Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd things happening on my system.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Weaver1

Weaver1

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 May 2013 - 10:00 AM

Hello all,

 

I am new this is my first post so bear with me.

 

I built a system recently, to upgrade to a 64bit system to see if I could get a decent speed out of a basic build. I am not a hacker or coder however I have some advanced knowledge of systems and system modification. I mention this only to inform advance users that I understand at minimum the basics.

 

That being said, I have had some odd issues and odd malfunctions or what maybe malfunctions happen with my new system. A while back I got what seemed like a basic virus that was caught with avast. I deleted it and moved on with out much issue however my net connection grew to be sluggish and crash heavy. So I started looking at system files and functions. I noticed some odd characteristic, pushing me to start exporing tools like rkill, combofix etc. I indeed found a rootkit. I deleted it , well so I thought with TDSSkiller. I was using a win7 32bit home edition. I decided to wipe my drives and upgrade to 64bit 7n ultimate. come to find out some of the odd little things happening are still happening. I may be paranoid now but I was hoping to toss up some logs from gmer rkill etc to have the big brains here look at what may be going on.

 

Couple of odd things:

 

1. I have an ssd for the operating system, I used dban nuke and boot to clean drive, yet it seems to still pass on settings from old system.

2. rkill is finding local host files that were on infected system in the new system.

3. possible I have duplicate file system , I am not a expert with 64bit systems it may just be how Microsoft built 64 bit on top of x86 platform...

4. Gmer shows some of the same files that I had on infected system, or I should say if my memory serves me well I see the same stuff.

5. My net connection gets slow and crash heavy over a short period of time.

 

System info on my box:

win7 n ult 64bit,

security stuff I run ..jetclean to keep junk down, ccleaner, and nclean, ...heavy use of internet. I am running avast as anti virus..superantispyware to clean infections, as well as bleeping computer tools.

I am on a cable isp with router and wifi enabled with hard connection to box in question.

 

 

Anyway I have tons more info but it seems all very convoluted so did not want to confuse you experts if I have not already.

 

I am going to post a couple logs, please let me know if I need to post any specific logs, starting with rkill:

 

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/24/2013 07:17:05 AM in x64 mode.
Windows Version: Windows 7 Ultimate N Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * WMPNetworkSvc [Missing Service]
 * WPDBusEnum [Missing Service]

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 05/24/2013 07:17:09 AM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

 

 

Combofix:

 

ComboFix 13-05-23.02 - 05/23/2013  14:42:29.2.4 - x64
Microsoft Windows 7 Ultimate N   6.1.7601.1.1252.1.1033.18.16320.14808 [GMT -7:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-23 to 2013-05-23  )))))))))))))))))))))))))))))))
.
.
2013-05-23 21:44 . 2013-05-23 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 20:57 . 2013-05-23 20:57 -------- d-----w- c:\windows\SysWow64\Wat
2013-05-23 20:57 . 2013-05-23 20:57 -------- d-----w- c:\windows\system32\Wat
2013-05-23 20:13 . 2013-03-17 16:21 3649536 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-05-23 20:13 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-05-23 20:13 . 2011-12-21 17:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-05-23 20:13 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-05-23 20:13 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-05-23 20:13 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-05-23 20:13 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2013-05-23 20:13 . 2013-04-04 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-05-23 20:13 . 2013-05-23 20:13 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-05-23 19:10 . 2013-05-23 19:10 -------- d-----w- c:\program files (x86)\BlueSprig
2013-05-23 18:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-23 18:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-23 18:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-05-23 18:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-23 18:51 . 2013-05-23 18:51 -------- d-----w- c:\users\UpdatusUser
2013-05-23 18:45 . 2013-05-03 23:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-23 18:45 . 2013-05-14 08:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDDAE4E2-8900-46BD-B6AE-6D18CE06F4D5}\mpengine.dll
2013-05-23 18:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-23 18:40 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-05-23 18:39 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-23 18:37 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-05-23 18:37 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-05-23 18:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-05-23 18:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-05-23 18:37 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-05-23 18:37 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-05-23 18:37 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-05-23 18:35 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-05-23 18:35 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-05-23 18:35 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-05-23 18:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-05-23 18:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-05-23 18:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-05-23 18:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-05-23 18:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-05-23 18:34 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-23 18:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-05-23 18:34 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-05-23 18:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-05-23 18:28 . 2013-05-23 17:34 -------- d-----w- c:\windows\Panther
2013-05-23 18:14 . 2013-05-23 18:16 -------- d-----w- c:\program files (x86)\Google
2013-05-23 18:14 . 2013-05-23 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-23 18:14 . 2013-05-23 18:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-23 18:10 . 2013-05-23 21:45 -------- d-----w- c:\programdata\NVIDIA
2013-05-23 18:10 . 2013-01-18 15:00 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-23 18:10 . 2013-01-18 15:00 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-23 18:10 . 2013-01-18 15:00 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-23 18:10 . 2013-01-18 15:00 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-23 18:10 . 2013-01-18 15:00 2953448 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-23 18:10 . 2013-01-18 15:00 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-23 18:10 . 2013-01-18 15:00 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-23 18:09 . 2012-10-02 22:21 60776 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-23 18:09 . 2012-10-02 22:21 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-05-23 18:09 . 2013-05-23 18:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-05-23 18:09 . 2013-05-23 18:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-05-23 18:09 . 2013-02-26 07:32 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-05-23 18:09 . 2013-02-26 07:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-05-23 18:09 . 2013-02-26 07:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-23 18:09 . 2013-02-26 07:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-05-23 18:09 . 2013-02-26 07:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-23 18:07 . 2013-05-23 18:51 -------- d-----w- c:\program files\NVIDIA Corporation
2013-05-23 18:00 . 2013-05-23 18:00 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-23 18:00 . 2013-05-23 18:00 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-05-23 17:59 . 2013-05-23 18:00 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-05-23 17:57 . 2012-05-21 08:25 19264 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2013-05-23 17:57 . 2012-05-21 08:25 789824 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2013-05-23 17:57 . 2012-05-21 08:25 357184 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2013-05-23 17:56 . 2012-06-13 06:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-05-23 17:56 . 2012-06-13 06:00 726160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-05-23 17:56 . 2012-06-13 06:00 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-05-23 17:56 . 2013-05-23 17:56 -------- d-----w- c:\program files (x86)\Realtek
2013-05-23 17:56 . 2013-05-23 17:56 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-05-23 17:53 . 2013-05-23 18:12 -------- d-sh--w- c:\windows\Installer
2013-05-23 17:53 . 2013-05-23 17:53 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-05-23 17:51 . 2013-05-23 17:57 -------- d-----w- c:\program files (x86)\Intel
2013-05-23 17:51 . 2011-12-07 15:55 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2013-05-23 17:51 . 2013-05-23 17:51 -------- d-----w- C:\Intel
2013-05-23 17:49 . 2013-05-23 17:49 -------- d-----w- c:\windows\Chipset
2013-05-23 17:49 . 2013-05-23 17:49 16896 ----a-w- c:\windows\AsTaskSched.dll
2013-05-23 17:49 . 2011-02-25 06:25 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-05-23 17:34 . 2013-05-23 17:34 -------- d-----w- c:\users\gandg
2013-05-23 17:34 . 2013-05-23 17:34 -------- d-----w- C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 09:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-23 18:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-23 18:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-23 18:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-23 18:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-23 18:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-23 18:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-26 07:32 . 2013-02-26 07:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-26 07:32 . 2013-02-26 07:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-26 07:32 . 2013-02-26 07:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-26 07:32 . 2013-02-26 07:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-26 07:32 . 2013-02-26 07:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-26 07:32 . 2013-02-26 07:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-26 07:32 . 2013-02-26 07:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-26 07:32 . 2013-02-26 07:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-26 07:32 . 2013-02-26 07:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-26 07:32 . 2013-02-26 07:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-26 07:32 . 2013-02-26 07:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-26 07:32 . 2013-02-26 07:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-26 07:32 . 2013-02-26 07:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-26 07:32 . 2013-02-26 07:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-26 07:32 . 2013-02-26 07:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-26 07:32 . 2013-02-26 07:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-26 07:32 . 2013-02-26 07:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-26 07:32 . 2013-02-26 07:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-26 07:32 . 2013-02-26 07:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-26 07:32 . 2013-02-26 07:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-18 839488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-23 1255736]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-23 254528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-12 27760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-13 726160]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-12 2182768]
.
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-23  14:46:23 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-23 21:46
ComboFix2.txt  2013-05-23 20:06
.
Pre-Run: 44,001,247,232 bytes free
Post-Run: 43,926,659,072 bytes free
.
- - End Of File - - 7D0CB44F07A97BDD5016F0C50CD121DB

