Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Long time issues - remote services reactivated among other problems


  • Please log in to reply
22 replies to this topic

#1 limitless285

limitless285

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 28 December 2016 - 04:11 PM

Hi there,

 

I'm running Windows 10 Home x64. A couple of years ago, my computer was accessed by someone potentially multiple times over a few months. I have been constantly scanning and having my computer checked because it showed very strong signs of being infected.

 

About 6 months ago, I did a backup and complete reinstall of Windows which gave me some relief, yet I still restored many of my files back as I didn't want to lose them.

 

I feel as though I know the files in my computer in and out pretty well by now- I've certainly been a bit paranoid. Now, my computer seems to run fine, but I still am extremely paranoid about any infections it might have and some potential symptoms still occur.

 

  • Now, I know this could have nothing to do with an infection, but my computer was starting itself up in the middle of the night, during the day when I wasn't using it, etc just a couple of months ago.
  • Additionally, I had disabled as many of the remote services as I could, it just seemed like the safe thing to do since I wasn't using them. They have occasionally been re enabling themselves, even though they remain disabled after a restart. 
  • Many times Windows Updates fail or my computer cannot connect to the update server whatsoever.
  • Edit: and... I just had a cmd window briefly flash on my screen. I know this isn't indicative of a virus, but it wasn't during start up, and installation, etc. Just randomly as I was going about my work.

 

My question is, can anyone here potentially help me out to get rid of this paranoia once and for all or help me figure out if there is anything wrong?

 

Things I try/run constantly:

Checking through recently modified files by hand

MalywareBytes

SuperAntiSpyware

CCleaner (I know it doesn't do too much)

 

Running:

CentraStage

Webroot

Zscaler

Periodic Windows Defender (not fully enabled)

 

Cheers,

Limit 

 

Edit:

Just for the curious - I would have just gotten rid of this laptop because of how messed up it used to be (a harddrive ended up getting corrupted after months of serious problems), but I can't afford a new one that has decent enough specs to run Adobe CC. I have taken it to two different "Laptop Repair" shops who both ran diagnostics and said there was nothing. I work at a company and have had the IT taken a look at it. In the past, they said it seemed to be having some serious problems which is why we ended up reinstalling Windows. 


Edited by limitless285, 28 December 2016 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 03:08 AM

Download and unzip the .bat file to your desktop, right click run as admin. Allow completion and if your machine does not reboot, then do so manually.

 

One thing to consider is that you are on windows 10. There is always some sort of inbound or outbound connection going on with all of the Telemetry.

I suggest that you run one of the following tools.

O&O Shut Up.
Destroy Windows Spying.

Both of these tools will add items to your hosts file, which can increase ping so I would suggest you disable the DNS Client Service.
 

  1. Open Control Panel
  2. Double click Administrative Tools
  3. Double click Services
  4. Select the DNS Client Service from the list and right click on it
  5. Select Stop
  6. Right click Properties
  7. In Startup type select Disable
  8. Click OK
  9. Reboot system
 

 

  • Get the Everything Search Engine
  • Install Program, Right Click Run As Admin. Type or copy and paste C:\Windows\System32\Tasks into to search window.
  • Then Click Edit.
  • Select all.
  • Right Click highlighted items.
  • Copy full name to clipboard.
  • Paste content of clipboard, here in your next reply.

Perform the same steps above for the following in the code boxes below one at a time.

 

C:\Windows\Tasks
 

Telemetry

 

diagtrack

ADS SCAN.

Download ADS to your desktop.
Right Click Run As Administrator.
Click on Listing.
xaGFBx2.png
A file named Services_List Will appear on your desktop.
Please copy the content of that, and paste it in your next reply.

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.


Edited by InadequateInfirmity, 29 December 2016 - 03:59 AM.


#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 03:23 AM

As well stop the ads...

 

Ublock Origin

Anti Ad Block Killer

Alternate DNS -- Ad Blocking DNS

 

Add the take ownership to your right click as we may need this. Also, install unlocker.

 

 

 

TMHndNV.png

 

This guide will show you how to use unlocker to remove multiple files.


