: 10/04/2013 10:09:19 PM
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 10/04/2013 8:37:52 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 8:35:50 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 10/04/2013 8:19:47 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/04/2013 8:17:42 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/04/2013 12:53:11 AM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.45.121 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 12/04/2013 12:50:36 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 12/04/2013 12:49:46 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 12/04/2013 12:47:56 AM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user karenwhatever1\karen whatever1 to restart/shutdown computer KARENWHATEVER1 failed

Log: 'System' Date/Time: 11/04/2013 10:12:33 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pnrpv2.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/04/2013 8:23:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name post.craigslist.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/04/2013 11:27:33 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.240.171 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 10/04/2013 11:24:31 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 11:16:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2013 11:13:29 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.43.22 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 10/04/2013 11:10:41 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 8:38:19 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.104.237 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 10/04/2013 8:35:30 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 8:25:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2013 8:20:06 PM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.16.61 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 10/04/2013 8:17:24 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 10/04/2013 8:16:35 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/04/2013 7:49:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/04/2013 6:09:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/04/2013 12:56:29 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\program files (x86)\real\realplayer\realplay.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/04/2013 12:56:29 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\program files (x86)\real\realplayer\realplay.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 11/04/2013 12:54:47 PM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 11/04/2013 12:54:29 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 11/04/2013 12:50:39 AM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 11/04/2013 12:49:38 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 10/04/2013 9:55:39 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 5397

Log: 'Application' Date/Time: 10/04/2013 9:55:39 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 5397

Log: 'Application' Date/Time: 10/04/2013 9:55:39 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 10/04/2013 9:55:38 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 3837

Log: 'Application' Date/Time: 10/04/2013 9:55:38 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 3837

Log: 'Application' Date/Time: 10/04/2013 9:55:38 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 10/04/2013 9:55:35 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1575

Log: 'Application' Date/Time: 10/04/2013 9:55:35 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1575

Log: 'Application' Date/Time: 10/04/2013 9:55:35 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 10/04/2013 8:10:31 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: HPProductAssistant -- Error 1706. An installation package for the product HPProductAssistant cannot be found. Try the installation again using a valid copy of the installation package 'HPProductAssistant.msi'.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/04/2013 12:49:24 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-382808121-4162746689-1787036098-1000:
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 10/04/2013 8:16:18 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-382808121-4162746689-1787036098-1000:
Process 6044 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Log: 'Application' Date/Time: 10/04/2013 8:09:59 PM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{C43326F5-F135-4551-8270-7F7ABA0462E1}', feature 'RedboxMM' failed during request for component '{8F4D65F4-EE60-4594-AB60-8A45F6DDE85A}'

Log: 'Application' Date/Time: 10/04/2013 8:09:59 PM
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{C43326F5-F135-4551-8270-7F7ABA0462E1}', feature 'RedboxMM', component '{441D92DE-69F0-4CA8-A87F-9F69D0EBDE57}' failed. The resource 'C:\ProgramData\HP Product Assistant\HPProductAssistant.ini' does not exist.