 

gmer:
 

 

GMER 2.1.19163 - http://www.gmer.net
3rd party scan 2013-05-24 07:52:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.25 55.90GB
Running: y2jez52r.exe; Driver: C:\Users\gandg\AppData\Local\Temp\fgloqpob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                fffff80002fae000 54 bytes [8D, 0D, 1A, 2A, 14, 00, 4C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 615                                                                fffff80002fae037 15 bytes [BA, D8, 1E, 00, 00, 00, F9, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[3564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     00000000757aa30a 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[4232] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                       000000007732eecd 1 byte [62]
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                 00000000775efaa0 5 bytes JMP 0000000100030600
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                     00000000775efb38 5 bytes JMP 0000000100030804
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      00000000775efc90 5 bytes JMP 0000000100030c0c
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  00000000775f0018 5 bytes JMP 0000000100030a08
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      00000000775f1900 5 bytes JMP 0000000100030e10
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                              000000007760c45a 5 bytes JMP 00000001000301f8
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                            0000000077611217 5 bytes JMP 00000001000303fc
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                 00000000757aa30a 1 byte [62]
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                              0000000077105181 5 bytes JMP 0000000100241014
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                  0000000077105254 5 bytes JMP 0000000100240804
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                  00000000771053d5 5 bytes JMP 0000000100240a08
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                 00000000771054c2 5 bytes JMP 0000000100240c0c
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                 00000000771055e2 5 bytes JMP 0000000100240e10
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                        000000007710567c 5 bytes JMP 00000001002401f8
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                        000000007710589f 5 bytes JMP 00000001002403fc
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\SysWOW64\sechost.dll!DeleteService                                         0000000077105a22 5 bytes JMP 0000000100240600
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                        0000000075a7ee09 5 bytes JMP 00000001002501f8
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                         0000000075a83982 5 bytes JMP 00000001002503fc
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                      0000000075a87603 5 bytes JMP 0000000100250804
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                      0000000075a8835c 5 bytes JMP 0000000100250600
.text     C:\Users\gandg\Downloads\y2jez52r.exe[4940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                    0000000075a9f52b 5 bytes JMP 0000000100250a08