Edited by InadequateInfirmity, 29 December 2016 - 03:59 AM.


#4 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 08:47 AM

Thank you so much for your help- I ran O&O Shutup, but am going to wait to disable DNS Client to see if I need to. 
 
Here is the first Everything Search
 
C:\Windows\System32\Tasks
 
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID
C:\Windows\System32\Tasks\Apple
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppxDeploymentClient
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Autochk
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Bluetooth
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Chkdsk
C:\Windows\System32\Tasks\Microsoft\Windows\Clip
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Clip
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CloudExperienceHost
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Defrag
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Setup
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Diagnosis
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DUSM
C:\Windows\System32\Tasks\Microsoft\Windows\EDP
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\EnterpriseMgmt
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\FileHistory
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\License Manager
C:\Windows\System32\Tasks\Microsoft\Windows\Live
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Live
C:\Windows\System32\Tasks\Microsoft\Windows\Location
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management
C:\Windows\System32\Tasks\Microsoft\Windows\Maps
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic
C:\Windows\System32\Tasks\Microsoft
C:\Windows\System32\Tasks_Migrated\Microsoft
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Mobile Broadband Accounts
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MUI
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Multimedia
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NetTrace
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NlaSvc
C:\Windows\System32\Tasks\Microsoft\Office
C:\Windows\System32\Tasks_Migrated\Microsoft\Office
C:\Windows\System32\Tasks\Microsoft\Windows\PI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI
C:\Windows\System32\Tasks\Microsoft\Windows\PLA
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PLA
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management\Provisioning
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Ras
C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RecoveryEnvironment
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Registry
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteApp and Desktop Connections Update
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteAssistance
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemovalTools
C:\Windows\System32\Tasks\Microsoft\Windows\RestartManager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RestartManager
C:\Windows\System32\Tasks\Microsoft\Windows\RetailDemo
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RetailDemo
C:\Windows\System32\Tasks\Microsoft\Windows\Live\Roaming
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Live\Roaming
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Servicing
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync
C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback\Siuf
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort
C:\Windows\System32\Tasks\Microsoft\Windows\Speech
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PLA\System
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SystemRestore
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Task Manager
C:\Windows\System32\Tasks
C:\Windows\System32\Tasks_Migrated
C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TaskScheduler
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TextServicesFramework
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Zone
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UPnP
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\User Profile Service
C:\Windows\System32\Tasks\Microsoft\Windows\WCM
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WCM
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WDI
C:\Windows\System32\Tasks\Microsoft\Windows
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Activation Technologies
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Error Reporting
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Filtering Platform
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Media Sharing
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsBackup
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsColorSystem
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Wininet
C:\Windows\System32\Tasks\Microsoft\Windows\WOF
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders
C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Workplace Join
C:\Windows\System32\Tasks\Microsoft\Windows\WS
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WS
C:\Windows\System32\Tasks\Microsoft\XblGameSave
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
C:\Windows\System32\Tasks\Adobe Acrobat Update Task
C:\Windows\System32\Tasks_Migrated\Adobe Acrobat Update Task
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-LUKE-ENVY-Luke Shaw
C:\Windows\System32\Tasks_Migrated\AdobeAAMUpdater-1.0-LUKE-ENVY-Luke Shaw
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-limitless285@aol.com
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-luke.j.shaw@gmail.com
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\Automatic App Update
C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Workplace Join\Automatic-Device-Join
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\BackgroundUploadTask
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\CacheTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Wininet\CacheTask
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsColorSystem\Calibration Loader
C:\Windows\System32\Tasks\CCleanerSkipUAC
C:\Windows\System32\Tasks_Migrated\CCleanerSkipUAC
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\CleanupTemporaryState
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\CreateObjectTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information\Device
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Device Install Group Policy
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Device Install Reboot Required
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint\Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Feedback\Siuf\DmClient
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ApplicationData\DsSvcCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM\dusmtask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DUSM\dusmtask
C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\EDP Policy Manager
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\FamilySafetyMonitor
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\FamilySafetyRefresh
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\FileHistory\File History (maintenance mode)
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NetTrace\GatherNetworkInfo
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\User Profile Service\HiveUploadTask
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller\Installation
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Task Manager\Interactive
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
C:\Windows\System32\Tasks\Microsoft\Windows\Clip\License Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Clip\License Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WS\License Validation
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Management\Provisioning\Logon
C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MUI\LPRemove
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps\MapsToastTask
C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maps\MapsUpdateTask
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Device Setup\Metadata Refresh
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Ras\MobilityManager
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SettingSync\NetworkStateChangeTask
C:\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location\Notifications
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\Office Automatic Updates
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\Office ClickToRun Service Monitor
C:\Windows\System32\Tasks\Microsoft\Office\Office Subscription Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\Office Subscription Maintenance
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\OfficeTelemetryAgentFallBack2016
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\OfficeTelemetryAgentLogOn2016
C:\Windows\System32\Tasks\OneDrive Standalone Update Task
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Policy Install
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\PolicyConverter
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Chkdsk\ProactiveScan
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Autochk\Proxy
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Error Reporting\QueueReporting
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Reboot
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings
C:\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Registry\RegIdleBackup
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\ResPriStaticDbSync
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
C:\Windows\System32\Tasks\SamsungMagician
C:\Windows\System32\Tasks_Migrated\SamsungMagician
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Diagnosis\Scheduled
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\Scheduled Start
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Defrag\ScheduledDefrag
C:\Windows\System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI\Secure-Boot-Update
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sih
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sih
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sihboot
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskCleanup\SilentCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\SmartScreenSpecific
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort\SpaceAgentTask
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SpacePort\SpaceManagerTask
C:\Windows\System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask
C:\Windows\System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\PI\Sqm-Tasks
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SystemRestore\SR
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Servicing\StartComponentCleanup
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Application Experience\StartupAppTask
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\DiskFootprint\StorageSense
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
C:\Windows\System32\Tasks_Migrated\Synaptics TouchPad Enhancements
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Time Zone\SynchronizeTimeZone
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Multimedia\SystemSoundsService
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\SystemTask
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\License Manager\TempSignedLicenseExchange
C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM\Tpm-HASCertRetr
C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\TPM\Tpm-Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Bluetooth\UninstallDeviceTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UPnP\UPnPHostConfig
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1C6FD55-D266-473E-BF23-8EE2813BEF6B}
C:\Windows\System32\Tasks_Migrated\User_Feed_Synchronization-{A1C6FD55-D266-473E-BF23-8EE2813BEF6B}
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\UserTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
C:\Windows\System32\Tasks\Microsoft\Windows\WCM\WiFiTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\NlaSvc\WiFiTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WCM\WiFiTask
C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF\WIM-Hash-Management
C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WOF\WIM-Hash-Validation
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
C:\Windows\System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Location\WindowsActionDialog
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Maintenance\WinSAT
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WS\WSTask
C:\Windows\System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask
C:\Windows\System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon
 
C:\Windows\Tasks
 

C:\Windows\Tasks
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Windows\Tasks\SA.DAT

 

Telemetry

C:\Windows\WinSxS\amd64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_ec7544f503815be0
C:\Windows\WinSxS\amd64_microsoft-windows-c..e-telemetry.cortana_31bf3856ad364e35_10.0.14393.0_none_e2fae75fd31e17da
C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_cd675b431d9f4255
C:\Windows\WinSxS\Temp\InFlight\0b4484fa9825d20188050000d8169407\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.206_none_d9f72cdaa4b5b839
C:\Windows\WinSxS\Temp\InFlight\a7787cf1d632d201b30500005828702a\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.321_none_d9dc8d76a4ca6e8f
C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_d9bc1db2a4e2c262
C:\ProgramData\Microsoft\Windows Defender\Scans\CleanFileTelemetry
C:\ProgramData\Microsoft\Windows Defender\Scans\FailTelemetry
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\proactive-telemetry
C:\ProgramData\Battle.net\Telemetry
C:\Users\Luke Shaw\AppData\Local\Battle.net\Telemetry
C:\Users\Luke Shaw\AppData\Local\Microsoft\Office\16.0\Telemetry
C:\Users\Luke Shaw\AppData\Roaming\Battle.net\Telemetry
C:\Windows\appcompat\appraiser\Telemetry
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\telemetryrules
C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.6868.41201.0_x64__8wekyb3d8bbwe\telemetryrules
C:\Windows\WinSxS\wow64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_f6c9ef4737e21ddb
C:\Windows\WinSxS\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_d7bc059552000450
C:\Windows\WinSxS\Temp\InFlight\0b4484fa9825d20188050000d8169407\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.206_none_e44bd72cd9167a34
C:\Windows\WinSxS\Temp\InFlight\a7787cf1d632d201b30500005828702a\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.321_none_e43137c8d92b308a
C:\Windows\WinSxS\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_e410c804d943845d
C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry
C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_proactive-telemetry_d197c24dcd45bd32.cdf-ms
C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_proactive-telemetry_l_572370b9415ad15f.cdf-ms
C:\Windows\WinSxS\Temp\PendingRenames\289643e04760d201732600006c122014.$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_proactive-telemetry_l_572370b9415ad15f.cdf-ms
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_ec7544f503815be0.manifest
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-c..e-telemetry.cortana_31bf3856ad364e35_10.0.14393.0_none_e2fae75fd31e17da.manifest
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-c..telemetry.resources_31bf3856ad364e35_10.0.14393.0_en-us_f9807fe5c1a72773.manifest
C:\Windows\WinSxS\Backup\amd64_microsoft-windows-p..ne-client-overrides_31bf3856ad364e35_10.0.14393.187_none_6c1f7d47c075b2c6_power.energyestimationengine.telemetry.ppkg_8b58160d
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-telemetryclient_31bf3856ad364e35_10.0.14393.0_none_ac9a2223b485839f.manifest
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-telemetrypermission_31bf3856ad364e35_10.0.14393.0_none_1cb16e5f2b25c8df.manifest
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_cd675b431d9f4255.manifest
C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_d9bc1db2a4e2c262.manifest
C:\Windows\appcompat\appraiser\APPRAISER_TelemetryBaseline_UNV.bin
C:\Windows\WinSxS\amd64_microsoft-windows-c..iser-inboxdatafiles_31bf3856ad364e35_10.0.14393.0_none_9eeac2cef7a25999\Appraiser_TelemetryRunList.xml
C:\Windows\WinSxS\amd64_microsoft-windows-c..iser-inboxdatafiles_31bf3856ad364e35_10.0.14393.351_none_ab3f853e7ee5d9a6\Appraiser_TelemetryRunList.xml
C:\Windows\WinSxS\amd64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_ec7544f503815be0\BthTelemetry.dll
C:\Windows\WinSxS\wow64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_f6c9ef4737e21ddb\BthTelemetry.dll
C:\Windows\WinSxS\amd64_microsoft-windows-keyboarddiagnostic_31bf3856ad364e35_10.0.14393.0_none_0eeed58c7714178b\CL_Telemetry.ps1
C:\Users\Luke Shaw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
C:\Users\Luke Shaw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
C:\Windows\WinSxS\Temp\PendingRenames\d509a1df4760d2018c2500006c122014.$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_proactive-telemetry_d197c24dcd45bd32.cdf-ms
C:\Windows\WinSxS\Temp\PendingRenames\eeed51eb4760d201372c00006c122014.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\WinSxS\Temp\PendingRenames\f74743e04760d201722600006c122014.$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_dss_service_node_modules_proactive-telemetry_d197c24dcd45bd32.cdf-ms
C:\Windows\WinSxS\amd64_microsoft-windows-t..es-licensing-srvlic_31bf3856ad364e35_10.0.14393.0_none_6e53199e4a364516\lstelemetry.dll
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AllowTelemetry-Reduced-Default-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat
C:\Windows\servicing\Packages\Microsoft-OneCore-AllowTelemetry-Reduced-Default-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx
C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.3.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57601.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.6868.57981.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.3.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.winmd
C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftStickyNotes_1.0.136.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.winmd
C:\Program Files\WindowsApps\Microsoft.BingSports_4.13.47.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
C:\Windows\InfusedApps\Packages\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
C:\Windows\InfusedApps\Packages\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
C:\Windows\InfusedApps\Packages\Microsoft.BingWeather_4.9.51.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
C:\Program Files\WindowsApps\Microsoft.BingSports_4.13.47.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
C:\Windows\InfusedApps\Packages\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
C:\Windows\InfusedApps\Packages\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
C:\Windows\InfusedApps\Packages\Microsoft.BingWeather_4.9.51.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml
C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll
C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll
C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NvTelemetry.dll
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\OfficeTelemetryAgentFallBack2016
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016
C:\Windows\System32\Tasks_Migrated\Microsoft\Office\OfficeTelemetryAgentLogOn2016
C:\Windows\WinSxS\amd64_microsoft-windows-p..ne-client-overrides_31bf3856ad364e35_10.0.14393.0_none_5fe52cac391f412a\Power.EnergyEstimationEngine.Telemetry.ppkg
C:\Windows\WinSxS\amd64_microsoft-windows-p..ne-client-overrides_31bf3856ad364e35_10.0.14393.187_none_6c1f7d47c075b2c6\Power.EnergyEstimationEngine.Telemetry.ppkg
C:\Windows\WinSxS\amd64_microsoft-windows-c..lemetry.lib.cortana_31bf3856ad364e35_10.0.14393.0_none_662e28904c412873\proactive-telemetry-events.js
C:\Windows\WinSxS\amd64_microsoft-windows-c..lemetry.lib.cortana_31bf3856ad364e35_10.0.14393.0_none_662e28904c412873\proactive-telemetry.js
C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.14393.0_none_296860b9137f5377\SecureAssessment_Telemetry.dll
C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.14393.351_none_35bd23289ac2d384\SecureAssessment_Telemetry.dll
C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.14393.0_none_296860b9137f5377\SecureAssessment_Telemetry.winmd
C:\Program Files\Microsoft Office\root\VFS\Common Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk
C:\Program Files\Microsoft Office\root\VFS\Common Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Office 2016 Tools\Telemetry Log for Office 2016.lnk
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
C:\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.14393.0_none_a7bff13bda762f50\telemetry.ASM-WindowsDefault.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json
C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.14393.0_none_4ce8e17bf49d276e\Telemetry.Desktop.dll
C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.14393.479_none_593008497be9a73c\Telemetry.Desktop.dll
C:\Users\Luke Shaw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\Telemetry.dll
C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.14393.0_none_302ce44d64529a56\telemetry.js
C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.14393.351_none_3c81a6bceb961a63\telemetry.js
C:\Users\Luke Shaw\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\LocalState\telemetry.storage
C:\Users\Luke Shaw\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\Telemetry64.dll
C:\Users\Luke Shaw\AppData\Local\Microsoft\Windows\INetCache\IE\DB2WM8HD\Telemetry[1].js
C:\Windows\WinSxS\amd64_microsoft-windows-c..latform.win.cortana_31bf3856ad364e35_10.0.14393.0_none_6cfc4ae58a90c776\telemetry_impl.js
C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx
C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx
C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-c..bluetooth-telemetry_31bf3856ad364e35_10.0.14393.0_none_f6c9ef4737e21ddb.manifest
C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-c..telemetry.resources_31bf3856ad364e35_10.0.14393.0_en-us_03d52a37f607e96e.manifest
C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_d7bc059552000450.manifest

 

C:\Windows\WinSxS\Manifests\wow64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_e410c804d943845d.manifest
 
diagtrack

C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_cd675b431d9f4255\diagtrack.dll
C:\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_d9bc1db2a4e2c262\diagtrack.dll
C:\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.14393.0_en-us_f344a45a592c02e8\diagtrack.dll.mui
 
ADS Services List
---------- ADS | Services Listing
 
S0 - 3ware () -> System32\drivers\3ware.sys
R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys
R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys
S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS
S0 - amdsata () -> System32\drivers\amdsata.sys
S0 - amdsbs () -> System32\drivers\amdsbs.sys
S0 - amdxata () -> System32\drivers\amdxata.sys
S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys
S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys
S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys
R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys
R0 - CNG () -> System32\Drivers\cng.sys
R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys
S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys
R0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys
S0 - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys
R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys
R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys
S0 - Fs_Rec () -> (?)
R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys
S0 - HpSAMD () -> System32\drivers\HpSAMD.sys
S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys
R0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel® SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys
S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys
S0 - intelide () -> System32\drivers\intelide.sys
R0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel® Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys
R0 - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys
S0 - isapnp () -> System32\drivers\isapnp.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys
S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys
S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys
S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys
S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys
S0 - megasas () -> System32\drivers\megasas.sys
S0 - megasas2i () -> System32\drivers\MegaSas2i.sys
S0 - megasr () -> System32\drivers\megasr.sys
R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys
R0 - msisadrv () -> System32\drivers\msisadrv.sys
R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys
S0 - mvumis () -> System32\drivers\mvumis.sys
R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys
R0 - nvpciflt () -> system32\DRIVERS\nvpciflt.sys
S0 - nvraid () -> System32\drivers\nvraid.sys
S0 - nvstor () -> System32\drivers\nvstor.sys
R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys
R0 - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys
S0 - pciide () -> System32\drivers\pciide.sys
S0 - pcmcia () -> System32\drivers\pcmcia.sys
R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys
R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys
S0 - percsas2i () -> System32\drivers\percsas2i.sys
S0 - percsas3i () -> System32\drivers\percsas3i.sys
R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys
R0 - SamsungRapidDiskFltr (SAMSUNG RAPID Mode Disk Filter Driver) -> system32\DRIVERS\SamsungRapidDiskFltr.sys
R0 - SamsungRapidFSFltr (SamsungRapidFSFltr) -> system32\DRIVERS\SamsungRapidFSFltr.sys
S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys
S0 - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys
S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys
S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys
R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys
S0 - stexstor () -> System32\drivers\stexstor.sys
S0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys
S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys
S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys
S0 - storufs (@storufs.inf,sServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys
S0 - storvsc () -> System32\drivers\storvsc.sys
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys
R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys
S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys
R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys
R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys
R0 - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys
R0 - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys
S0 - vsmraid () -> System32\drivers\vsmraid.sys
S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys
S0 - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys
R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys
R0 - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys
R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys
R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys
R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys
R0 - Wof (Windows Overlay File System Filter Driver) -> (?)
R0 - WRkrn (WRkrn) -> System32\drivers\WRkrn.sys
R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys
R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys
R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys
R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys
R1 - Beep (Beep) -> (?)
R1 - Capsax64Drv (Capsax64Drv NDIS Protocol Driver) -> System32\Drivers\Capsax64Drv.sys
R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys
S1 - CsNdisLWF (CsNdisLWF NDIS Protocol Driver) -> System32\Drivers\CsNdisLWF.sys
S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys
R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys
R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys
R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys
R1 - Msfs () -> (?)
R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys
R1 - mv2 () -> \SystemRoot\system32\DRIVERS\mv2.sys
R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys
R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys
R1 - Npfs () -> (?)
R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys
R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys
R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys
R1 - SASDIFSV (SASDIFSV) -> \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
R1 - SASKUTIL (SASKUTIL) -> \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys
R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys
R2 - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - AdobeUpdateService () -> "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
R2 - AGSService (Adobe Genuine Software Integrity Service) -> "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - CagService (CentraStage) -> "C:\Program Files (x86)\CentraStage\CagService.exe"