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 51.79 0 K 24 K 0
procexp64.exe 27.47 29,532 K 53,564 K 724 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
TeaTimer.exe 7.83 71,428 K 74,440 K 3760 System settings protector Safer-Networking Ltd. (No signature was present in the subject) Safer-Networking Ltd.
dwm.exe 4.70 44,064 K 28,460 K 3968 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 3.29 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 1.76 3,244 K 18,540 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.97 42,832 K 70,392 K 3988 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.89 108 K 304 K 4
MsMpEng.exe 0.45 68,992 K 67,900 K 888 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.21 9,452 K 18,236 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.15 11,924 K 15,608 K 2364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.13 13,044 K 22,964 K 660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 0.06 2,152 K 6,204 K 1484 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
chrome.exe 0.05 77,660 K 84,628 K 2400 Google Chrome Google Inc. (Verified) Google Inc
SearchIndexer.exe 0.04 51,460 K 49,188 K 4668 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 15,164 K 17,720 K 1084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.03 12,656 K 13,996 K 3840 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 34,384 K 55,596 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.02 1,848 K 4,688 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 20,636 K 25,260 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 0.01 34,344 K 24,024 K 2992 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.01 4,392 K 4,972 K 2416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IntuitUpdateService.exe 0.01 20,796 K 9,868 K 2584 Intuit Update Service Intuit Inc. (Verified) Intuit
svchost.exe 0.01 86,848 K 100,052 K 432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 47,044 K 36,440 K 4676 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.01 4,404 K 8,512 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,344 K 4,232 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,452 K 6,588 K 3496 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiApSrv.exe 1,428 K 4,860 K 5012 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,464 K 6,840 K 584 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,308 K 4,212 K 528 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vds.exe 1,372 K 5,012 K 2704 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,416 K 4,972 K 2588 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 2,156 K 6,748 K 1784 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,796 K 18,092 K 1472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,352 K 8,840 K 1372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,336 K 9,908 K 2752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,768 K 9,036 K 772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,320 K 5,472 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,252 K 3,884 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,620 K 5,216 K 2608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,260 K 4,240 K 2632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,288 K 4,320 K 1872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 940 K 2,948 K 2904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,104 K 3,256 K 2168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,100 K 5,480 K 736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 7,064 K 13,776 K 1672 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
snmptrap.exe 1,332 K 4,112 K 4864 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
smss.exe 372 K 1,036 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,172 K 12,984 K 628 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SDWinSec.exe 4,200 K 8,688 K 2896 Spybot-S&D Security Center integration Safer Networking Ltd. (Verified) Safer Networking Ltd.
rndlresolversvc.exe 1,028 K 3,840 K 1868 (Verified) RealNetworks
realsched.exe 1,848 K 668 K 3520 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
procexp.exe 2,284 K 7,444 K 1752 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PLFSetI.exe 1,728 K 6,608 K 3408 DefaultSettingEXE MFC Application (No signature was present in the subject)
perfhost.exe 644 K 2,432 K 2456 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
OSE.EXE 1,012 K 2,884 K 3720 Office Source Engine Microsoft Corporation (Verified) Microsoft Corporation
ODDPWRSvc.exe 1,804 K 6,124 K 2296 ODDPwr service Acer Incorporated (Verified) Acer Incorporated
ODDPWR.exe 1,752 K 5,696 K 2528 ODDPWR Acer Incorporated (Verified) Acer Incorporated
NisSrv.exe 8,544 K 5,928 K 3376 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msdtc.exe 3,364 K 7,472 K 2212 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1,776 K 5,132 K 1208 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,136 K 3,984 K 644 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,712 K 12,628 K 636 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 588 K 1,884 K 2504 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 1,004 K 4,236 K 4104 Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
igfxtray.exe 1,792 K 5,712 K 1920 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,772 K 5,684 K 2492 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,612 K 5,640 K 3352 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IDriverT.exe 2,728 K 8,764 K 2100 IDriverT Module Macrovision Corporation (No signature was present in the subject) Macrovision Corporation
IAANTmon.exe 1,940 K 5,992 K 2076 RAID Monitor Intel Corporation (Verified) Intel Corporation
hkcmd.exe 1,724 K 5,668 K 3636 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 2,048 K 6,716 K 4616 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 7,332 K 11,140 K 4332 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,252 K 4,596 K 3492 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
ClearStick64.exe 1,068 K 3,832 K 4132 (No signature was present in the subject)
chrome.exe 37,816 K 48,648 K 912 Google Chrome Google Inc. (Verified) Google Inc
BingDesktopUpdater.exe 1,156 K 3,928 K 472 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
audiodg.exe 16,820 K 16,924 K 1120 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
aspnet_state.exe 1,992 K 5,288 K 1512 Microsoft ASP.NET State Server Microsoft Corporation (Verified) Microsoft Corporation
armsvc.exe 1,120 K 3,800 K 2028 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
alg.exe 1,280 K 4,560 K 1324 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I think we need to uninstall Spybot S&D. It's using too much CPU time.

Also I am still seeing HP Network Devices Support service errors. Were you not able to disable the service?

Right click on Computer and select Manage (Continue or OK) and then Services and Applications then Services. Find HP Network Devices Support Service and right click on it and select Properties. Change the Startup type to Disabled then Apply. STOP the service.

Also

Right click on Computer and select Manage (Continue or OK) and then Device Manager then click on the arrow in front of DVD/CDROM. It will open up. Right click on each item under it and Uninstall but do not reboot yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Now reboot.