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [912:936]                                                                                         000007fefc19dc50
Thread    C:\Windows\System32\svchost.exe [912:940]                                                                                         000007fefc1b28b0
Thread    C:\Windows\System32\svchost.exe [912:472]                                                                                         000007fefc04f2f4
Thread    C:\Windows\System32\svchost.exe [912:352]                                                                                         000007fefc126204
Thread    C:\Windows\System32\svchost.exe [912:1060]                                                                                        000007fefbb52070
Thread    C:\Windows\System32\svchost.exe [912:1072]                                                                                        000007fefba55428
Thread    C:\Windows\System32\svchost.exe [912:588]                                                                                         000007fef9cb6b8c
Thread    C:\Windows\System32\svchost.exe [912:1344]                                                                                        000007fef9cb1d88
Thread    C:\Windows\System32\svchost.exe [912:3552]                                                                                        000007fefc19d604
Thread    C:\Windows\System32\svchost.exe [912:2044]                                                                                        000007fefc19d604
Thread    C:\Windows\System32\svchost.exe [912:4928]                                                                                        000007fefc19d604
Thread    C:\Windows\System32\svchost.exe [912:2056]                                                                                        000007fefba53118
Thread    C:\Windows\System32\svchost.exe [944:1000]                                                                                        000007fefc04f2f4
Thread    C:\Windows\System32\svchost.exe [944:160]                                                                                         000007fefc126204
Thread    C:\Windows\System32\svchost.exe [944:1040]                                                                                        000007fefbb6331c
Thread    C:\Windows\System32\svchost.exe [944:2896]                                                                                        000007feface44e0
Thread    C:\Windows\system32\svchost.exe [988:1820]                                                                                        000007fefa390ea8
Thread    C:\Windows\system32\svchost.exe [988:1824]                                                                                        000007fefa389db0
Thread    C:\Windows\system32\svchost.exe [988:1860]                                                                                        000007fefa391c94
Thread    C:\Windows\system32\svchost.exe [988:1904]                                                                                        000007fefa38aa10
Thread    C:\Windows\system32\svchost.exe [988:2184]                                                                                        000007fef5426848
Thread    C:\Windows\system32\svchost.exe [1020:1196]                                                                                       000007fefb811e00
Thread    C:\Windows\system32\svchost.exe [1020:1200]                                                                                       000007fefb6d1a50
Thread    C:\Windows\system32\svchost.exe [1020:1520]                                                                                       000007fefa6784d8
Thread    C:\Windows\system32\svchost.exe [1020:1620]                                                                                       000007fefcc71a70
Thread    C:\Windows\system32\svchost.exe [1020:1632]                                                                                       000007fefa6323a8
Thread    C:\Windows\system32\svchost.exe [1020:1648]                                                                                       000007fefa980d00
Thread    C:\Windows\system32\svchost.exe [1020:1660]                                                                                       000007fefa009498
Thread    C:\Windows\system32\svchost.exe [1020:2688]                                                                                       000007fef9e0506c
Thread    C:\Windows\system32\svchost.exe [1020:2072]                                                                                       000007fef9cd1c20
Thread    C:\Windows\system32\svchost.exe [1020:2876]                                                                                       000007fef9cd1c20
Thread    C:\Windows\system32\svchost.exe [1020:2696]                                                                                       000007fefaed5124
Thread    C:\Windows\system32\svchost.exe [1020:3972]                                                                                       000007fef6c44164
Thread    C:\Windows\system32\svchost.exe [1020:2472]                                                                                       000007fef6bb1ab0
Thread    C:\Windows\system32\svchost.exe [1064:1392]                                                                                       000007fefb20bd88
Thread    C:\Windows\system32\svchost.exe [1064:1420]                                                                                       000007fefac583d8
Thread    C:\Windows\system32\svchost.exe [1064:1424]                                                                                       000007fefac583d8
Thread    C:\Windows\system32\svchost.exe [1064:1428]                                                                                       000007fefac583d8
Thread    C:\Windows\system32\svchost.exe [1064:1432]                                                                                       000007fefac583d8
Thread    C:\Windows\system32\svchost.exe [1064:1596]                                                                                       000007fefa343f1c
Thread    C:\Windows\system32\svchost.exe [1064:1608]                                                                                       000007fefa431a38
Thread    C:\Windows\system32\svchost.exe [1064:1612]                                                                                       000007fefa425388
Thread    C:\Windows\system32\svchost.exe [1064:1616]                                                                                       000007fefa167738
Thread    C:\Windows\system32\svchost.exe [1064:1628]                                                                                       000007fefa131f90
Thread    C:\Windows\system32\svchost.exe [1064:3176]                                                                                       000007fefaed5124
Thread    C:\Windows\system32\svchost.exe [1064:4872]                                                                                       000007fef6c1341c
Thread    C:\Windows\system32\svchost.exe [1064:2140]                                                                                       000007fef6c13a2c
Thread    C:\Windows\system32\svchost.exe [1064:1384]                                                                                       000007fef6c13768
Thread    C:\Windows\system32\svchost.exe [1064:4072]                                                                                       000007fef6c15c20
Thread    C:\Windows\system32\svchost.exe [1064:2792]                                                                                       000007fef6c13900
Thread    C:\Windows\system32\svchost.exe [1064:1672]                                                                                       000007fef8fd5170
Thread    C:\Windows\System32\spoolsv.exe [1224:1640]                                                                                       000007fef7c110c8
Thread    C:\Windows\System32\spoolsv.exe [1224:1768]                                                                                       000007fef7bd6144
Thread    C:\Windows\System32\spoolsv.exe [1224:1712]                                                                                       000007fef79c5fd0
Thread    C:\Windows\System32\spoolsv.exe [1224:740]                                                                                        000007fef79a3438
Thread    C:\Windows\System32\spoolsv.exe [1224:1968]                                                                                       000007fef79c63ec
Thread    C:\Windows\System32\spoolsv.exe [1224:2028]                                                                                       000007fef7ea5e5c
Thread    C:\Windows\System32\spoolsv.exe [1224:1052]                                                                                       000007fef8035074
Thread    C:\Windows\system32\svchost.exe [1252:1276]                                                                                       000007fefcc71a70
Thread    C:\Windows\system32\svchost.exe [1252:1280]                                                                                       000007fefcc71a70
Thread    C:\Windows\system32\svchost.exe [1252:1292]                                                                                       000007fefcc71a70
Thread    C:\Windows\system32\svchost.exe [1252:1300]                                                                                       000007fefb352c70
Thread    C:\Windows\system32\svchost.exe [1252:1320]                                                                                       000007fefb35fb40
Thread    C:\Windows\system32\svchost.exe [1252:1336]                                                                                       000007fefb371d20
Thread    C:\Windows\system32\svchost.exe [1252:1340]                                                                                       000007fefb35f6f0
Thread    C:\Windows\System32\svchost.exe [1476:2656]                                                                                       000007fef6059688
Thread    C:\Windows\system32\svchost.exe [3136:3164]                                                                                       000007fef16a8470
Thread    C:\Windows\system32\svchost.exe [3136:3168]                                                                                       000007fef16b2418

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\528259f7-7bae-4f30-8321-8afa6e155c4c@FriendlyName                       C:\Windows\system32\NVSVCR.DLL (NVIDIA Driver Helper Service, Version 311.06/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SYSTEM\CurrentControlSet\services\!SASCORE@ImagePath                                                                         C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Core Service/SUPERAntiSpyware.com SIGNED)(2013-05-07 22:37:15)
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                        C:\Windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista/AVAST Software SIGNED)(2013-05-23 23:53:41)
Reg       HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                           C:\Windows\System32\Drivers\aswrdr2.sys (avast! WFP Redirect Driver/AVAST Software SIGNED)(2013-05-23 23:53:41)
Reg       HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                 C:\Program Files\AVAST Software\Avast\AvastSvc.exe (avast! Service/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SYSTEM\CurrentControlSet\services\dtsoftbus01@ImagePath                                                                      C:\Windows\system32\DRIVERS\dtsoftbus01.sys (DAEMON Tools Virtual Bus Driver/DT Soft Ltd SIGNED)(2013-05-23 18:00:09)
Reg       HKLM\SYSTEM\CurrentControlSet\services\nvsvc@ImagePath                                                                            C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 311.06/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SYSTEM\CurrentControlSet\services\nvUpdatusService@ImagePath                                                                 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation SIGNED)(2013-05-23 18:51:57)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SASDIFSV@ImagePath                                                                         C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SASDIFSV64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-22 16:26:56)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SASKUTIL@ImagePath                                                                         C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SASKUTIL64.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com SIGNED)(2011-07-12 21:55:18)
Reg       HKLM\SYSTEM\CurrentControlSet\services\Stereo Service@ImagePath                                                                   C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation SIGNED)(2013-01-18 15:14:20)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe@                                                             C:\Program Files\AVAST Software\Avast\AvastUI.exe (avast! Antivirus/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe@                                                            C:\Program Files\CCleaner\CCleaner64.exe (CCleaner/Piriform Ltd SIGNED)(2013-04-23 15:25:22)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe@                                                            D:\ComboFix.exe (ComboFix NSIS Installer/Swearware)(2013-05-23 18:04:32)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mpc-hc.exe@                                                              C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)(2013-05-23 20:13:10)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\nCleaner.exe@                                                            C:\Program Files (x86)\NKProds\nCleaner\nCleaner.exe (nCleaner second/NKProds)(2007-07-05 16:13:08)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayBluRayOnArrival@DefaultIcon              C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)(2013-05-23 20:13:10)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@UninstallString                                                 C:\Program Files\CCleaner\uninst.exe (CCleaner Installer/Piriform Ltd SIGNED)(2013-04-23 15:26:34)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@DisplayIcon                                                     C:\Program Files\CCleaner\CCleaner64.exe (CCleaner/Piriform Ltd SIGNED)(2013-04-23 15:25:22)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision@DisplayIcon      C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe (Stereoscpic 3D Registry Tool/NVIDIA Corporation SIGNED)(2013-01-18 15:15:36)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel@DisplayIcon  C:\Program Files\NVIDIA Corporation\Installer2\installer.{0DA672BC-B9A9-4E35-B679-FA4B90643A61}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2013-05-23 18:51:28)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver@DisplayIcon        C:\Program Files\NVIDIA Corporation\Installer2\installer.{974AF5C7-5536-4C7A-B076-E3AE024B7071}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2013-05-23 18:51:15)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver@DisplayIcon        C:\Program Files\NVIDIA Corporation\Installer2\installer.{A4D00B13-E1E3-45E5-9963-F9F4B084B1DC}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2013-05-23 18:42:58)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update@DisplayIcon         C:\Program Files\NVIDIA Corporation\Installer2\installer.{974AF5C7-5536-4C7A-B076-E3AE024B7071}\NVI2.dll (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2013-05-23 18:51:15)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}@DisplayIcon                       C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware.com SIGNED)(2013-05-15 01:08:43)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}@UninstallString                   C:\Program Files\SUPERAntiSpyware\Uninstall.exe (SUPERSetup Uninstaller/SUPERAdBlocker.com SIGNED)(2013-05-07 22:37:51)
Reg       HKLM\SOFTWARE\Classes\*\shell\Shred with nCleaner\command@                                                                        C:\Program Files (x86)\NKProds\nCleaner\nCleaner.exe (nCleaner second/NKProds)(2007-07-05 16:13:08)
Reg       HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe\shell\Open\Command@                                                                 C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)(2013-05-23 20:13:10)
Reg       HKLM\SOFTWARE\Classes\avastconfigfile\shell\open\command@                                                                         C:\Program Files\AVAST Software\Avast\aswChLic.exe (aswChLic component/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\cclaunch\shell\open\command@                                                                                C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2013-04-23 15:25:22)
Reg       HKLM\SOFTWARE\Classes\CLSID\{00E80F18-EC5B-4FCF-A417-7348991A8D32}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{01367108-5EE2-4E1C-A8DE-24438065ABC9}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{01504157-8839-4BF6-9B5B-51165A967B2B}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{055A7699-EAFF-47DF-8E55-41F4C0612BF3}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{07333BBD-64AF-4206-899D-2809660C61C7}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{074BFFFD-4E50-42c1-A7EB-40D9D70F2471}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0bbca823-e77d-419e-9a44-5adec2c8eeb0}@InfoTip                                                        C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcpluir.dll (NVIDIA Control Panel Resource Library, 6.9.850.0/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0bbca823-e77d-419e-9a44-5adec2c8eeb0}\Shell\Open\Command@                                            C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe (NVIDIA Control Panel Application, 6.9.850.0/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0EEC1AF6-7664-4D17-88A5-B71EF18A93BC}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0FB41BD0-3107-40A5-8D49-456E585947B2}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{15D83527-0176-46bb-85BD-2C86CA096945}\Shell\Open\Command@                                            C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.exe (VIA HD Audio CPL/VIA)(2013-05-23 17:55:19)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1618348E-35B3-4631-8C04-2AB15AF5007D}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1BC39379-8D90-4F18-8817-795C57163770}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1DC715B2-9126-4671-8086-299A44543E0F}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{26A37DC6-935D-439B-80DD-C1006AE13D71}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{294EC7E3-94B7-4A6C-8636-09B33674D58F}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}\InprocServer32@                                                C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:54)
Reg       HKLM\SOFTWARE\Classes\CLSID\{2DF0ACC2-6D97-491b-9581-70A6001FD25A}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{2FD96798-0D65-4D57-A095-B57679740E37}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{3020E6D8-7D1A-4D3C-8B62-C4D4B8F28434}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{3156EC84-29BD-4EAA-AE0A-817ED606FA99}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\InProcServer32@                                                C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (IE Webrep plugin/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\CLSID\{33C89616-F807-4957-BF34-A1C91D7A1A2E}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{3D1975AF-48C6-4f8e-A182-AC5012248AB5}\InProcServer32@                                                C:\Windows\system32\nvshext.dll (NVIDIA Display Shell Extension/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{3E500C0C-5D15-4610-8095-7CEBD4C43F24}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{40966797-8FFE-46C8-9EF8-7003F33CCF0F}\InprocServer32@                                                C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:54)
Reg       HKLM\SOFTWARE\Classes\CLSID\{4240801E-7B16-4A3F-A89A-E719BE3F9050}\InprocServer32@                                                C:\Program Files (x86)\BlueSprig\JetClean\JetCleanExtMenu_64.dll (JetCleanExtMenu Module/BlueSprig SIGNED)(2013-05-23 19:10:33)
Reg       HKLM\SOFTWARE\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@                                                C:\Program Files\AVAST Software\Avast\ashShA64.dll (avast! Shell Extension/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\CLSID\{49F585C0-CE12-4306-9100-B6A28857B10B}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{4FC7F090-041C-4730-BD24-AF4BA8A2A5E0}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{50125552-EC89-4049-B1B7-5FDBE38C8509}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5135A9C0-F05A-4FBD-8EC6-6B920CD387F6}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{51840041-B26F-4843-B358-22ABB067396C}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5387A36B-6F55-4C66-B085-E18393FCEA87}\InprocHandler32@                                               C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{54CEE07E-E1C8-45DB-B550-417E75C4CA58}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{56CDA654-2AA2-456F-81B1-153FE7B381A2}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{57B83450-FD6E-4A1E-8B53-1320576F8054}\InprocServer32@                                                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin64.dll (NVIDIA 3D Vision 64bit Streaming IE plugin/NVIDIA Corporation)(2013-01-18 15:16:56)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5DF4E7C5-78E3-4CCA-93CD-DF1639E165FB}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{6017A978-93AD-4F2F-9E2D-07CF8C8DEBC4}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command@                                C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2013-04-23 15:25:22)
Reg       HKLM\SOFTWARE\Classes\CLSID\{6539579C-2657-45E5-985F-835E197959C2}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{6A10CEAB-0813-48BA-9769-BD98F03F3EB8}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{6A22E68F-887C-4221-9DF1-EE0B3AC76497}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{6F3F133D-61E3-4153-8AAE-056031E2B597}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7112FB6A-700C-4C25-BB31-5B13CE60CC29}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{73BCA54E-6AEB-4597-8F27-E1284FF12722}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}@LocalizedString                                                C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 11.7 r700/Adobe Systems Incorporated SIGNED)(2013-05-23 18:39:50)
Reg       HKLM\SOFTWARE\Classes\CLSID\{75BDD7A1-1224-41DA-90B4-457ACD874F12}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7945F814-7BFB-4506-A113-2BD66CDC713A}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7BB17C5A-3176-4B40-A3F9-39D4A64D7E83}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{81667C73-F396-44a3-923B-3749C0840A58}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{86193C76-0DCA-4B33-83CA-6D7DCCA48D0B}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{870B678D-913A-4ABC-81FC-9F380BB4B24D}\InprocServer32@                                                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVisionIePlugin64.dll (NVIDIA 3D Vision 64bit IE plugin/NVIDIA Corporation)(2013-01-18 15:16:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{87BDED91-3F10-4383-B8C1-26886F49F141}\LocalServer32@                                                 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{87CDE238-C2D9-4E31-99D7-DCD6A7E15F19}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{88FC94D1-2ABB-42CF-8A07-4BC54F66EDDF}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{89B53798-9A96-4758-9571-93B72CAA5381}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{91363F1E-E7CA-4959-85D6-963719EC79FC}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{9B0C8B3B-8CA5-46cb-B0DD-64542BBA21DC}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{9B5EC720-9A44-4811-8B9F-24BD53F2050D}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{9BC49CE1-EFA7-4C49-8BB2-5355FEA6C170}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{9C7684B5-FC31-4e57-A852-282D907911CC}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A158544D-66FA-4F19-8806-F3CA2E2A4C52}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A4A74456-67F8-4F18-B96B-0F1F05DEF65A}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvmobls.dll (NVIDIA Mobile Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A5415364-784A-41A5-B47A-D452909CA8FF}\InprocServer32@                                                C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:54)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A70C977A-BF00-412C-90B7-034C51DA2439}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvui.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A8679087-E64A-413A-9CBF-F38BE510C46C}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{AAB8F985-EADA-428B-8636-270F58E1F1EF}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{AD374A9E-D7FC-453A-A146-16535FE9ECC1}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@                                                C:\Program Files\AVAST Software\Avast\asOutExt64.dll (AsOutExt Module/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\CLSID\{B53EBC0C-2251-4AE2-9818-FD6AAF843EC2}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{BBB7D605-8639-49D0-849E-32C4A5DBB9C3}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{C4A29158-1A7E-425f-B25E-80FA382AAA14}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvsvs.dll (NVIDIA StereoVision Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{C8F113AE-A2C9-47CB-8DAE-9376C64665AD}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\InprocServer32@                                                C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (SUPERAntiSpyware Context Menu Extension/SUPERAntiSpyware.com SIGNED)(2013-05-07 22:37:18)
Reg       HKLM\SOFTWARE\Classes\CLSID\{CC0648AE-7E85-483C-B1DB-9335C9D6F8C7}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32@                                                C:\Windows\system32\Macromed\Flash\Flash64_11_7_700_202.ocx (Adobe Flash Player 11.7 r700/Adobe Systems, Inc. SIGNED)(2013-05-23 18:39:50)
Reg       HKLM\SOFTWARE\Classes\CLSID\{D385E909-3F89-4ECD-B38F-AC11F9FE6F1C}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{D474EBC0-2851-4389-893D-030D2B6BCED1}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DC09760E-9FDA-454A-B9D2-7E663E58C39D}\InProcServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DCAB0989-1301-4319-BE5F-ADE89F88581C}\LocalServer32@                                                 C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 311.06/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DDEF97F5-723E-47D2-87B1-14C39EFBAE11}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE0549BD-F34D-4748-AD94-0F2F22749F4F}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvgames.dll (NVIDIA 3D Settings Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{EDAC9CAA-4874-48C0-80DB-2D81B63EFE13}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{EEF5290C-7F3D-4640-93F2-F189DC616510}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll (NVIDIA Display Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{EF884939-F1EA-4EFB-B676-D2F802177C5F}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvvitvs.dll (NVIDIA Video Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F7747266-777D-4F61-A175-DD5ADF1E37DF}\InprocServer32@                                                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming64.dll (NVIDIA 3D Vision 64bit plugin/NVIDIA Corporation)(2013-01-18 15:16:56)
Reg       HKLM\SOFTWARE\Classes\CLSID\{FC7AA68D-EAFB-4ce9-A012-9C33E7B02B49}\InprocServer32@                                                C:\Program Files\NVIDIA Corporation\Display\nvwss.dll (NVIDIA Workstation Server/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\CLSID\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@                                                C:\Windows\system32\nvcpl.dll (NVIDIA Display Properties Extension/NVIDIA Corporation SIGNED)(2013-05-23 18:10:05)
Reg       HKLM\SOFTWARE\Classes\DAEMON.Tools.Pro\shell\open\command@                                                                        C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DAEMON Tools Pro Agent/DT Soft Ltd SIGNED)(2011-03-18 11:40:50)
Reg       HKLM\SOFTWARE\Classes\jpsfile\shell\open\command@                                                                                 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2013-01-18 15:15:58)
Reg       HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command@                                                   C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Media Player Classic - Home Cinema/MPC-HC Team)(2013-05-23 20:13:10)
Reg       HKLM\SOFTWARE\Classes\mpofile\shell\open\command@                                                                                 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2013-01-18 15:15:58)
Reg       HKLM\SOFTWARE\Classes\SystemFileAssociations\.264\Shell\MediaInfo@Icon                                                            C:\Program Files (x86)\K-Lite Codec Pack\Tools\MediaInfo.exe(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{007FC171-01AA-4B3A-B2DB-062DEE815A1E}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0180E49C-13BF-46DB-9AFD-9F52292E1C22}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{05741520-C4EB-440A-AC3F-9643BBC9F847}\InprocServer32@                                    C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\OTKLOADR.DLL (Assembly loader/Microsoft Corporation)(2005-03-18 18:47:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{05F983EC-637F-4133-B489-5E03914929D7}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax (LAV Splitter - DirectShow Media Splitter/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1F71651E-65D2-40BF-AC44-275D11927D99}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{204DB1B9-42B1-4B21-A1CE-E1BB11F3F3C2}\InprocServer32@                                    C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\MSB1STAR.DLL (Arabic Stemmer for MS Office 2009, by COLTEC M.E./COLTEC M.E. SIGNED)(2009-03-04 13:38:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{20ED4A03-6AFD-4FD9-980B-2F6143AA0892}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax (LAV Audio Decoder - DirectShow Audio Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{278407C2-558C-4BED-83A0-B6FA454200BD}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVVideo.ax (LAV Video Decoder - DirectShow Video Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}\InprocServer32@                                    C:\Program Files (x86)\DAEMON Tools Pro\DTShl32.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2D4D6F88-8B41-40A2-B297-3D722816648B}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVVideo.ax (LAV Video Decoder - DirectShow Video Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2D8F1801-A70D-48F4-B76B-7F5AE022AB54}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax (LAV Audio Decoder - DirectShow Audio Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{40966797-8FFE-46C8-9EF8-7003F33CCF0F}\InprocServer32@                                    C:\Program Files (x86)\DAEMON Tools Pro\DTShl32.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32@                                    C:\Program Files\AVAST Software\Avast\ashShell.dll (avast! Shell Extension/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4CFB5280-800B-4367-848F-5A13EBF27F1D}\InprocServer32@                                    C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL (Microsoft Office Translation Dictionaries/Microsoft Corporation)(2000-10-10 11:23:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4DB2B5D9-4556-4340-B189-AD20110D953F}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{51A00247-40A8-4845-9F17-7DBFCC9A8783}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\avi.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{53D9DE0B-FC61-4650-9773-74D13CC7E582}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56904B22-091C-4459-A2E6-B1F4F946B55F}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax (LAV Splitter - DirectShow Media Splitter/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5711D95F-0984-4A22-8FF8-90A954958D0C}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{57B83450-FD6E-4A1E-8B53-1320576F8054}\InprocServer32@                                    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin.dll (NVIDIA 3D Vision Streaming IE plugin/NVIDIA Corporation)(2013-01-18 15:16:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open nCleaner\command@                       C:\Program Files (x86)\NKProds\nCleaner\nCleaner.exe (nCleaner second/NKProds)(2007-07-05 16:13:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{64F2005C-6CF5-4652-B94F-600360B15B27}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{650DE05E-5CD3-44F8-BA20-A5BB91FC61E6}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{69CE757B-E8C0-4B0A-9EA0-CEA284096F98}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}@LocalizedString                                    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 11.7 r700/Adobe Systems Incorporated SIGNED)(2013-05-23 18:39:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{760A8F35-97E7-479D-AAF5-DA9EFF95D751}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\dxr.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{777C89DF-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32@                                    C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll (InstallShield ® Script Engine/InstallShield Software Corporation)(2002-10-04 21:48:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{777C8A05-5C36-11D5-ABAF-00B0D02332EB}\InProcServer32@                                    C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\Objps7.dll (InstallShield ® ObjectPS DLL/InstallShield Software Corporation)(2002-10-16 00:26:46)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{777C8A16-5C36-11D5-ABAF-00B0D02332EB}\InprocServer32@                                    C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll (InstallShield ® User DLL/InstallShield Software Corporation)(2002-10-04 21:48:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7B63A013-DC2C-462E-9292-CAF8C867100F}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFC2BD7-0937-41EA-8872-CE3B27E08F84}\InprocServer32@                                    C:\Program Files\AVAST Software\Avast\AhAScr.dll (avast! Script Blocking library for Windows Scripting Interface/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7CA71B1E-A67D-4D54-A200-FA47605483A7}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7E15A6DE-B1F1-4E1F-8448-F5A06E179208}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\DCBass\DCBassSourceMod.ax (BASS based DirectShow™ Audio Decoder/http://www.dsp-worx.de)(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{870B678D-913A-4ABC-81FC-9F380BB4B24D}\InprocServer32@                                    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVisionIePlugin.dll (NVIDIA 3D Vision IE plugin/NVIDIA Corporation)(2013-01-18 15:16:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{87271B4E-1726-4CED-AF0D-BE675621FD29}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{88F5E7B2-09B9-471e-895A-25247585905C}\LocalServer32@                                     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Update COM object/NVIDIA Corporation SIGNED)(2013-05-23 18:51:57)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{895322C5-84A1-450C-8478-C57793CAE86F}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32@                                    C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (IE Webrep plugin/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E8B4A31-408B-4929-86A4-A9FA9F01BA43}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\dxr.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E9922F0-B775-45B8-B650-941BEA790EEB}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99BDE2B6-D79E-11D4-AB87-00B0D02332EB}\LocalServer32@                                     C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe(2002-10-04 21:49:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\InprocServer32@                                    C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\OTKLOADR.DLL (Assembly loader/Microsoft Corporation)(2005-03-18 18:47:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A19DE2F2-2F74-4927-8436-61129D26C141}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax (LAV Splitter - DirectShow Media Splitter/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A36C253D-CEE4-4BCA-9CC2-E03CF6BBB054}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\dxr.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A52D1D8E-BCCA-11D4-AB7D-00B0D02332EB}\LocalServer32@                                     C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe(2002-10-04 21:49:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A5415364-784A-41A5-B47A-D452909CA8FF}\InprocServer32@                                    C:\Program Files (x86)\DAEMON Tools Pro\DTShl32.dll (DAEMON Tools Pro/DT Soft Ltd SIGNED)(2011-03-18 11:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A8B25C0E-0894-4531-B668-AB1599FAF7F6}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9C8F210-55EB-4849-8807-EC49C5389A79}\InprocServer32@                                    C:\Program Files\NVIDIA Corporation\Installer2\installer.{974AF5C7-5536-4C7A-B076-E3AE024B7071}\NVI2.DLL (NVIDIA Install Core/NVIDIA Corporation SIGNED)(2013-05-23 18:51:15)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ABE7B1D9-4B3E-4ACD-A0D1-92611D3A4492}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\DCBass\DCBassSourceMod.ax (BASS based DirectShow™ Audio Decoder/http://www.dsp-worx.de)(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B342E21B-AD7E-4568-AE3F-D0D844537A7A}\InprocServer32@                                    C:\Program Files\AVAST Software\Avast\asOutExt.dll (AsOutExt Module/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mp4.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3E0E785-BD78-4366-9560-B7DABE2723BE}\InprocServer32@                                    C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL (Microsoft Office Translation Dictionaries/Microsoft Corporation)(2000-10-10 04:16:24)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B841F346-4835-4de8-AA5E-2E7CD2D4C435}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\ts.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax (LAV Splitter - DirectShow Media Splitter/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BD4FB4BE-809D-487b-ADD6-F7D164247E52}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BD72668E-6BFF-4CD1-8480-D465708B336B}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax (LAV Audio Decoder - DirectShow Audio Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C204438D-6E1A-4309-B09C-0C0F749863AF}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp7dec.ax (VP7 Decompression Filter/On2.com Inc.)(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}\InProcServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll (Icaros Thumbnail Provider/Tabibito Technology)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C89FC33C-E60A-4C97-BEF4-ACC5762B6404}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax (LAV Audio Decoder - DirectShow Audio Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32@                                    C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_7_700_202.ocx (Adobe Flash Player 11.7 r700/Adobe Systems, Inc. SIGNED)(2013-05-23 18:39:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D6A9B8CC-192D-4F00-8BF8-AD8774011B07}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DFD031D4-4780-44E7-A5F5-951D672FC93A}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\DCBass\DCBassSourceMod.ax (BASS based DirectShow™ Audio Decoder/http://www.dsp-worx.de)(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E1A8B82A-32CE-4B0D-BE0D-AA68C772E423}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madVR.ax (madshi's D3D9 based video renderer/madshi.net SIGNED)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E2F64369-3A16-4692-A6C0-6EFCB6AEBAC1}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax (LAV Audio Decoder - DirectShow Audio Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EB02CC0B-C3BF-4c10-859C-70F42AFCD6B6}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\avs.dll(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EBCBF283-A798-4BA1-A8E1-E9413927F715}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vp7dec.ax (VP7 Decompression Filter/On2.com Inc.)(2013-05-23 20:13:13)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVVideo.ax (LAV Video Decoder - DirectShow Video Decoder/1f0.de - Hendrik Leppkes)(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F352C9C1-D39D-4622-A279-978A60927CDE}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madVR.ax (madshi's D3D9 based video renderer/madshi.net SIGNED)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32@                                    C:\Program Files\AVAST Software\Avast\AhAScr.dll (avast! Script Blocking library for Windows Scripting Interface/AVAST Software SIGNED)(2013-05-23 23:53:25)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll (VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth/xy-VSFilter Team)(2013-05-23 20:13:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F6E8FC04-8B05-48B1-9399-848229502A06}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F7747266-777D-4F61-A175-DD5ADF1E37DF}\InprocServer32@                                    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll (NVIDIA 3D Vision plugin/NVIDIA Corporation)(2013-01-18 15:16:56)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32@                                    C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax(2013-05-23 20:13:11)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Run@SUPERAntiSpyware                                                               C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware Application/SUPERAntiSpyware.com SIGNED)(2013-05-15 01:08:43)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Pro Agent                                                         C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DAEMON Tools Pro Agent/DT Soft Ltd SIGNED)(2011-03-18 11:40:50)

---- EOF - GMER 2.1 ----

 

 

 



BC AdBot (Login to Remove)

 


#2 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 May 2013 - 01:28 PM

here is a "show hidden file" log

 

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 05/24/2013 11:25:44 AM
Windows Version: Windows 7

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

 * C:\$RECYCLE.BIN\S-1-5-21-1333939676-316457160-147855663-1000
 * C:\MSOCache
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\BlueSprig\JetClean\Update
 * C:\Program Files (x86)\InstallShield Installation Information
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\Recovery\9afd5dc1-c3d6-11e2-82a9-e877bb9fc293
 * C:\System Volume Information
 * C:\System Volume Information\SPP
 * C:\System Volume Information\SPP\OnlineMetadataCache
 * C:\System Volume Information\SPP\SppCbsHiveStore
 * C:\System Volume Information\SPP\SppGroupCache
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\WwanSvc
 * C:\Users\All Users\Microsoft\WwanSvc\Profiles
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\gandg\AppData
 * C:\Users\gandg\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\gandg\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\gandg\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\gandg\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\AppCache\ZSXFID9F
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Burn\Burn1
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\History
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013052420130525
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013052320130524
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XKVUVSQ
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI6HD43H
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8DJTT7I
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDIF088S
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\03OUALV8
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DROSZ82S
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FEH92YSW
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PNSJUC4I
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\gandg\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\gandg\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\gandg\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IMD7SG3B
 * C:\Users\gandg\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\gandg\AppData\LocalLow\Microsoft\Windows\AppCache\P709HE2I
 * C:\Users\gandg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\gandg\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Public\Desktop
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\UpdatusUser\AppData
 * C:\Windows\BitLockerDiscoveryVolumeContents
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000041091A0090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000041091A0090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109511090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109610090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109610090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109611090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109611090400100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109810090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109910090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109910090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A10090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A10090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A20000000100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A20090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109A20090400100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109B10090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109C20090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F100A0C00000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\00004119210000000000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004119210000000000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2J6ND1
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9ZM3JC
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RUXGK2R
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZTO4AH
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P2J6ND1
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9ZM3JC
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RUXGK2R
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEZTO4AH
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\winsxs\Temp\PendingDeletes

Finished scanning the C:\ drive. 129 hidden items found.

Scanning the D:\ drive

 * D:\$RECYCLE.BIN\S-1-5-21-1333939676-316457160-147855663-1000
 * D:\System Volume Information

Finished scanning the D:\ drive. 2 hidden items found.

Program finished at: 05/24/2013 11:25:46 AM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

 



#3 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 May 2013 - 01:34 PM

"get services" log

 

 

 

 

 

SERVICE_NAME: !SASCORE
DISPLAY_NAME: SAS Core Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1288
        FLAGS              :
        DESCRIPTION        : SUPERAntiSpyware Core Service

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : SAS Core Service
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AeLookupSvc
DISPLAY_NAME: Application Experience
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Processes application compatibility cache requests for applications as they are launched

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Application Experience
        SERVICE_START_NAME : localSystem

SERVICE_NAME: Appinfo
DISPLAY_NAME: Application Information
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Facilitates the running of interactive applications with additional administrative privileges.  If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Application Information
        DEPENDENCIES       : RpcSs
                           : ProfSvc
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AudioEndpointBuilder
DISPLAY_NAME: Windows Audio Endpoint Builder
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 880
        FLAGS              :
        DESCRIPTION        : Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Audio Endpoint Builder
        DEPENDENCIES       : PlugPlay
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              :
        DESCRIPTION        : Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Audio
        DEPENDENCIES       : AudioEndpointBuilder
                           : RpcSs
                           : MMCSS
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: BFE
DISPLAY_NAME: Base Filtering Engine
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1208
        FLAGS              :
        DESCRIPTION        : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Base Filtering Engine
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Background Intelligent Transfer Service
        DEPENDENCIES       : RpcSs
                           : EventSystem
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: clr_optimization_v4.0.30319_32
DISPLAY_NAME: Microsoft .NET Framework NGEN v4.0.30319_X86
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2888
        FLAGS              :
        DESCRIPTION        : Microsoft .NET Framework NGEN

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Microsoft .NET Framework NGEN v4.0.30319_X86
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: clr_optimization_v4.0.30319_64
DISPLAY_NAME: Microsoft .NET Framework NGEN v4.0.30319_X64
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2992
        FLAGS              :
        DESCRIPTION        : Microsoft .NET Framework NGEN