S2 - CDPUserSvc (@%SystemRoot%\system32\cdpusersvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R2 - CDPUserSvc_4d5ce (CDPUserSvc_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
R2 - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys
R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs
S2 - gupdate (Google Update Service (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
R2 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
S2 - HvHost (@%SystemRoot%\system32\hvhostsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - igfxCUIService1.0.0.0 (Intel® HD Graphics Control Panel Service) -> %SystemRoot%\system32\igfxCUIService.exe
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys
R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys
S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys
R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys
R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys
S2 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
R2 - NVDisplay.ContainerLocalSystem (NVIDIA Display Container LS) -> "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
R2 - NvNetworkService (NVIDIA Network Service) -> "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R2 - OneSyncSvc_4d5ce (Sync Host_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - Razer Chroma SDK Service (Razer Chroma SDK Service) -> "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe"
R2 - Razer Game Scanner Service (Razer Game Scanner) -> "C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe"
R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS
R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys
R2 - rzpmgrk (rzpmgrk) -> \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
R2 - rzpnk (rzpnk) -> \??\C:\WINDOWS\system32\drivers\rzpnk.sys
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R2 - SamsungRapidSvc (Samsung RAPID Mode Service) -> system32\RAPID\SamsungRapidSvc.exe
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe
R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys
R2 - STacSV (@%SystemRoot%\system32\stlang64.dll,-10101) -> C:\Program Files\IDT\WDM\STacSV64.exe
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys
R2 - SynTPEnhService (SynTPEnh Caller Service) -> "C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys
R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys
R2 - WinDefend (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310) -> "%ProgramFiles%\Windows Defender\MsMpEng.exe"
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - WRSVC (WRSVC) -> "C:\Program Files (x86)\Webroot\WRSA.exe" -service
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
S3 - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys
S3 - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys
S3 - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys
S3 - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys
S3 - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys
S3 - AJRouter (@%SystemRoot%\system32\AJRouter.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) -> %SystemRoot%\System32\alg.exe
S3 - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys
S3 - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys
S3 - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys
S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys
S3 - AppReadiness (@%SystemRoot%\System32\AppReadiness.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k AppReadiness
S3 - AppXSvc (@%SystemRoot%\system32\appxdeploymentserver.dll,-1) -> %systemroot%\system32\svchost.exe -k wsappx
S3 - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys
S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) -> %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
S3 - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys
S3 - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys
S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys
S3 - Browser (@%systemroot%\system32\browser.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - BthA2DP (@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo) -> \SystemRoot\system32\drivers\BthA2DP.sys
R3 - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys
R3 - BthEnum (@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service) -> \SystemRoot\System32\drivers\BthEnum.sys
R3 - BthHFAud (@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free) -> \SystemRoot\system32\DRIVERS\BthHfAud.sys
R3 - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys
R3 - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys
R3 - BthHFSrv (@%SystemRoot%\System32\BthHFSrv.dll,-103) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
R3 - BthLEEnum (@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver) -> \SystemRoot\system32\DRIVERS\BthLEEnum.sys
S3 - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys
R3 - BthPan (@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network)) -> \SystemRoot\System32\drivers\bthpan.sys
S3 - BTHPORT (@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver) -> \SystemRoot\System32\drivers\BTHport.sys
R3 - bthserv (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - BTHUSB (@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver) -> \SystemRoot\System32\drivers\BTHUSB.sys
S3 - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys
S3 - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys
S3 - CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - cht4iscsi () -> System32\drivers\cht4sx64.sys
S3 - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys
S3 - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys
S3 - ClipSVC (@%SystemRoot%\system32\ClipSVC.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx
R3 - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys
R3 - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
S3 - COMSysApp (@comres.dll,-947) -> %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R3 - condrv (Console Driver) -> System32\drivers\condrv.sys
S3 - cphs (Intel® Content Protection HECI Service) -> %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
S3 - DcpSvc (@%SystemRoot%\system32\dcpsvc.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k defragsvc
S3 - DeviceInstall (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - DevQueryBroker (@%SystemRoot%\system32\DevQueryBroker.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - diagnosticshub.standardcollector.service (@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000) -> %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
S3 - DmEnrollmentSvc (@%systemroot%\system32\Windows.Internal.Management.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys
S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\DRIVERS\drmkaud.sys