Rerun Process Explorer and VEW as before and post their logs. Also please post your last Combofix log.
  • 0

#15
karenM5757

karenM5757

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/04/2013 9:32:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/04/2013 3:25:02 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/04/2013 3:27:54 AM
Type: Warning Category: 0
Event: 20169 Source: RemoteAccess
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.123.247 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

Log: 'System' Date/Time: 12/04/2013 3:24:43 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 12/04/2013 3:23:57 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/04/2013 9:33:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I cannot find MSE for the life of me! to turn it off and run combo fix! it makibng me nuts. it used to be on my task bar and its gone now?
any thoughts?

here are posts:


'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/04/2013 3:23:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-382808121-4162746689-1787036098-1000:
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 660 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-382808121-4162746689-1787036098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 38.19 0 K 24 K 0
procexp64.exe 44.10 28,980 K 52,076 K 1028 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
explorer.exe 0.39 54,448 K 86,812 K 3112 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 8.71 50,432 K 40,076 K 1248 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 4.12 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 2.32 2,248 K 17,660 K 536 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 1.02 108 K 304 K 4
MsMpEng.exe 0.55 69,520 K 80,092 K 892 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 82,872 K 95,580 K 432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.02 52,648 K 44,560 K 4720 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 12,272 K 21,952 K 688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.04 5,984 K 8,964 K 3828 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 10,124 K 18,856 K 1208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.12 39,152 K 59,016 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 85,792 K 82,944 K 3408 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.02 15,932 K 19,220 K 1084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 0.02 34,660 K 24,296 K 3024 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
snmptrap.exe 0.01 1,308 K 4,084 K 232 SNMP Trap Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 4,444 K 5,852 K 2360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 73,264 K 65,744 K 2272 Google Chrome Google Inc. (Verified) Google Inc
WmiPrvSE.exe 2,640 K 6,452 K 4180 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiApSrv.exe 1,408 K 4,912 K 1324 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,452 K 6,848 K 592 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,284 K 4,188 K 528 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
vds.exe 1,368 K 5,024 K 2660 Virtual Disk Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,436 K 5,144 K 4048 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 2,148 K 6,720 K 3868 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.02 8,648 K 11,028 K 2952 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.04 11,980 K 16,264 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,912 K 8,920 K 844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,156 K 19,440 K 1480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 19,112 K 23,580 K 380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,376 K 8,896 K 1948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,956 K 9,540 K 780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,444 K 9,940 K 2732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,096 K 3,252 K 2120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,360 K 5,520 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,344 K 4,236 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,244 K 5,628 K 5012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 740 K 2,412 K 2912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,244 K 3,992 K 2516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,628 K 5,236 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,240 K 4,224 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,280 K 4,292 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,764 K 15,460 K 1572 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 376 K 1,040 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,552 K 11,308 K 612 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rndlresolversvc.exe 1,036 K 3,836 K 2456 (Verified) RealNetworks
realsched.exe 1,812 K 676 K 4468 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
procexp.exe 2,296 K 7,460 K 4648 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PLFSetI.exe 1,732 K 6,624 K 3672 DefaultSettingEXE MFC Application (No signature was present in the subject)
perfhost.exe 640 K 2,416 K 2400 x86 Performance Counter Host Microsoft Corporation (Verified) Microsoft Windows
ODDPWRSvc.exe 1,780 K 6,112 K 2240 ODDPwr service Acer Incorporated (Verified) Acer Incorporated
ODDPWR.exe 1,748 K 5,780 K 2680 ODDPWR Acer Incorporated (Verified) Acer Incorporated
NisSrv.exe 8,380 K 5,652 K 3984 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msdtc.exe 3,368 K 7,472 K 2172 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 0.20 1,788 K 5,144 K 1376 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,280 K 4,076 K 644 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,820 K 12,648 K 636 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 584 K 1,884 K 2484 Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 1,008 K 4,280 K 4288 Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
IntuitUpdateService.exe 20,440 K 2,484 K 2872 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxtray.exe 1,800 K 5,828 K 2668 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,720 K 5,724 K 1680 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,596 K 5,740 K 3680 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IDriverT.exe 2,728 K 8,736 K 1936 IDriverT Module Macrovision Corporation (No signature was present in the subject) Macrovision Corporation
IAANTmon.exe 1,960 K 6,028 K 4080 RAID Monitor Intel Corporation (Verified) Intel Corporation
hkcmd.exe 1,720 K 5,740 K 3628 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 2,044 K 6,804 K 3860 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 7,348 K 11,180 K 4312 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,268 K 4,684 K 3460 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,888 K 4,620 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
ClearStick64.exe 1,064 K 3,820 K 4336 (No signature was present in the subject)
chrome.exe 38,064 K 49,796 K 1924 Google Chrome Google Inc. (Verified) Google Inc
BingDesktopUpdater.exe 1,160 K 3,928 K 1120 Bing Desktop updating service Microsoft Corp. (Verified) Microsoft Corporation
audiodg.exe 16,272 K 16,508 K 2852 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
aspnet_state.exe 1,984 K 5,280 K 2012 Microsoft ASP.NET State Server Microsoft Corporation (Verified) Microsoft Corporation
armsvc.exe 1,128 K 3,804 K 1852 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
alg.exe 1,256 K 4,540 K 1916 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP