Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows cannot find filename.exe


  • Please log in to reply
38 replies to this topic

#1 awesomearc

awesomearc

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 22 April 2015 - 03:32 AM

Hi, first of all I would like to know if anybody else is experiencing/ has experienced this problem.

 

It has started recently and everytime I try to open a .exe program, the following error message appears:

 

Windows cannot find 'filename.exe'. Make sure you typed the name correctly, and then try again.

 

Currently this has affected only TeamViewer 10, but there can be more if I search thoroughly.

 

Here are the solutions that I found:

 

- Microsoft's site says, ''This problem may occur if the W32/Swen.A@MM (Swen) worm installed itself on your computer when you installed a security update that you received as an e-mail attachment to an unexpected e-mail that claims to be from Microsoft."

 

- System Restore (I don't like this one)

 

- Create a new user

 

- Uninstall and reinstall (I've done this about twenty times)

 

- Use a registry cleaner

 

Here are the solutions that I tried:

 

- Uninstall and reinstall

 

- Tried to remove the worm

 

- Use a registry cleaner

 

If you ask me why I don't like system restore, it's because some of my .exe files are lost if I do that

 

Please find a solution and reply as soon as possible

 

Thank you,

AwesomeARC


Edited by hamluis, 22 April 2015 - 11:00 AM.
Moved from Win 7 to Am I Infected - Hamluis.

Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 22 April 2015 - 05:30 AM

Hi awesomearc :)

First of all, I just want to tell you that using a Registry Cleaner is never the solution to a problem.

warning.gifRegistry Cleaners Warning!
I see that you have a Registry Cleaner program installed. These programs are known to be harmful to the system and should not be used for any reason there is. It's a known fact that using Registry Cleaners can easily break a Windows installation, to the point where a complete reinstallation might be needed. Here's a few myths about using these programs, and why they are just plainly false.
  • "Using a Registry Cleaner will improve a system's performance" - False. The Windows Registry is a big database which contains information on everything present on the system, from the boot settings to how your programs looks when you open them. There's so many entries in it that cleaning even thousands of them isn't enough to boost a system performance. Also, there's no studies, tests, benchmarks, etc. which shows that using Registry Cleaners actually improve a system speed;
  • "Using a Registry Cleaner will fix all your errors" - False. Using a Registry Cleaner won't fix any problems at all. In fact, it have more chances to create them if anything. There's no program that can fix every problems in a simple click, and there probably never will. If you have an error, it's better to troubleshoot that error in particuliar by finding what's causing it and fixing it than using a software that might give you more errors;
  • "If you don't use a Registry Cleaner, you'll leave a door open for malware" - False. It is rare that malware will actually hijack orpheans keys and keypairs in the Registry to create persistence or install themself. They'll usually create their own keys/keypairs since they have been instructed (coded) to do so, and the creator cannot expect every system he'll infect to have leftover keys. Also, pretty much only Reg Loading Points in the Registry would be of any interest for a malware to hijack, and these are usually occupied already, or quickly deleted when empty;
  • Registry Cleaners aren't Registry Defraggers - These are two different kind of software who have two distinct function each.
  • On a last note, there's a lot of Registry Cleaners out here that won't create a back-up of your Registry before applying the changes they make. Which means that if you use them and clean entries that prevents Windows to reboot after, locking you out of your computer, you won't be able to restore a precedent Registry back-up via the Recovery PE. This means that if you can't fix the boot issue after that, you'll most likely be forced to reinstall Windows;
Registry Cleaners were used back in the days by developers who were using a OLE-schema for their applications. They used these to clean the Registry after uninstalling their programs, just in case there was traces of it left behind that could affect a reinstallation. These were back in the Windows 95 and Windows 98 days and this practice isn't in effect anymore. Therefore, there's no reason for you to use such programs and quite a few to avoid them instead.

Here's more articles on Registry Cleaners that are worth a read if you want to learn more about them and why you shouldn't use them.Now, let's see what is causing that error message to pop-up. I'll need an Autoruns log for starters.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Go on ge.tt and upload the Autoruns file you saved;
  • Once done, post the download URL of your uploaded file in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:09 PM

Posted 22 April 2015 - 06:51 AM

...Microsoft's site says, ''This problem may occur if the W32/Swen.A@MM (Swen) worm installed itself on your computer when you installed a security update that you received as an e-mail attachment to an unexpected e-mail that claims to be from Microsoft."

That is an old article and was written for Windows XP/2000 users.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 22 April 2015 - 08:19 AM

Oh no! This is getting worse and worse! When I click on File > Save, no window appears and nothing happens!


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 22 April 2015 - 08:20 AM

You have to wait until all the entries are loaded in Autoruns in order for these options to be enabled otherwise it doesn't work.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 22 April 2015 - 08:23 AM

No, I mean all of them have loaded, Autoruns show 'Ready.' at the bottom-left corner of the window and the Save button is enabled too. But, when I click Save, no window opens. :(


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 22 April 2015 - 09:29 AM

Can you simply try to restart your computer, then re-open Autoruns and see if you can save the file this time?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 23 April 2015 - 02:35 AM

I restarted and opened again several times and also restarted in Safe Mode, but nothing seems to work. :(

 

The registry cleaner I used was the one in the CCleaner software and it also made a backup...

So, should I restore the backup, restart my computer, open Autoruns and try to save the file then?


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 23 April 2015 - 05:24 AM

You don't have to restore the back-up no, we'll go another way. Go in the Autoruns folder. From there, hold the Shift key and right-click anywhere in the folder. Select the Open a command prompt here option, and enter this command:

autorunsc -a * > autoruns.txt

A file called autoruns.txt will be created after the command is complete (when a new line will appear, and when you'll be able to input a new command). Open this text file, then copy and paste its content in your next reply.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:09 PM

Posted 23 April 2015 - 06:49 AM

Topic moved from Windows 7 to the appropriate forum. Issues related to possible malware and/or after using security tools should not be handled in the OS forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 23 April 2015 - 08:45 AM

Wow! It worked! Thanks for the commands!

 

Here are the contents:

 

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
   autocheck autochk *
     autocheck autochk *
     Auto Check Utility
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\autochk.exe
     14/07/2009 04:55 AM

HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension
   %systemroot%\system32\scext.dll
     %systemroot%\system32\scext.dll
     Service Control Manager Extension DLL for non-minwin
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\scext.dll
     14/07/2009 07:02 AM

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
   acid.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   alcohol.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   axdta.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   dotnetfx40.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   gh-cuttheropeapp.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   mediaburner.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   teamviewer.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   tvcshell.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   tvp.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   unins000.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   uninstall.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   win7ui.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File

Execution Options
   acid.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   alcohol.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   axdta.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   dotnetfx40.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   gh-cuttheropeapp.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   mediaburner.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   teamviewer.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   tvcshell.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   tvp.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   unins000.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   uninstall.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     
   win7ui.exe
     "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
     File not found: C:\Program Files (x86)\AVG\AVG PC TuneUp

\TUAutoReactivator64.exe
     

HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)
   C:\Program Files (x86)\Internet Explorer\iexplore.exe
     Internet Explorer
     Microsoft Corporation
     8.0.7600.16385
     c:\program files (x86)\internet explorer\iexplore.exe
     14/07/2009 05:13 AM

HKLM\System\CurrentControlSet\Services
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.5.7.0
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     03/01/2012 01:06 PM
   AeLookupSvc
     %SystemRoot%\System32\aelupsvc.dll
     Processes application compatibility cache requests for applications as they

are launched
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\aelupsvc.dll
     14/07/2009 06:55 AM
   AERTFilters
     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
     Andrea filters APO access service (64-bit)
     Andrea Electronics Corporation
     1.0.64.10
     c:\program files\realtek\audio\hda\aertsr64.exe
     17/11/2009 09:47 PM
   ALG
     %SystemRoot%\System32\alg.exe
     Provides support for 3rd party protocol plug-ins for Internet Connection

Sharing
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\alg.exe
     14/07/2009 05:38 AM
   AppIDSvc
     %SystemRoot%\System32\appidsvc.dll
     Determines and verifies the identity of an application. Disabling this

service will prevent AppLocker from being enforced.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\appidsvc.dll
     14/07/2009 06:56 AM
   Appinfo
     %SystemRoot%\System32\appinfo.dll
     Facilitates the running of interactive applications with additional

administrative privileges.  If this service is stopped, users will be unable to

launch applications with the additional administrative privileges they may

require to perform desired user tasks.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\appinfo.dll
     14/07/2009 06:56 AM
   AppMgmt
     %SystemRoot%\System32\appmgmts.dll
     Processes installation, removal, and enumeration requests for software

deployed through Group Policy. If the service is disabled, users will be unable

to install, remove, or enumerate software deployed through Group Policy. If this

service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\appmgmts.dll
     14/07/2009 06:56 AM
   AtherosSvc
     C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
     Atheros BT Stack Service Agent
     Atheros Commnucations
     7.4.0.122
     c:\program files (x86)\dell wireless\bluetooth suite\adminservice.exe
     20/02/2012 11:13 AM
   AudioEndpointBuilder
     %SystemRoot%\System32\Audiosrv.dll
     Manages audio devices for the Windows Audio service.  If this service is

stopped, audio devices and effects will not function properly.  If this service

is disabled, any services that explicitly depend on it will fail to start
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\audiosrv.dll
     14/07/2009 06:55 AM
   AudioSrv
     %SystemRoot%\System32\Audiosrv.dll
     Manages audio for Windows-based programs.  If this service is stopped,

audio devices and effects will not function properly.  If this service is

disabled, any services that explicitly depend on it will fail to start
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\audiosrv.dll
     14/07/2009 06:55 AM
   AVGIDSAgent
     "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
     Provides Identity Protection Against Cyber Crime.
     AVG Technologies CZ, s.r.o.
     15.0.0.5863
     c:\program files (x86)\avg\avg2015\avgidsagent.exe
     25/03/2015 04:04 PM
   avgwd
     "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
     AVG Watchdog Service
     AVG Technologies CZ, s.r.o.
     15.0.0.5863
     c:\program files (x86)\avg\avg2015\avgwdsvc.exe
     25/03/2015 03:51 PM
   AxInstSV
     %SystemRoot%\System32\AxInstSV.dll
     Provides User Account Control validation for the installation of ActiveX

controls from the Internet and enables management of ActiveX control

installation based on Group Policy settings. This service is started on demand

and if disabled the installation of ActiveX controls will behave according to

default browser settings.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\axinstsv.dll
     14/07/2009 06:55 AM
   BDESVC
     %SystemRoot%\System32\bdesvc.dll
     BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive

Encryption provides secure startup for the operating system, as well as full

volume encryption for OS, fixed or removable volumes. This service allows

BitLocker to prompt users for various actions related to their volumes when

mounted, and unlocks volumes automatically without user interaction.

Additionally, it stores recovery information to Active Directory, if available,

and, if necessary, ensures the most recent recovery certificates are used.  

Stopping or disabling the service would prevent users from leveraging this

functionality.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\bdesvc.dll
     14/07/2009 06:55 AM
   BFE
     %SystemRoot%\System32\bfe.dll
     The Base Filtering Engine (BFE) is a service that manages firewall and

Internet Protocol security (IPsec) policies and implements user mode filtering.

Stopping or disabling the BFE service will significantly reduce the security of

the system. It will also result in unpredictable behavior in IPsec management

and firewall applications.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\bfe.dll
     14/07/2009 06:55 AM
   BITS
     %SystemRoot%\System32\qmgr.dll
     Transfers files in the background using idle network bandwidth. If the

service is disabled, then any applications that depend on BITS, such as Windows

Update or MSN Explorer, will be unable to automatically download programs and

other information.
     Microsoft Corporation
     7.5.7600.16385
     c:\windows\system32\qmgr.dll
     14/07/2009 07:02 AM
   Browser
     %SystemRoot%\System32\browser.dll
     Maintains an updated list of computers on the network and supplies this

list to computers designated as browsers. If this service is stopped, this list

will not be updated or maintained. If this service is disabled, any services

that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\browser.dll
     14/07/2009 06:55 AM
   BstHdAndroidSvc
     "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
     BlueStacks Service
     BlueStack Systems, Inc.
     0.8.1.3051
     c:\program files (x86)\bluestacks\hd-service.exe
     13/11/2013 03:42 PM
   BstHdLogRotatorSvc
     C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
     BlueStacks Log Rotator Service
     BlueStack Systems, Inc.
     0.8.1.3051
     c:\program files (x86)\bluestacks\hd-logrotatorservice.exe
     13/11/2013 03:43 PM
   bthserv
     %SystemRoot%\system32\bthserv.dll
     The Bluetooth service supports discovery and association of remote

Bluetooth devices.  Stopping or disabling this service may cause already

installed Bluetooth devices to fail to operate properly and prevent new devices

from being discovered or associated.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\bthserv.dll
     14/07/2009 06:55 AM
   CertPropSvc
     %SystemRoot%\System32\certprop.dll
     Copies user certificates and root certificates from smart cards into the

current user's certificate store, detects when a smart card is inserted into a

smart card reader, and, if needed, installs the smart card Plug and Play

minidriver.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\certprop.dll
     14/07/2009 06:55 AM
   clr_optimization_v2.0.50727_32
     %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
     Microsoft .NET Framework NGEN
     Microsoft Corporation
     2.0.50727.4927
     c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
     04/06/2009 10:55 AM
   clr_optimization_v2.0.50727_64
     %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
     Microsoft .NET Framework NGEN
     Microsoft Corporation
     2.0.50727.4927
     c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
     04/06/2009 09:29 AM
   clr_optimization_v4.0.30319_32
     C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
     Microsoft .NET Framework NGEN
     Microsoft Corporation
     4.0.30319.1
     c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
     18/03/2010 01:15 PM
   clr_optimization_v4.0.30319_64
     C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
     Microsoft .NET Framework NGEN
     Microsoft Corporation
     4.0.30319.1
     c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
     18/03/2010 06:11 PM
   COMSysApp
     %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-

00805FC79235}
     Manages the configuration and tracking of Component Object Model (COM)+-

based components. If the service is stopped, most COM+-based components will not

function properly. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\dllhost.exe
     14/07/2009 05:29 AM
   cphs
     %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
     Intel® Content Protection HECI Service - enables communication with the

Content Protection FW
     Intel Corporation
     1.0.1.14
     c:\windows\syswow64\intelcphecisvc.exe
     22/12/2011 12:15 PM
   CryptSvc
     %SystemRoot%\system32\cryptsvc.dll
     Provides four management services: Catalog Database Service, which confirms

the signatures of Windows files and allows new programs to be installed;

Protected Root Service, which adds and removes Trusted Root Certification

Authority certificates from this computer; Automatic Root Certificate Update

Service, which retrieves root certificates from Windows Update and enable

scenarios such as SSL; and Key Service, which helps enroll this computer for

certificates. If this service is stopped, these management services will not

function properly. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\cryptsvc.dll
     14/07/2009 06:59 AM
   CscService
     %SystemRoot%\System32\cscsvc.dll
     The Offline Files service performs maintenance activities on the Offline

Files cache, responds to user logon and logoff events, implements the internals

of the public API, and dispatches interesting events to those interested in

Offline Files activities and changes in cache state.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\cscsvc.dll
     14/07/2009 07:00 AM
   DcomLaunch
     %SystemRoot%\system32\rpcss.dll
     The DCOMLAUNCH service launches COM and DCOM servers in response to object

activation requests. If this service is stopped or disabled, programs using COM

or DCOM will not function properly. It is strongly recommended that you have the

DCOMLAUNCH service running.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\rpcss.dll
     14/07/2009 07:02 AM
   defragsvc
     %Systemroot%\System32\defragsvc.dll
     Provides Disk Defragmentation Capabilities.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\defragsvc.dll
     14/07/2009 06:56 AM
   Dhcp
     %SystemRoot%\system32\dhcpcore.dll
     Registers and updates IP addresses and DNS records for this computer. If

this service is stopped, this computer will not receive dynamic IP addresses and

DNS updates. If this service is disabled, any services that explicitly depend on

it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\dhcpcore.dll
     14/07/2009 06:56 AM
   Dnscache
     %SystemRoot%\System32\dnsrslvr.dll
     The DNS Client service (dnscache) caches Domain Name System (DNS) names and

registers the full computer name for this computer. If the service is stopped,

DNS names will continue to be resolved. However, the results of DNS name queries

will not be cached and the computer's name will not be registered. If the

service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\dnsrslvr.dll
     14/07/2009 06:57 AM
   dot3svc
     %SystemRoot%\System32\dot3svc.dll
     The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE

802.1X authentication on Ethernet interfaces. If your current wired network

deployment enforces 802.1X authentication, the DOT3SVC service should be

configured to run for establishing Layer 2 connectivity and/or providing access

to network resources. Wired networks that do not enforce 802.1X authentication

are unaffected by the DOT3SVC service.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\dot3svc.dll
     14/07/2009 06:57 AM
   DPS
     %SystemRoot%\system32\dps.dll
     The Diagnostic Policy Service enables problem detection, troubleshooting

and resolution for Windows components.  If this service is stopped, diagnostics

will no longer function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\dps.dll
     14/07/2009 06:57 AM
   EapHost
     %SystemRoot%\System32\eapsvc.dll
     The Extensible Authentication Protocol (EAP) service provides network

authentication in such scenarios as 802.1x wired and wireless, VPN, and Network

Access Protection (NAP).  EAP also provides application programming interfaces

(APIs) that are used by network access clients, including wireless and VPN

clients, during the authentication process.  If you disable this service, this

computer is prevented from accessing networks that require EAP authentication.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\eapsvc.dll
     14/07/2009 06:56 AM
   EFS
     %SystemRoot%\System32\lsass.exe
     Provides the core file encryption technology used to store encrypted files

on NTFS file system volumes. If this service is stopped or disabled,

applications will be unable to access encrypted files.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   ehRecvr
     %systemroot%\ehome\ehRecvr.exe
     Windows Media Center Service for TV and FM broadcast reception
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\ehome\ehrecvr.exe
     14/07/2009 05:54 AM
   ehSched
     %systemroot%\ehome\ehsched.exe
     Starts and stops recording of TV programs within Windows Media Center
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\ehome\ehsched.exe
     14/07/2009 05:54 AM
   eventlog
     %SystemRoot%\System32\wevtsvc.dll
     This service manages events and event logs. It supports logging events,

querying events, subscribing to events, archiving event logs, and managing event

metadata. It can display events in both XML and plain text format. Stopping this

service may compromise security and reliability of the system.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wevtsvc.dll
     14/07/2009 07:04 AM
   EventSystem
     %systemroot%\system32\es.dll
     Supports System Event Notification Service (SENS), which provides automatic

distribution of events to subscribing Component Object Model (COM) components.

If the service is stopped, SENS will close and will not be able to provide logon

and logoff notifications. If this service is disabled, any services that

explicitly depend on it will fail to start.
     Microsoft Corporation
     2001.12.8530.16385
     c:\windows\system32\es.dll
     14/07/2009 06:59 AM
   Fax
     %systemroot%\system32\fxssvc.exe
     Enables you to send and receive faxes, utilizing fax resources available on

this computer or on the network.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\fxssvc.exe
     14/07/2009 06:06 AM
   fdPHost
     %SystemRoot%\system32\fdPHost.dll
     The FDPHOST service hosts the Function Discovery (FD) network discovery

providers. These FD providers supply network discovery services for the Simple

Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol.

Stopping or disabling the FDPHOST service will disable network discovery for

these protocols when using FD. When this service is unavailable, network

services using FD and relying on these discovery protocols will be unable to

find network devices or resources.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\fdphost.dll
     14/07/2009 06:57 AM
   FDResPub
     %SystemRoot%\system32\fdrespub.dll
     Publishes this computer and resources attached to this computer so they can

be discovered over the network.  If this service is stopped, network resources

will no longer be published and they will not be discovered by other computers

on the network.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\fdrespub.dll
     14/07/2009 06:57 AM
   FontCache
     %SystemRoot%\system32\FntCache.dll
     Optimizes performance of applications by caching commonly used font data.

Applications will start this service if it is not already running. It can be

disabled, though doing so will degrade application performance.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\fntcache.dll
     14/07/2009 06:57 AM
   FontCache3.0.0.0
     %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
     Optimizes performance of Windows Presentation Foundation (WPF) applications

by caching commonly used font data. WPF applications will start this service if

it is not already running. It can be disabled, though doing so will degrade the

performance of WPF applications.
     Microsoft Corporation
     3.0.6920.4902
     c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
     23/05/2009 07:26 AM
   gpsvc
     %SystemRoot%\System32\gpsvc.dll
     The service is responsible for applying settings configured by

administrators for the computer and users through the Group Policy component. If

the service is stopped or disabled, the settings will not be applied and

applications and components will not be manageable through Group Policy. Any

components or applications that depend on the Group Policy component might not

be functional if the service is stopped or disabled.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\gpsvc.dll
     14/07/2009 06:57 AM
   gupdate
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
     Keeps your Google software up to date. If this service is disabled or

stopped, your Google software will not be kept up to date, meaning security

vulnerabilities that may arise cannot be fixed and features may not work. This

service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     16/02/2012 08:13 AM
   gupdatem
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
     Keeps your Google software up to date. If this service is disabled or

stopped, your Google software will not be kept up to date, meaning security

vulnerabilities that may arise cannot be fixed and features may not work. This

service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     16/02/2012 08:13 AM
   hidserv
     %SystemRoot%\system32\hidserv.dll
     Enables generic input access to Human Interface Devices (HID), which

activates and maintains the use of predefined hot buttons on keyboards, remote

controls, and other multimedia devices. If this service is stopped, hot buttons

controlled by this service will no longer function. If this service is disabled,

any services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\hidserv.dll
     14/07/2009 06:57 AM
   hkmsvc
     %SystemRoot%\system32\kmsvc.dll
     Provides X.509 certificate and key management services for the Network

Access Protection Agent (NAPAgent). Enforcement technologies that use X.509

certificates may not function properly without this service
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\kmsvc.dll
     14/07/2009 07:01 AM
   HomeGroupListener
     %SystemRoot%\system32\ListSvc.dll
     Makes local computer changes associated with configuration and maintenance

of the homegroup-joined computer. If this service is stopped or disabled, your

computer will not work properly in a homegroup and your homegroup might not work

properly. It is recommended that you keep this service running.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\listsvc.dll
     14/07/2009 06:58 AM
   HomeGroupProvider
     %SystemRoot%\system32\provsvc.dll
     Performs networking tasks associated with configuration and maintenance of

homegroups. If this service is stopped or disabled, your computer will be unable

to detect other homegroups and your homegroup might not work properly. It is

recommended that you keep this service running.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\provsvc.dll
     14/07/2009 07:02 AM
   idsvc
     "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication

Foundation\infocard.exe"
     Securely enables the creation, management, and disclosure of digital

identities.
     Microsoft Corporation
     3.0.4506.4926
     c:\windows\microsoft.net\framework64\v3.0\windows communication foundation

\infocard.exe
     23/05/2009 07:19 AM
   IKEEXT
     %SystemRoot%\System32\ikeext.dll
     The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated

Internet Protocol (AuthIP) keying modules. These keying modules are used for

authentication and key exchange in Internet Protocol security (IPsec). Stopping

or disabling the IKEEXT service will disable IKE and AuthIP key exchange with

peer computers. IPsec is typically configured to use IKE or AuthIP; therefore,

stopping or disabling the IKEEXT service might result in an IPsec failure and

might compromise the security of the system. It is strongly recommended that you

have the IKEEXT service running.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\ikeext.dll
     14/07/2009 06:58 AM
   Intel® Capability Licensing Service Interface
     "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
     Version: 1.23.605.1
     Intel® Corporation
     1.23.605.1
     c:\program files\intel\icls client\heciserver.exe
     03/02/2012 02:59 AM
   IPBusEnum
     %SystemRoot%\system32\ipbusenum.dll
     The PnP-X bus enumerator service manages the virtual network bus. It

discovers network connected devices using the SSDP/WS discovery protocols and

gives them presence in PnP. If this service is stopped or disabled, presence of

NCD devices will not be maintained in PnP. All pnpx based scenarios will stop

functioning.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\ipbusenum.dll
     14/07/2009 06:58 AM
   iphlpsvc
     %SystemRoot%\System32\iphlpsvc.dll
     Provides tunnel connectivity using IPv6 transition technologies (6to4,

ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the

computer will not have the enhanced connectivity benefits that these

technologies offer.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\iphlpsvc.dll
     14/07/2009 06:58 AM
   jhi_service
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL

\jhi_service.exe
     Intel® Dynamic Application Loader Host Interface Service - Allows

applications to access the local Intel ® DAL
     Intel Corporation
     8.0.2.1410
     c:\program files (x86)\intel\intel® management engine components\dal

\jhi_service.exe
     08/02/2012 07:19 AM
   KeyIso
     %SystemRoot%\system32\lsass.exe
     The CNG key isolation service is hosted in the LSA process. The service

provides key process isolation to private keys and associated cryptographic

operations as required by the Common Criteria. The service stores and uses

long-lived keys in a secure process complying with Common Criteria requirements.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   KtmRm
     %systemroot%\system32\msdtckrm.dll
     Coordinates transactions between the Distributed Transaction Coordinator

(MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is

recommended that this service remain stopped. If it is needed, both MSDTC and

KTM will start this service automatically. If this service is disabled, any

MSDTC transaction interacting with a Kernel Resource Manager will fail and any

services that explicitly depend on it will fail to start.
     Microsoft Corporation
     2001.12.8530.16385
     c:\windows\system32\msdtckrm.dll
     14/07/2009 07:00 AM
   LanmanServer
     %SystemRoot%\system32\srvsvc.dll
     Supports file, print, and named-pipe sharing over the network for this

computer. If this service is stopped, these functions will be unavailable. If

this service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\srvsvc.dll
     14/07/2009 07:04 AM
   LanmanWorkstation
     %SystemRoot%\System32\wkssvc.dll
     Creates and maintains client network connections to remote servers using

the SMB protocol. If this service is stopped, these connections will be

unavailable. If this service is disabled, any services that explicitly depend on

it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wkssvc.dll
     14/07/2009 07:05 AM
   lltdsvc
     %SystemRoot%\System32\lltdsvc.dll
     Creates a Network Map, consisting of PC and device topology (connectivity)

information, and metadata describing each PC and device.  If this service is

disabled, the Network Map will not function properly.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lltdsvc.dll
     14/07/2009 06:58 AM
   lmhosts
     %SystemRoot%\System32\lmhsvc.dll
     Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS

name resolution for clients on the network, therefore enabling users to share

files, print, and log on to the network. If this service is stopped, these

functions might be unavailable. If this service is disabled, any services that

explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lmhsvc.dll
     14/07/2009 06:58 AM
   LMS
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS

\LMS.exe
     Allows applications to access the local Intel® Management and Security

Application using its locally-available selected network interfaces.
     Intel Corporation
     8.0.2.1410
     c:\program files (x86)\intel\intel® management engine components\lms

\lms.exe
     08/02/2012 07:05 AM
   MBAMScheduler
     "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
     Malwarebytes Anti-Malware scheduler
     Malwarebytes Corporation
     3.1.1.0
     c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
     12/09/2014 06:59 AM
   MBAMService
     "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
     Malwarebytes Anti-Malware service
     Malwarebytes Corporation
     3.0.8.1
     c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
     21/11/2014 01:38 AM
   McShield
     "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
     McAfee OnAccess Scanner
     McAfee, Inc.
     14.4.0.387
     c:\program files\common files\mcafee\systemcore\mcshield.exe
     10/12/2011 07:46 AM
   mfefire
     "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
     Provides firewall services to McAfee products
     McAfee, Inc.
     15.1.0.649
     c:\program files\common files\mcafee\systemcore\mfefire.exe
     31/10/2013 01:49 AM
   mfevtp
     "C:\Windows\system32\mfevtps.exe"
     Provides validation trust protection services
     McAfee, Inc.
     15.1.0.649
     c:\windows\system32\mfevtps.exe
     31/10/2013 01:45 AM
   MMCSS
     %SystemRoot%\system32\mmcss.dll
     Enables relative prioritization of work based on system-wide task

priorities. This is intended mainly for multimedia applications.  If this

service is stopped, individual tasks resort to their default priority.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\mmcss.dll
     14/07/2009 06:59 AM
   Mobile Broadband HL Service
     "C:\ProgramData\MobileBrServ\mbbservice.exe" -service
     Provide service for mobile broadband device.
     22.21.0.3
     c:\programdata\mobilebrserv\mbbservice.exe
     23/07/2013 09:12 AM
   MpsSvc
     %SystemRoot%\system32\mpssvc.dll
     Windows Firewall helps protect your computer by preventing unauthorized

users from gaining access to your computer through the Internet or a network.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\mpssvc.dll
     14/07/2009 06:59 AM
   MSDTC
     %SystemRoot%\System32\msdtc.exe
     Coordinates transactions that span multiple resource managers, such as

databases, message queues, and file systems. If this service is stopped, these

transactions will fail. If this service is disabled, any services that

explicitly depend on it will fail to start.
     Microsoft Corporation
     2001.12.8530.16385
     c:\windows\system32\msdtc.exe
     14/07/2009 05:29 AM
   MSiSCSI
     %systemroot%\system32\iscsiexe.dll
     Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI

target devices. If this service is stopped, this computer will not be able to

login or access iSCSI targets. If this service is disabled, any services that

explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\iscsiexe.dll
     14/07/2009 06:59 AM
   msiserver
     %systemroot%\system32\msiexec.exe /V
     Adds, modifies, and removes applications provided as a Windows Installer

(*.msi) package. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     5.0.7600.16385
     c:\windows\system32\msiexec.exe
     14/07/2009 05:18 AM
   napagent
     %SystemRoot%\system32\qagentRT.dll
     The Network Access Protection (NAP) agent service collects and manages

health information for client computers on a network. Information collected by

NAP agent is used to make sure that the client computer has the required

software and settings. If a client computer is not compliant with health policy,

it can be provided with restricted network access until its configuration is

updated. Depending on the configuration of health policy, client computers might

be automatically updated so that users quickly regain full network access

without having to manually update their computer.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\qagentrt.dll
     14/07/2009 07:02 AM
   NAUpdate
     "C:\Program Files (x86)\Nero\Update\NASvc.exe"
     Provides access to Nero application updates and manages Nero applications.
     Nero AG
     11.0.42.0
     c:\program files (x86)\nero\update\nasvc.exe
     18/07/2013 07:38 PM
   Netlogon
     %systemroot%\system32\lsass.exe
     Maintains a secure channel between this computer and the domain controller

for authenticating users and services. If this service is stopped, the computer

may not authenticate users and services and the domain controller cannot

register DNS records. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   Netman
     %SystemRoot%\System32\netman.dll
     Manages objects in the Network and Dial-Up Connections folder, in which you

can view both local area network and remote connections.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\netman.dll
     14/07/2009 07:00 AM
   netprofm
     %SystemRoot%\System32\netprofm.dll
     Identifies the networks to which the computer has connected, collects and

stores properties for these networks, and notifies applications when these

properties change.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\netprofm.dll
     14/07/2009 07:00 AM
   NlaSvc
     %SystemRoot%\System32\nlasvc.dll
     Collects and stores configuration information for the network and notifies

programs when this information is modified. If this service is stopped,

configuration information might be unavailable. If this service is disabled, any

services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\nlasvc.dll
     14/07/2009 07:00 AM
   nsi
     %systemroot%\system32\nsisvc.dll
     This service delivers network notifications (e.g. interface

addition/deleting etc) to user mode clients. Stopping this service will cause

loss of network connectivity. If this service is disabled, any other services

that explicitly depend on this service will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\nsisvc.dll
     14/07/2009 07:02 AM
   odserv
     "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
     Run portions of Microsoft Office Diagnostics.
     Microsoft Corporation
     12.0.4518.1014
     c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
     27/10/2006 08:18 AM
   ose
     "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine

\OSE.EXE"
     Saves installation files used for updates and repairs and is required for

the downloading of Setup updates and Watson error reports.
     Microsoft Corporation
     12.0.4518.1014
     c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
     27/10/2006 02:30 AM
   p2pimsvc
     %SystemRoot%\system32\pnrpsvc.dll
     Provides identity services for the Peer Name Resolution Protocol (PNRP) and

Peer-to-Peer Grouping services.  If disabled, the Peer Name Resolution Protocol

(PNRP) and Peer-to-Peer Grouping services may not function, and some

applications, such as HomeGroup and Remote Assistance, may not function

correctly.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\pnrpsvc.dll
     14/07/2009 07:03 AM
   p2psvc
     %SystemRoot%\system32\p2psvc.dll
     Enables multi-party communication using Peer-to-Peer Grouping.  If

disabled, some applications, such as HomeGroup, may not function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\p2psvc.dll
     14/07/2009 07:02 AM
   PcaSvc
     %SystemRoot%\System32\pcasvc.dll
     This service provides support for the Program Compatibility Assistant

(PCA).  PCA monitors programs installed and run by the user and detects known

compatibility problems. If this service is stopped, PCA will not function

properly.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\pcasvc.dll
     14/07/2009 07:02 AM
   PeerDistSvc
     %SystemRoot%\system32\peerdistsvc.dll
     This service caches network content from peers on the local subnet.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\peerdistsvc.dll
     14/07/2009 07:02 AM
   PerfHost
     %SystemRoot%\SysWow64\perfhost.exe
     Enables remote users and 64-bit processes to query performance counters

provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit

processes will be able to query performance counters provided by 32-bit DLLs.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\syswow64\perfhost.exe
     14/07/2009 04:41 AM
   pla
     %systemroot%\system32\pla.dll
     Performance Logs and Alerts Collects performance data from local or remote

computers based on preconfigured schedule parameters, then writes the data to a

log or triggers an alert. If this service is stopped, performance information

will not be collected. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\pla.dll
     14/07/2009 07:02 AM
   PlugPlay
     %SystemRoot%\system32\umpnpmgr.dll
     Enables a computer to recognize and adapt to hardware changes with little

or no user input. Stopping or disabling this service will result in system

instability.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\umpnpmgr.dll
     14/07/2009 07:03 AM
   PNRPAutoReg
     %SystemRoot%\system32\pnrpauto.dll
     This service publishes a machine name using the Peer Name Resolution

Protocol.  Configuration is managed via the netsh context 'p2p pnrp peer'
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\pnrpauto.dll
     14/07/2009 07:03 AM
   PNRPsvc
     %SystemRoot%\system32\pnrpsvc.dll
     Enables serverless peer name resolution over the Internet using the Peer

Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and

collaborative applications, such as Remote Assistance, may not function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\pnrpsvc.dll
     14/07/2009 07:03 AM
   PolicyAgent
     %SystemRoot%\System32\ipsecsvc.dll
     Internet Protocol security (IPsec) supports network-level peer

authentication, data origin authentication, data integrity, data confidentiality

(encryption), and replay protection.  This service enforces IPsec policies

created through the IP Security Policies snap-in or the command-line tool "netsh

ipsec".  If you stop this service, you may experience network connectivity

issues if your policy requires that connections use IPsec.  Also,remote

management of Windows Firewall is not available when this service is stopped.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\ipsecsvc.dll
     14/07/2009 06:59 AM
   Power
     %SystemRoot%\system32\umpo.dll
     Manages power policy and power policy notification delivery.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\umpo.dll
     14/07/2009 07:03 AM
   ProfSvc
     %systemroot%\system32\profsvc.dll
     This service is responsible for loading and unloading user profiles. If

this service is stopped or disabled, users will no longer be able to

successfully logon or logoff, applications may have problems getting to users'

data, and components registered to receive profile event notifications will not

receive them.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\profsvc.dll
     14/07/2009 07:02 AM
   ProtectedStorage
     %SystemRoot%\system32\lsass.exe
     Provides protected storage for sensitive data, such as passwords, to

prevent access by unauthorized services, processes, or users.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   QWAVE
     %windir%\system32\qwave.dll
     Quality Windows Audio Video Experience (qWave) is a networking platform for

Audio Video (AV) streaming applications on IP home networks. qWave enhances AV

streaming performance and reliability by ensuring network quality-of-service

(QoS) for AV applications. It provides mechanisms for admission control, run

time monitoring and enforcement, application feedback, and traffic

prioritization.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\qwave.dll
     14/07/2009 07:02 AM
   RasAuto
     %SystemRoot%\System32\rasauto.dll
     Creates a connection to a remote network whenever a program references a

remote DNS or NetBIOS name or address.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\rasauto.dll
     14/07/2009 07:02 AM
   RasMan
     %SystemRoot%\System32\rasmans.dll
     Manages dial-up and virtual private network (VPN) connections from this

computer to the Internet or other remote networks. If this service is disabled,

any services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\rasmans.dll
     14/07/2009 07:02 AM
   RemoteRegistry
     %SystemRoot%\system32\regsvc.dll
     Enables remote users to modify registry settings on this computer. If this

service is stopped, the registry can be modified only by users on this computer.

If this service is disabled, any services that explicitly depend on it will fail

to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\regsvc.dll
     14/07/2009 07:03 AM
   RpcEptMapper
     %SystemRoot%\System32\RpcEpMap.dll
     Resolves RPC interfaces identifiers to transport endpoints. If this service

is stopped or disabled, programs using Remote Procedure Call (RPC) services will

not function properly.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\rpcepmap.dll
     14/07/2009 07:02 AM
   RpcLocator
     %SystemRoot%\system32\locator.exe
     In Windows 2003 and earlier versions of Windows, the Remote Procedure Call

(RPC) Locator service manages the RPC name service database. In Windows Vista

and later versions of Windows, this service does not provide any functionality

and is present for application compatibility.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\locator.exe
     14/07/2009 05:29 AM
   RpcSs
     %SystemRoot%\system32\rpcss.dll
     The RPCSS service is the Service Control Manager for COM and DCOM servers.

It performs object activations requests, object exporter resolutions and

distributed garbage collection for COM and DCOM servers. If this service is

stopped or disabled, programs using COM or DCOM will not function properly. It

is strongly recommended that you have the RPCSS service running
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\rpcss.dll
     14/07/2009 07:02 AM
   SamSs
     %SystemRoot%\system32\lsass.exe
     The startup of this service signals other services that the Security

Accounts Manager (SAM) is ready to accept requests.  Disabling this service will

prevent other services in the system from being notified when the SAM is ready,

which may in turn cause those services to fail to start correctly. This service

should not be disabled.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   SCardSvr
     %SystemRoot%\System32\SCardSvr.dll
     Manages access to smart cards read by this computer. If this service is

stopped, this computer will be unable to read smart cards. If this service is

disabled, any services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\scardsvr.dll
     14/07/2009 07:02 AM
   Schedule
     %systemroot%\system32\schedsvc.dll
     Enables a user to configure and schedule automated tasks on this computer.

The service also hosts multiple Windows system-critical tasks. If this service

is stopped or disabled, these tasks will not be run at their scheduled times. If

this service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\schedsvc.dll
     14/07/2009 07:02 AM
   SCPolicySvc
     %SystemRoot%\System32\certprop.dll
     Allows the system to be configured to lock the user desktop upon smart card

removal.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\certprop.dll
     14/07/2009 06:55 AM
   SDRSVC
     %Systemroot%\System32\SDRSVC.dll
     Provides Windows Backup and Restore capabilities.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sdrsvc.dll
     14/07/2009 07:03 AM
   seclogon
     %windir%\system32\seclogon.dll
     Enables starting processes under alternate credentials. If this service is

stopped, this type of logon access will be unavailable. If this service is

disabled, any services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\seclogon.dll
     14/07/2009 07:03 AM
   SENS
     %SystemRoot%\System32\sens.dll
     Monitors system events and notifies subscribers to COM+ Event System of

these events.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sens.dll
     14/07/2009 07:03 AM
   SensrSvc
     %SystemRoot%\system32\sensrsvc.dll
     Monitors ambient light sensors to detect changes in ambient light and

adjust the display brightness.  If this service is stopped or disabled, the

display brightness will not adapt to lighting conditions.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sensrsvc.dll
     14/07/2009 07:03 AM
   SessionEnv
     %SystemRoot%\system32\sessenv.dll
     Remote Desktop Configuration service (RDCS) is responsible for all Remote

Desktop Services and Remote Desktop related configuration and session

maintenance activities that require SYSTEM context. These include per-session

temporary folders, RD themes, and RD certificates.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sessenv.dll
     14/07/2009 07:02 AM
   ShellHWDetection
     %SystemRoot%\System32\shsvcs.dll
     Provides notifications for AutoPlay hardware events.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\shsvcs.dll
     14/07/2009 07:03 AM
   SNMPTRAP
     %SystemRoot%\System32\snmptrap.exe
     Receives trap messages generated by local or remote Simple Network

Management Protocol (SNMP) agents and forwards the messages to SNMP management

programs running on this computer. If this service is stopped, SNMP-based

programs on this computer will not receive SNMP trap messages. If this service

is disabled, any services that explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\snmptrap.exe
     14/07/2009 05:40 AM
   Spooler
     %SystemRoot%\System32\spoolsv.exe
     Loads files to memory for later printing
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\spoolsv.exe
     14/07/2009 06:09 AM
   sppsvc
     %SystemRoot%\system32\sppsvc.exe
     Enables the download, installation and enforcement of digital licenses for

Windows and Windows applications. If the service is disabled, the operating

system and licensed applications may run in a notification mode. It is strongly

recommended that you not disable the Software Protection service.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sppsvc.exe
     14/07/2009 06:32 AM
   sppuinotify
     %SystemRoot%\system32\sppuinotify.dll
     Provides Software Licensing activation and notification
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sppuinotify.dll
     14/07/2009 07:03 AM
   SSDPSRV
     %SystemRoot%\System32\ssdpsrv.dll
     Discovers networked devices and services that use the SSDP discovery

protocol, such as UPnP devices. Also announces SSDP devices and services running

on the local computer. If this service is stopped, SSDP-based devices will not

be discovered. If this service is disabled, any services that explicitly depend

on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\ssdpsrv.dll
     14/07/2009 07:04 AM
   SstpSvc
     %SystemRoot%\system32\sstpsvc.dll
     Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect

to remote computers using VPN. If this service is disabled, users will not be

able to use SSTP to access remote servers.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sstpsvc.dll
     14/07/2009 07:04 AM
   stisvc
     %SystemRoot%\System32\wiaservc.dll
     Provides image acquisition services for scanners and cameras
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wiaservc.dll
     14/07/2009 07:04 AM
   swprv
     %Systemroot%\System32\swprv.dll
     Manages software-based volume shadow copies taken by the Volume Shadow Copy

service. If this service is stopped, software-based volume shadow copies cannot

be managed. If this service is disabled, any services that explicitly depend on

it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\swprv.dll
     14/07/2009 07:03 AM
   SysMain
     %systemroot%\system32\sysmain.dll
     Maintains and improves system performance over time.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\sysmain.dll
     14/07/2009 07:03 AM
   TabletInputService
     %SystemRoot%\System32\TabSvc.dll
     Enables Tablet PC pen and ink functionality
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\tabsvc.dll
     14/07/2009 07:03 AM
   TapiSrv
     %SystemRoot%\System32\tapisrv.dll
     Provides Telephony API (TAPI) support for programs that control telephony

devices on the local computer and, through the LAN, on servers that are also

running the service.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\tapisrv.dll
     14/07/2009 07:03 AM
   TBS
     %SystemRoot%\System32\tbssvc.dll
     Enables access to the Trusted Platform Module (TPM), which provides

hardware-based cryptographic services to system components and applications.  If

this service is stopped or disabled, applications will be unable to use keys

protected by the TPM.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\tbssvc.dll
     14/07/2009 07:03 AM
   TeamViewer
     "C:\Program Files (x86)\TeamViewer\Version10\TeamViewer_Service.exe"
     TeamViewer Remote Software
     TeamViewer GmbH
     10.0.40798.0
     c:\program files (x86)\teamviewer\version10\teamviewer_service.exe
     30/03/2015 02:11 PM
   TermService
     %SystemRoot%\System32\termsrv.dll
     Allows users to connect interactively to a remote computer. Remote Desktop

and Remote Desktop Session Host Server depend on this service.  To prevent

remote use of this computer, clear the checkboxes on the Remote tab of the

System properties control panel item.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\termsrv.dll
     14/07/2009 07:04 AM
   Themes
     %SystemRoot%\system32\themeservice.dll
     Provides user experience theme management.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\themeservice.dll
     14/07/2009 07:03 AM
   THREADORDER
     %SystemRoot%\system32\mmcss.dll
     Provides ordered execution for a group of threads within a specific period

of time.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\mmcss.dll
     14/07/2009 06:59 AM
   TrkWks
     %SystemRoot%\System32\trkwks.dll
     Maintains links between NTFS files within a computer or across computers in

a network.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\trkwks.dll
     14/07/2009 07:03 AM
   TrustedInstaller
     %SystemRoot%\servicing\TrustedInstaller.exe
     Enables installation, modification, and removal of Windows updates and

optional components. If this service is disabled, install or uninstall of

Windows updates might fail for this computer.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\servicing\trustedinstaller.exe
     14/07/2009 05:05 AM
   UI0Detect
     %SystemRoot%\system32\UI0Detect.exe
     Enables user notification of user input for interactive services, which

enables access to dialogs created by interactive services when they appear. If

this service is stopped, notifications of new interactive service dialogs will

no longer function and there might not be access to interactive service dialogs.

If this service is disabled, both notifications of and access to new interactive

service dialogs will no longer function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\ui0detect.exe
     14/07/2009 05:22 AM
   UmRdpService
     %SystemRoot%\System32\umrdp.dll
     Allows the redirection of Printers/Drives/Ports for RDP connections
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\umrdp.dll
     14/07/2009 07:03 AM
   UNS
     "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS

\UNS.exe"
     Intel® Management and Security Application User Notification Service -

Updates the Windows Event Log with notifications of pre defined events received

from the local Intel® Management and Security Application Device.
     Intel Corporation
     8.0.2.1410
     c:\program files (x86)\intel\intel® management engine components\uns

\uns.exe
     08/02/2012 07:07 AM
   upnphost
     %SystemRoot%\System32\upnphost.dll
     Allows UPnP devices to be hosted on this computer. If this service is

stopped, any hosted UPnP devices will stop functioning and no additional hosted

devices can be added. If this service is disabled, any services that explicitly

depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\upnphost.dll
     14/07/2009 07:03 AM
   UxSms
     %SystemRoot%\System32\uxsms.dll
     Provides Desktop Window Manager startup and maintenance services
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\uxsms.dll
     14/07/2009 07:04 AM
   VaultSvc
     %SystemRoot%\system32\lsass.exe
     Provides secure storage and retrieval of credentials to users, applications

and security service packages.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\lsass.exe
     14/07/2009 04:50 AM
   vds
     %SystemRoot%\System32\vds.exe
     Provides management services for disks, volumes, file systems, and storage

arrays.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\vds.exe
     14/07/2009 05:07 AM
   VSS
     %systemroot%\system32\vssvc.exe
     Manages and implements Volume Shadow Copies used for backup and other

purposes. If this service is stopped, shadow copies will be unavailable for

backup and the backup may fail. If this service is disabled, any services that

explicitly depend on it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\vssvc.exe
     14/07/2009 05:09 AM
   W32Time
     %systemroot%\system32\w32time.dll
     Maintains date and time synchronization on all clients and servers in the

network. If this service is stopped, date and time synchronization will be

unavailable. If this service is disabled, any services that explicitly depend on

it will fail to start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\w32time.dll
     14/07/2009 07:03 AM
   wbengine
     "%systemroot%\system32\wbengine.exe"
     The WBENGINE service is used by Windows Backup to perform backup and

recovery operations. If this service is stopped by a user, it may cause the

currently running backup or recovery operation to fail. Disabling this service

may disable backup and recovery operations using Windows Backup on this

computer.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wbengine.exe
     14/07/2009 05:07 AM
   WbioSrvc
     %SystemRoot%\System32\wbiosrvc.dll
     The Windows biometric service gives client applications the ability to

capture, compare, manipulate, and store biometric data without gaining direct

access to any biometric hardware or samples. The service is hosted in a

privileged SVCHOST process.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wbiosrvc.dll
     14/07/2009 07:04 AM
   wcncsvc
     %SystemRoot%\System32\wcncsvc.dll
     WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's

Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to

configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The

service is started programmatically as needed.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wcncsvc.dll
     14/07/2009 07:03 AM
   WcsPlugInService
     %SystemRoot%\System32\WcsPlugInService.dll
     The WcsPlugInService service hosts third-party Windows Color System color

device model and gamut map model plug-in modules. These plug-in modules are

vendor-specific extensions to the Windows Color System baseline color device and

gamut map models. Stopping or disabling the WcsPlugInService service will

disable this extensibility feature, and the Windows Color System will use its

baseline model processing rather than the vendor's desired processing. This

might result in inaccurate color rendering.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wcspluginservice.dll
     14/07/2009 07:03 AM
   WdiServiceHost
     %SystemRoot%\system32\wdi.dll
     The Diagnostic Service Host is used by the Diagnostic Policy Service to

host diagnostics that need to run in a Local Service context.  If this service

is stopped, any diagnostics that depend on it will no longer function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wdi.dll
     14/07/2009 07:03 AM
   WdiSystemHost
     %SystemRoot%\system32\wdi.dll
     The Diagnostic System Host is used by the Diagnostic Policy Service to host

diagnostics that need to run in a Local System context.  If this service is

stopped, any diagnostics that depend on it will no longer function.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wdi.dll
     14/07/2009 07:03 AM
   WebClient
     %SystemRoot%\System32\webclnt.dll
     Enables Windows-based programs to create, access, and modify Internet-based

files. If this service is stopped, these functions will not be available. If

this service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\webclnt.dll
     14/07/2009 07:04 AM
   Wecsvc
     %SystemRoot%\system32\wecsvc.dll
     This service manages persistent subscriptions to events from remote sources

that support WS-Management protocol. This includes Windows Vista event logs,

hardware and IPMI-enabled event sources. The service stores forwarded events in

a local Event Log. If this service is stopped or disabled event subscriptions

cannot be created and forwarded events cannot be accepted.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wecsvc.dll
     14/07/2009 07:03 AM
   wercplsupport
     %SystemRoot%\System32\wercplsupport.dll
     This service provides support for viewing, sending and deletion of system-

level problem reports for the Problem Reports and Solutions control panel.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wercplsupport.dll
     14/07/2009 07:03 AM
   WerSvc
     %SystemRoot%\System32\WerSvc.dll
     Allows errors to be reported when programs stop working or responding and

allows existing solutions to be delivered. Also allows logs to be generated for

diagnostic and repair services. If this service is stopped, error reporting

might not work correctly and results of diagnostic services and repairs might

not be displayed.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wersvc.dll
     14/07/2009 07:03 AM
   WinDefend
     %ProgramFiles%\Windows Defender\mpsvc.dll
     Protection against spyware and potentially unwanted software
     Microsoft Corporation
     6.1.7600.16385
     c:\program files\windows defender\mpsvc.dll
     14/07/2009 06:59 AM
   WinHttpAutoProxySvc
     winhttp.dll
     WinHTTP implements the client HTTP stack and provides developers with a

Win32 API and COM Automation component for sending HTTP requests and receiving

responses. In addition, WinHTTP provides support for auto-discovering a proxy

configuration via its implementation of the Web Proxy Auto-Discovery (WPAD)

protocol.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\winhttp.dll
     14/07/2009 07:04 AM
   Winmgmt
     %SystemRoot%\system32\wbem\WMIsvc.dll
     Provides a common interface and object model to access management

information about operating system, devices, applications and services. If this

service is stopped, most Windows-based software will not function properly. If

this service is disabled, any services that explicitly depend on it will fail to

start.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wbem\wmisvc.dll
     14/07/2009 07:06 AM
   WinRM
     %SystemRoot%\system32\WsmSvc.dll
     Windows Remote Management (WinRM) service implements the WS-Management

protocol for remote management. WS-Management is a standard web services

protocol used for remote software and hardware management. The WinRM service

listens on the network for WS-Management requests and processes them. The WinRM

Service needs to be configured with a listener using winrm.cmd command line tool

or through Group Policy in order for it to listen over the network. The WinRM

service provides access to WMI data and enables event collection. Event

collection and subscription to events require that the service is running. WinRM

messages use HTTP and HTTPS as transports. The WinRM service does not depend on

IIS but is preconfigured to share a port with IIS on the same machine.  The

WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS,

administrators should ensure that any websites hosted on IIS do not use the

/wsman URL prefix.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wsmsvc.dll
     14/07/2009 07:04 AM
   Wlansvc
     %SystemRoot%\System32\wlansvc.dll
     The WLANSVC service provides the logic required to configure, discover,

connect to, and disconnect from a wireless local area network (WLAN) as defined

by IEEE 802.11 standards. It also contains the logic to turn your computer into

a software access point so that other devices or computers can connect to your

computer wirelessly using a WLAN adapter that can support this. Stopping or

disabling the WLANSVC service will make all WLAN adapters on your computer

inaccessible from the Windows networking UI. It is strongly recommended that you

have the WLANSVC service running if your computer has a WLAN adapter.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wlansvc.dll
     14/07/2009 07:05 AM
   wmiApSrv
     %systemroot%\system32\wbem\WmiApSrv.exe
     Provides performance library information from Windows Management

Instrumentation (WMI) providers to clients on the network. This service only

runs when Performance Data Helper is activated.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wbem\wmiapsrv.exe
     14/07/2009 05:17 AM
   WMPNetworkSvc
     "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
     Shares Windows Media Player libraries to other networked players and media

devices using Universal Plug and Play
     Microsoft Corporation
     12.0.7600.16385
     c:\program files\windows media player\wmpnetwk.exe
     14/07/2009 05:54 AM
   WPCSvc
     %SystemRoot%\System32\wpcsvc.dll
     This service is a stub for Windows Parental Control functionality that

existed in Vista. It is provided for backward compatibility only.
     Microsoft Corporation
     1.0.0.1
     c:\windows\system32\wpcsvc.dll
     14/07/2009 07:06 AM
   WPDBusEnum
     %SystemRoot%\system32\wpdbusenum.dll
     Enforces group policy for removable mass-storage devices. Enables

applications such as Windows Media Player and Image Import Wizard to transfer

and synchronize content using removable mass-storage devices.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wpdbusenum.dll
     14/07/2009 07:06 AM
   wscsvc
     %SystemRoot%\System32\wscsvc.dll
     The WSCSVC (Windows Security Center) service monitors and reports security

health settings on the computer.  The health settings include firewall (on/off),

antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update

(automatically/manually download and install updates), User Account Control

(on/off), and Internet settings (recommended/not recommended). The service

provides COM APIs for independent software vendors to register and record the

state of their products to the Security Center service.  The Action Center (AC)

UI uses the service to provide systray alerts and a graphical view of the

security health states in the AC control panel.  Network Access Protection (NAP)

uses the service to report the security health states of clients to the NAP

Network Policy Server to make network quarantine decisions.  The service also

has a public API that allows external consumers to programmatically retrieve the

aggregated security health state of the system.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wscsvc.dll
     14/07/2009 07:04 AM
   WSearch
     %systemroot%\system32\SearchIndexer.exe /Embedding
     Provides content indexing, property caching, and search results for files,

e-mail, and other content.
     Microsoft Corporation
     7.0.7600.16385
     c:\windows\system32\searchindexer.exe
     14/07/2009 06:02 AM
   wudfsvc
     %SystemRoot%\System32\WUDFSvc.dll
     Manages user-mode driver host processes.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\wudfsvc.dll
     14/07/2009 07:04 AM
   WwanSvc
     %SystemRoot%\System32\wwansvc.dll
     This service manages mobile broadband (GSM & CDMA) data card/embedded

module adapters and connections by auto-configuring the networks. It is strongly

recommended that this service be kept running for best user experience of mobile

broadband devices.
     Microsoft Corporation
     8.1.2.0
     c:\windows\system32\wwansvc.dll
     14/07/2009 07:04 AM
   ZAtheros Bt&Wlan Coex Agent
     C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
     Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and

Bluetooth.
     Atheros
     8.0.0.237
     c:\program files (x86)\dell wireless\bluetooth suite\ath_coexagent.exe
     11/01/2012 12:14 PM
   ZAtheros Wlan Agent
     C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
     Atheros agent for Wlan
     Atheros
     8.0.0.240
     c:\program files (x86)\dell wireless\ath_wlanagent.exe
     08/02/2012 03:01 PM

HKLM\System\CurrentControlSet\Services
   1394ohci
     \SystemRoot\system32\DRIVERS\1394ohci.sys
     1394 OpenHCI Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\1394ohci.sys
     14/07/2009 05:37 AM
   ACPI
     system32\DRIVERS\ACPI.sys
     ACPI Driver for NT
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\acpi.sys
     14/07/2009 04:49 AM
   AcpiPmi
     \SystemRoot\system32\DRIVERS\acpipmi.sys
     ACPI Power Metering Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\acpipmi.sys
     14/07/2009 04:57 AM
   adp94xx
     \SystemRoot\system32\DRIVERS\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     06/12/2008 05:24 AM
   adpahci
     \SystemRoot\system32\DRIVERS\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     01/05/2007 11:00 PM
   adpu320
     \SystemRoot\system32\DRIVERS\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver (X64)
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     28/02/2007 05:34 AM
   AFD
     \SystemRoot\system32\drivers\afd.sys
     Ancillary Function Driver for Winsock
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\afd.sys
     14/07/2009 04:51 AM
   agp440
     \SystemRoot\system32\DRIVERS\agp440.sys
     440 NT AGP Filter
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\agp440.sys
     14/07/2009 05:08 AM
   aliide
     \SystemRoot\system32\DRIVERS\aliide.sys
     ALi mini IDE Driver
     Acer Laboratories Inc.
     1.2.0.0
     c:\windows\system32\drivers\aliide.sys
     14/07/2009 04:49 AM
   amdide
     \SystemRoot\system32\DRIVERS\amdide.sys
     AMD IDE Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\amdide.sys
     14/07/2009 04:49 AM
   AmdK8
     \SystemRoot\system32\DRIVERS\amdk8.sys
     Processor Device Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\amdk8.sys
     14/07/2009 04:49 AM
   AmdPPM
     \SystemRoot\system32\DRIVERS\amdppm.sys
     Processor Device Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\amdppm.sys
     14/07/2009 04:49 AM
   amdsata
     \SystemRoot\system32\DRIVERS\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.2.4
     c:\windows\system32\drivers\amdsata.sys
     19/05/2009 11:23 PM
   amdsbs
     \SystemRoot\system32\DRIVERS\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64

platform
     AMD Technologies Inc.
     3.6.1540.127
     c:\windows\system32\drivers\amdsbs.sys
     21/03/2009 12:06 AM
   amdxata
     system32\DRIVERS\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.2.4
     c:\windows\system32\drivers\amdxata.sys
     19/05/2009 11:26 PM
   AppID
     \SystemRoot\system32\drivers\appid.sys
     Identifies an application and enforces software restriction policies.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\appid.sys
     14/07/2009 05:22 AM
   arc
     \SystemRoot\system32\DRIVERS\arc.sys
     Adaptec RAID Storport Driver
     Adaptec, Inc.
     5.2.0.10384
     c:\windows\system32\drivers\arc.sys
     25/05/2007 02:57 AM
   arcsas
     \SystemRoot\system32\DRIVERS\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     Adaptec, Inc.
     5.2.0.16119
     c:\windows\system32\drivers\arcsas.sys
     15/01/2009 12:57 AM
   AsyncMac
     system32\DRIVERS\asyncmac.sys
     RAS Asynchronous Media Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\asyncmac.sys
     14/07/2009 05:40 AM
   atapi
     system32\DRIVERS\atapi.sys
     ATAPI IDE Miniport Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\atapi.sys
     14/07/2009 04:49 AM
   AthBTPort
     system32\DRIVERS\btath_flt.sys
     Atheros FILTER driver
     Atheros
     7.4.0.122
     c:\windows\system32\drivers\btath_flt.sys
     07/02/2012 04:27 PM
   athr
     system32\DRIVERS\athrx.sys
     Atheros Extensible Wireless LAN device driver
     Atheros Communications, Inc.
     9.2.0.484
     c:\windows\system32\drivers\athrx.sys
     01/02/2012 02:40 PM
   Avgdiska
     system32\DRIVERS\avgdiska.sys
     AVG File Vault Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5201
     c:\windows\system32\drivers\avgdiska.sys
     19/06/2014 12:33 AM
   AVGIDSDriver
     system32\DRIVERS\avgidsdrivera.sys
     AVG Technologies IDS Application Activity Monitor Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5863
     c:\windows\system32\drivers\avgidsdrivera.sys
     25/03/2015 03:51 PM
   AVGIDSHA
     system32\DRIVERS\avgidsha.sys
     AVG Technologies IDS Application Activity Monitor Helper Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5609
     c:\windows\system32\drivers\avgidsha.sys
     19/11/2014 02:12 AM
   Avgldx64
     system32\DRIVERS\avgldx64.sys
     AVG AVI Loader Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5500
     c:\windows\system32\drivers\avgldx64.sys
     29/08/2014 01:17 AM
   Avgloga
     system32\DRIVERS\avgloga.sys
     AVG Logging Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5735
     c:\windows\system32\drivers\avgloga.sys
     03/02/2015 03:17 PM
   Avgmfx64
     system32\DRIVERS\avgmfx64.sys
     AVG Resident Shield Minifilter Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5805
     c:\windows\system32\drivers\avgmfx64.sys
     05/02/2015 02:56 PM
   Avgrkx64
     system32\DRIVERS\avgrkx64.sys
     AVG Anti-Rootkit Driver
     AVG Technologies CZ, s.r.o.
     15.0.0.5201
     c:\windows\system32\drivers\avgrkx64.sys
     19/06/2014 12:33 AM
   Avgtdia
     system32\DRIVERS\avgtdia.sys
     AVG Network connection watcher
     AVG Technologies CZ, s.r.o.
     15.0.0.5851
     c:\windows\system32\drivers\avgtdia.sys
     25/02/2015 10:07 PM
   b06bdrv
     \SystemRoot\system32\DRIVERS\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     4.8.2.0
     c:\windows\system32\drivers\bxvbda.sys
     14/02/2009 03:48 AM
   b57nd60a
     system32\DRIVERS\b57nd60a.sys
     Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
     Broadcom Corporation
     10.100.4.0
     c:\windows\system32\drivers\b57nd60a.sys
     26/04/2009 04:44 PM
   Beep
     Beep
     BEEP Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\beep.sys
     14/07/2009 05:30 AM
   blbdrive
     system32\DRIVERS\blbdrive.sys
     BLB Drive Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\blbdrive.sys
     14/07/2009 05:05 AM
   bowser
     system32\DRIVERS\bowser.sys
     Implements the kernel datagram receiver for the computer browser browser

service.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bowser.sys
     14/07/2009 04:53 AM
   BrFiltLo
     \SystemRoot\system32\DRIVERS\BrFiltLo.sys
     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
     Brother Industries, Ltd.
     1.10.0.2
     c:\windows\system32\drivers\brfiltlo.sys
     07/08/2006 07:21 AM
   BrFiltUp
     \SystemRoot\system32\DRIVERS\BrFiltUp.sys
     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
     Brother Industries, Ltd.
     1.4.0.1
     c:\windows\system32\drivers\brfiltup.sys
     07/08/2006 07:21 AM
   Brserid
     \SystemRoot\System32\Drivers\Brserid.sys
     Brotehr Serial I/F Driver (WDM)
     Brother Industries Ltd.
     1.0.1.6
     c:\windows\system32\drivers\brserid.sys
     07/08/2006 07:21 AM
   BrSerWdm
     \SystemRoot\System32\Drivers\BrSerWdm.sys
     Brother Serial driver (WDM version)
     Brother Industries Ltd.
     1.0.0.20
     c:\windows\system32\drivers\brserwdm.sys
     07/08/2006 07:21 AM
   BrUsbMdm
     \SystemRoot\System32\Drivers\BrUsbMdm.sys
     Brother USB MDM Driver
     Brother Industries Ltd.
     1.0.0.12
     c:\windows\system32\drivers\brusbmdm.sys
     07/08/2006 07:21 AM
   BrUsbSer
     \SystemRoot\System32\Drivers\BrUsbSer.sys
     Brother USB Serial Driver
     Brother Industries Ltd.
     1.0.1.3
     c:\windows\system32\drivers\brusbser.sys
     09/08/2006 05:41 PM
   BstHdDrv
     \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
     BlueStacks Hypervisor for amd64
     BlueStack Systems
     0.8.1.3051
     c:\program files (x86)\bluestacks\hd-hypervisor-amd64.sys
     13/11/2013 03:43 PM
   BTATH_A2DP
     system32\drivers\btath_a2dp.sys
     Atheros A2DP driver
     Atheros
     7.4.0.115
     c:\windows\system32\drivers\btath_a2dp.sys
     04/01/2012 10:16 AM
   btath_avdt
     system32\drivers\btath_avdt.sys
     Atheros Bluetooth AVDT driver
     Atheros
     7.4.0.115
     c:\windows\system32\drivers\btath_avdt.sys
     04/01/2012 10:16 AM
   BTATH_BUS
     system32\DRIVERS\btath_bus.sys
     Atheros BUS driver
     Atheros
     7.4.0.90
     c:\windows\system32\drivers\btath_bus.sys
     20/07/2011 08:29 AM
   BTATH_HCRP
     system32\DRIVERS\btath_hcrp.sys
     Atheros HCRP driver
     Atheros
     7.4.0.90
     c:\windows\system32\drivers\btath_hcrp.sys
     20/07/2011 08:29 AM
   BTATH_LWFLT
     system32\DRIVERS\btath_lwflt.sys
     Atheros FILTER driver
     Atheros
     7.4.0.101
     c:\windows\system32\drivers\btath_lwflt.sys
     19/10/2011 11:20 AM
   BTATH_RCP
     system32\DRIVERS\btath_rcp.sys
     Atheros AVRCP driver
     Atheros
     7.4.0.95
     c:\windows\system32\drivers\btath_rcp.sys
     25/08/2011 03:56 PM
   BtFilter
     system32\DRIVERS\btfilter.sys
     BtFilter Driver
     Atheros
     7.4.0.122
     c:\windows\system32\drivers\btfilter.sys
     07/02/2012 04:28 PM
   BthEnum
     system32\DRIVERS\BthEnum.sys
     Bluetooth Bus Extender
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bthenum.sys
     14/07/2009 05:36 AM
   BTHMODEM
     system32\DRIVERS\bthmodem.sys
     Bluetooth Communications Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bthmodem.sys
     14/07/2009 05:36 AM
   BthPan
     system32\DRIVERS\bthpan.sys
     Bluetooth Device (Personal Area Network)
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bthpan.sys
     14/07/2009 05:37 AM
   BTHPORT
     System32\Drivers\BTHport.sys
     Bluetooth Bus Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bthport.sys
     14/07/2009 05:36 AM
   BTHUSB
     System32\Drivers\BTHUSB.sys
     Bluetooth Miniport Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\bthusb.sys
     14/07/2009 05:36 AM
   cdrom
     system32\DRIVERS\cdrom.sys
     SCSI CD-ROM Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\cdrom.sys
     14/07/2009 04:49 AM
   CEDRIVER60
     \??\C:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys
     File not found: C:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys
     
   cfwids
     system32\drivers\cfwids.sys
     McAfee Personal Firewall IDS Plugin
     McAfee, Inc.
     15.1.0.649
     c:\windows\system32\drivers\cfwids.sys
     31/10/2013 01:49 AM
   circlass
     \SystemRoot\system32\DRIVERS\circlass.sys
     Consumer IR Class Driver for eHome
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\circlass.sys
     14/07/2009 05:36 AM
   CLFS
     System32\CLFS.sys
     General-purpose logging service
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\clfs.sys
     14/07/2009 04:49 AM
   CmBatt
     \SystemRoot\system32\DRIVERS\CmBatt.sys
     Control Method Battery Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\cmbatt.sys
     14/07/2009 05:01 AM
   cmdide
     \SystemRoot\system32\DRIVERS\cmdide.sys
     CMD PCI IDE Bus Driver
     CMD Technology, Inc.
     2.0.7.0
     c:\windows\system32\drivers\cmdide.sys
     14/07/2009 04:49 AM
   CNG
     System32\Drivers\cng.sys
     Kernel Cryptography, Next Generation
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\cng.sys
     14/07/2009 05:19 AM
   Compbatt
     \SystemRoot\system32\DRIVERS\compbatt.sys
     Composite Battery Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\compbatt.sys
     14/07/2009 05:01 AM
   CompositeBus
     system32\DRIVERS\CompositeBus.sys
     Multi-Transport Composite Bus Enumerator
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\compositebus.sys
     14/07/2009 05:30 AM
   CSC
     system32\drivers\csc.sys
     Allows network files to be used while the local computer is offline.
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\csc.sys
     14/07/2009 04:54 AM
   dcdiag
     system32\DRIVERS\dcdiag.sys
     USB Serial Driver
     DriverCoding Technology Co,Ltd.
     1.0.0.237
     c:\windows\system32\drivers\dcdiag.sys
     03/12/2012 06:13 PM
   dcvcom
     system32\DRIVERS\dcvcom.sys
     DriverCoding USB COMM Driver
     DriverCoding Incorporated
     1.0.0.182
     c:\windows\system32\drivers\dcvcom.sys
     14/09/2012 01:29 PM
   DfsC
     System32\Drivers\dfsc.sys
     Client driver for access to DFS Namespaces
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\dfsc.sys
     14/07/2009 04:53 AM
   discache
     System32\drivers\discache.sys
     Attribute Cache Indexer
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\discache.sys
     14/07/2009 05:07 AM
   Disk
     system32\DRIVERS\disk.sys
     PnP Disk Driver
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\disk.sys
     14/07/2009 04:49 AM
   drmkaud
     system32\drivers\drmkaud.sys
     Microsoft Trusted Audio Drivers
     Microsoft Corporation
     6.1.7600.16385
     c:\windows\system32\drivers\drmkaud.sys
     14/07/2009 05:36 AM
   DXGKrnl
     \SystemRoot\System32\drivers\dxgkrnl.sys
     Controls the underlying video driver stack


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 23 April 2015 - 08:51 AM

I noticed something in your Autoruns log, but I'll need more information. Follow the instructions below.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
      Yjt97o0.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 23 April 2015 - 09:03 AM

Ok, so here it is:

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Subhra (administrator) on 23-04-2015 at 19:31:10
Running from "C:\Users\DELL\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Model: Inspiron One 2020 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/23/2015 07:10:03 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (04/23/2015 07:10:03 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Could not contact Filter Driver.

Error = 0x57 : The parameter is incorrect.

Error: (04/23/2015 01:27:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c311d085-ff54-4979-adb5-11f6987567b8}

Error: (04/23/2015 00:59:21 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (04/23/2015 00:59:21 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Could not contact Filter Driver.

Error = 0x57 : The parameter is incorrect.

Error: (04/23/2015 08:16:19 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (04/23/2015 08:16:19 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Could not contact Filter Driver.

Error = 0x57 : The parameter is incorrect.

Error: (04/22/2015 07:45:18 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1

Error: (04/22/2015 07:45:18 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Could not contact Filter Driver.

Error = 0x57 : The parameter is incorrect.

Error: (04/22/2015 06:26:27 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 1


System errors:
=============
Error: (04/23/2015 07:10:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (04/23/2015 00:59:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (04/23/2015 08:16:19 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (04/22/2015 07:45:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mfenlfk

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/22/2015 07:41:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/23/2014 01:14:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2014 01:13:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2014 01:12:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2014 01:12:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2014 01:12:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/23/2014 01:11:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 510 seconds with 240 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-15 08:52:57.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced BAT to EXE Converter PRO v2.49 (HKLM-x32\...\Advanced BAT to EXE Converter PRO v2.49) (Version:  - )
Alcohol 120% (HKLM-x32\...\Alcohol 120%) (Version:  - Alcohol Soft Development Team)
Angry Birds Star Wars (HKLM-x32\...\{84389C53-9D0B-4417-AA5A-211BEE64BEC7}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars II (HKLM-x32\...\{15231C14-90E3-4BBE-A11E-88C289FD0B6B}) (Version: 1.2.1 - Rovio Entertainment Ltd.)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4334 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.204 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.204 - AVG) Hidden
BanglaWord v1.9.0 (HKLM-x32\...\BanglaWord v1.9.0) (Version:  - )
Batman Arkham City - GOTY Edition version 1.0.0 (HKLM-x32\...\Batman Arkham City - GOTY Edition_is1) (Version: 1.0.0 - Warner Bros Interactive)
Batman: Arkham Asylum Game of the Year Edition (HKLM-x32\...\{CFABC775-5386-4BA5-86B4-505BBD36E812}) (Version: 1.0.0.0 - Eidos Inc./Warner Brothers)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.1.3051 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{B424CEE6-E8A3-4678-BCCF-B22DD3798AE0}) (Version: 0.8.1.3051 - BlueStack Systems, Inc.)
BurnAware Professional 6.6 (HKLM-x32\...\BurnAware Professional_is1) (Version:  - Burnaware)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CBR (HKLM\...\{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}) (Version: 0.7 - G.Waser)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Firefox Developer Edition 38.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 38.0a2 (x86 en-US)) (Version: 38.0a2 - Mozilla)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Inno Setup version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - jrsoftware.org)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Iron Man (HKLM\...\{6E737AC4-C430-4698-8790-C7D55F7107A4}) (Version: 1.00.0000 - SEGA)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Local Subtitles for 64-bit WMP (HKLM\...\{190BC83F-D54E-4494-830E-7FB4A5F4B964}) (Version: 1.6.0.0 - Alexander Demidov)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.9.2 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.21.00.113 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{4AD31A53-7852-4D98-86F3-156B34B49F40}) (Version: 15.0.03400 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20051 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Burning Core (x32 Version: 15.0.24000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.24000 - Nero AG) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{AB51F94A-8AA0-4F96-81B1-0446BA681083}) (Version: 15.0.02700 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{C36C7B74-EE4D-4C7F-97EA-0FD14F110D2F}) (Version: 12.0.01800 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Disc to Device (x32 Version: 15.0.12010 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden
Nero Express (x32 Version: 15.0.24000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero Info (x32 Version: 15.1.0023 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 15.0.10000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.20.8300 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden
Nero Recode (x32 Version: 15.0.14000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Video (x32 Version: 15.0.15000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 15.0.00018 - Nero AG) Hidden
NFO Creator (HKLM-x32\...\NFO Creator) (Version:  - )
Nullsoft Install System (HKLM-x32\...\NSIS) (Version: 2.46 - )
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prince of Persia - The Forgotten Sands (HKLM-x32\...\Prince of Persia - The Forgotten Sands_is1) (Version:  - R.G. Mechanics, pashtet)
Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: 1.00.999 - Ubisoft)
Prince of Persia The Two Thrones (x32 Version: 1.00.999 - Ubisoft) Hidden
Prince of Persia Warrior Within (Demo) (HKLM-x32\...\{C6B7E731-A9E1-4AEC-A1E7-2E63646647FE}) (Version: 1.00.999 - )
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 7.0.3.87 - Recover Keys)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Spider-Man® - Web of Shadows™ 1.1 Patch (x32 Version:  - ) Hidden
Spider-Man™ - Friend or Foe Demo (HKLM-x32\...\InstallShield_{92DD037F-3231-448D-9B4E-913B3BBEF562}) (Version: 1.00.0000 - Activision)
Spider-Man™ - Friend or Foe Demo (x32 Version: 1.00.0000 - Activision) Hidden
Spider-Man™ - Web of Shadows 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Total Video Converter 3.70 100621 (HKLM-x32\...\Total Video Converter 3.70_is1) (Version:  - EffectMatrix Inc.)
TotalImageConverter (HKLM-x32\...\Total Image Converter_is1) (Version: 2.5 - Softplicity, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VBT12 (HKCU\...\cb1234b10b32a249) (Version: 1.0.0.0 - Microsoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Driver Package - DriverCoding Corporation (dcdiag) Ports  (05/23/2011 1.0.0.21) (HKLM\...\A89231E8D3883B3A648396BFC4FD3FA349A58C61) (Version: 05/23/2011 1.0.0.21 - DriverCoding Corporation)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}) (Version:  - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden

**** End of log ****
 


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 23 April 2015 - 09:20 AM

warning.gifPC Booster/Tune-Up Program Warning!
"PC Booster/Tune Up" programs are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples:
  • Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (in-built);
  • Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry (in-built);
  • Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware;
  • Registry Cleaner/Defragger: Completely useless and also dangerous;
  • Disk Defragging: Disk Defrag (in-built), O&O Disk Defrag (installed), Defraggler (installed);
  • Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller have a portable version you can use;
  • "Enhanced" Task Manager: Procexp (standalone executable), Process Hacker (portable or installed);
  • "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such;
  • Repair Hard Drive issues: Simple chkdsk /r command under Windows (in-built);
Having such program installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it.

Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:Please uninstall the following programs.
  • Adobe AIR;
  • Adobe Flash Player 11 ActiveX;
  • Adobe Flash Player 16 NPAPI;
  • Adobe Reader X (10.1.3);
  • AVG PC TuneUp 2014;
  • Java 8 Update 31;
  • Java SE Development Kit 7 Update 45 (64-bits);
If you have a problem while uninstalling a program, let me know. Also, did you have McAfee installed on that system in the past? Because there's a lot of it's remnants on your system and it could cause conflict/instability.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 awesomearc

awesomearc
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal, India
  • Local time:03:39 AM

Posted 23 April 2015 - 09:55 AM

Please uninstall the following programs.
  • Adobe AIR;
  • Adobe Flash Player 11 ActiveX;
  • Adobe Flash Player 16 NPAPI;
  • Adobe Reader X (10.1.3);
  • AVG PC TuneUp 2014;
  • Java 8 Update 31;
  • Java SE Development Kit 7 Update 45 (64-bits);

 

Ok, all have been uninstalled and I faced no problems during the uninstallations.

 

For AVG PC TuneUp 2014, I had uninstalled it earlier, however I think it left some kind of files after the uninstallation.


Usually, I do not get online before 1:00 PM or after 10:00 PM (my local time).

 

So, if I do not reply to a thread where I am currently active, make sure you check my local time to see if it's time for me to be online or not. :)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users