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Microsoft .NET Framework NGEN v4.0.30319_X64
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 800
        FLAGS              :
        DESCRIPTION        : Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Cryptographic Services
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 700
        FLAGS              :
        DESCRIPTION        : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : DCOM Server Process Launcher
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              :
        DESCRIPTION        : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DHCP Client
        DEPENDENCIES       : NSI
                           : Tdx
                           : Afd
        SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 800
        FLAGS              :
        DESCRIPTION        : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tdx
                           : nsi
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: eventlog
DISPLAY_NAME: Windows Event Log
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              :
        DESCRIPTION        : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 924
        FLAGS              :
        DESCRIPTION        : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : COM+ Event System
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: FontCache
DISPLAY_NAME: Windows Font Cache Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 924
        FLAGS              :
        DESCRIPTION        : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Font Cache Service
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: gpsvc
DISPLAY_NAME: Group Policy Client
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 336
        FLAGS              :
        DESCRIPTION        : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k GPSvcGroup
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Group Policy Client
        DEPENDENCIES       : RPCSS
                           : Mup
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: iphlpsvc
DISPLAY_NAME: IP Helper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetSvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : IP Helper
        DEPENDENCIES       : RpcSS
                           : Tdx
                           : winmgmt
                           : tcpip
                           : nsi
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LanmanServer
DISPLAY_NAME: Server
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Server
        DEPENDENCIES       : SamSS
                           : Srv
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LanmanWorkstation
DISPLAY_NAME: Workstation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 800
        FLAGS              :
        DESCRIPTION        : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Workstation
        DEPENDENCIES       : Bowser
                           : MRxSmb10
                           : MRxSmb20
                           : NSI
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: lmhosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              :
        DESCRIPTION        : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : TCP/IP NetBIOS Helper
        DEPENDENCIES       : NetBT
                           : Afd
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: MMCSS
DISPLAY_NAME: Multimedia Class Scheduler
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.  If this service is stopped, individual tasks resort to their default priority.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Multimedia Class Scheduler
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: MpsSvc
DISPLAY_NAME: Windows Firewall
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1208
        FLAGS              :
        DESCRIPTION        : Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Windows Firewall
        DEPENDENCIES       : mpsdrv
                           : bfe
        SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 880
        FLAGS              :
        DESCRIPTION        : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Network Connections
        DEPENDENCIES       : RpcSs
                           : nsi
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: netprofm
DISPLAY_NAME: Network List Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 924
        FLAGS              :
        DESCRIPTION        : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Network List Service
        DEPENDENCIES       : RpcSs
                           : nlasvc
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: NlaSvc
DISPLAY_NAME: Network Location Awareness
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 800
        FLAGS              :
        DESCRIPTION        : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Network Location Awareness
        DEPENDENCIES       : NSI
                           : RpcSs
                           : TcpIp
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: nsi
DISPLAY_NAME: Network Store Interface Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 924
        FLAGS              :
        DESCRIPTION        : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Network Store Interface Service
        DEPENDENCIES       : nsiproxy
        SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 700
        FLAGS              :
        DESCRIPTION        : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Power
DISPLAY_NAME: Power
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 700
        FLAGS              :
        DESCRIPTION        : Manages power policy and power policy notification delivery.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : Plugplay
        TAG                : 0
        DISPLAY_NAME       : Power
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ProfSvc
DISPLAY_NAME: User Profile Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : profsvc_group
        TAG                : 0
        DISPLAY_NAME       : User Profile Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Remote Access Connection Manager
        DEPENDENCIES       : Tapisrv
                           : SstpSvc
        SERVICE_START_NAME : localSystem

SERVICE_NAME: RpcEptMapper
DISPLAY_NAME: RPC Endpoint Mapper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 784
        FLAGS              :
        DESCRIPTION        : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k RPCSS
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : RPC Endpoint Mapper
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 784
        FLAGS              :
        DESCRIPTION        : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Remote Procedure Call (RPC)
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 584
        FLAGS              : SERVICE_RUNS_IN_SYSTEM_PROCESS
        DESCRIPTION        : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\lsass.exe
        LOAD_ORDER_GROUP   : MS_WindowsLocalValidation
        TAG                : 0
        DISPLAY_NAME       : Security Accounts Manager
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : SchedulerGroup
        TAG                : 0
        DISPLAY_NAME       : Task Scheduler
        DEPENDENCIES       : RPCSS
                           : EventLog
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Secondary Logon
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Monitors system events and notifies subscribers to COM+ Event System of these events.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : System Event Notification Service
        DEPENDENCIES       : EventSystem
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Provides notifications for AutoPlay hardware events.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ShellSvcGroup
        TAG                : 0
        DISPLAY_NAME       : Shell Hardware Detection
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1168
        FLAGS              :
        DESCRIPTION        : Loads files to memory for later printing

        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\spoolsv.exe
        LOAD_ORDER_GROUP   : SpoolerGroup
        TAG                : 0
        DISPLAY_NAME       : Print Spooler
        DEPENDENCIES       : RPCSS
                           : http
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: sppsvc
DISPLAY_NAME: Software Protection
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2960
        FLAGS              :
        DESCRIPTION        : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\sppsvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Software Protection
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2892
        FLAGS              :
        DESCRIPTION        : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : SSDP Discovery
        DEPENDENCIES       : HTTP
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: SstpSvc
DISPLAY_NAME: Secure Socket Tunneling Protocol Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 924
        FLAGS              :
        DESCRIPTION        : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Secure Socket Tunneling Protocol Service
        SERVICE_START_NAME : NT Authority\LocalService

SERVICE_NAME: swprv
DISPLAY_NAME: Microsoft Software Shadow Copy Provider
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1452
        FLAGS              :
        DESCRIPTION        : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k swprv
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Microsoft Software Shadow Copy Provider
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SysMain
DISPLAY_NAME: Superfetch
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 880
        FLAGS              :
        DESCRIPTION        : Maintains and improves system performance over time.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Superfetch
        DEPENDENCIES       : rpcss
                           : fileinfo
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 800
        FLAGS              :
        DESCRIPTION        : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Telephony
        DEPENDENCIES       : PlugPlay
                           : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Provides user experience theme management.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Themes
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TrustedInstaller
DISPLAY_NAME: Windows Modules Installer
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1924
        FLAGS              :
        DESCRIPTION        : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\servicing\TrustedInstaller.exe
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Windows Modules Installer
        SERVICE_START_NAME : localSystem

SERVICE_NAME: UxSms
DISPLAY_NAME: Desktop Window Manager Session Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 880
        FLAGS              :
        DESCRIPTION        : Provides Desktop Window Manager startup and maintenance services

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : UIGroup
        TAG                : 0
        DISPLAY_NAME       : Desktop Window Manager Session Manager
        SERVICE_START_NAME : localSystem

SERVICE_NAME: Winmgmt
DISPLAY_NAME: Windows Management Instrumentation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              :
        DESCRIPTION        : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Security Center
        DEPENDENCIES       : RpcSs
                           : winmgmt
        SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: wuauserv
DISPLAY_NAME: Windows Update
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 956
        FLAGS              :
        DESCRIPTION        : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.

        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Update
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AntiVirSchedulerService
DISPLAY_NAME: Avira Scheduler
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2828
        FLAGS              :
        DESCRIPTION        : Service to schedule Avira Free Antivirus jobs and updates.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Avira Scheduler
        SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AntiVirService
DISPLAY_NAME: Avira Real-Time Protection
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1888
        FLAGS              :
        DESCRIPTION        : Offers permanent protection against viruses and malware with the Avira search engine.

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Avira Real-Time Protection
        SERVICE_START_NAME : LocalSystem



#4 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 24 May 2013 - 01:36 PM

That's the last of the logs I will post unless someone would like others, I am more than willing to get what ever anyone would need or think might help....Thanks in advance



#5 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 25 May 2013 - 11:03 PM

Anyone??



#6 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 26 May 2013 - 05:20 PM

Well hoping someone can tell me if there is anything that looks odd in logs .. I am new to this site so if I am doing something wrong let me know ...thx



#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 29 May 2013 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/495694 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 03 June 2013 - 10:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users