S3 - DsmSvc (@%SystemRoot%\system32\DeviceSetupManager.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - DsSvc (@%SystemRoot%\system32\dssvc.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys
S3 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe
S3 - embeddedmode (@%SystemRoot%\system32\embeddedmodesvc.dll,-201) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - EntAppSvc (@EnterpriseAppMgmtSvc.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
S3 - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys
S3 - exfat (exFAT File System Driver) -> (?)
R3 - fastfat (FAT12/16/32 File System Driver) -> (?)
S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) -> %systemroot%\system32\fxssvc.exe
S3 - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys
R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - fhsvc (@%systemroot%\system32\fhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys
S3 - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys
R3 - FontCache3.0.0.0 (@%SystemRoot%\system32\PresentationHost.exe,-3309) -> %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - FrameServer (@%systemroot%\system32\FrameServer.dll,-100) -> %SystemRoot%\System32\svchost.exe -k Camera
S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys
S3 - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys
S3 - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys
S3 - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys
S3 - gupdatem (Google Update Service (gupdatem)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
R3 - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys
S3 - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys
S3 - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys
S3 - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys
S3 - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys
S3 - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys
R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys
R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys
R3 - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys
S3 - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys
R3 - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys
S3 - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys
S3 - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel® Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys
S3 - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel® Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
S3 - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel® Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
S3 - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel® Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
S3 - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel® Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
S3 - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys
S3 - icssvc (@%SystemRoot%\System32\tetheringservice.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R3 - igfx () -> \SystemRoot\system32\DRIVERS\igdkmd64.sys
S3 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys
S3 - intaud_WaveExtensible (Intel WiDi Audio Device) -> \SystemRoot\system32\drivers\intelaud.sys
R3 - IntcDAud (@oem14.inf,%IntcDAud.SvcDesc%;Intel® Display Audio) -> \SystemRoot\system32\DRIVERS\IntcDAud.sys
R3 - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys
S3 - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys
S3 - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys
S3 - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys
S3 - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys
S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys
S3 - irmon (@%SystemRoot%\System32\irmon.dll,-2000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys
R3 - iwdbus (@oem45.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator) -> \SystemRoot\System32\drivers\iwdbus.sys
R3 - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys
R3 - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys
R3 - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys
R3 - KeyIso (@keyiso.dll,-100) -> %SystemRoot%\system32\lsass.exe
R3 - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys
S3 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
R3 - lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - LicenseManager (@%SystemRoot%\system32\licensemanagersvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalService
R3 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R3 - MEIx64 (@oem60.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ) -> \SystemRoot\System32\drivers\TeeDriverW8x64.sys
S3 - MessagingService (@%SystemRoot%\system32\MessagingService.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - MessagingService_4d5ce (MessagingService_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys
S3 - Modem () -> system32\drivers\modem.sys
R3 - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys
R3 - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys
R3 - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys
R3 - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys
S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys
S3 - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys
S3 - MSDTC (@comres.dll,-2797) -> %SystemRoot%\System32\msdtc.exe
S3 - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys
R3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys
R3 - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys
S3 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V
S3 - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys
S3 - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys
S3 - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys
S3 - MsRPC () -> (?)
S3 - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys
S3 - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys
R3 - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys
S3 - NcaSvc (@%SystemRoot%\system32\ncasvc.dll,-3009) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R3 - NcbService (@%SystemRoot%\system32\ncbservice.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - NcdAutoSetup (@%SystemRoot%\system32\NcdAutoSetup.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
S3 - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys
S3 - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys
S3 - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys
S3 - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys
R3 - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys
R3 - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys
S3 - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys
S3 - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys
S3 - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys
S3 - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys
S3 - Netman (@%SystemRoot%\system32\netman.dll,-109) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202) -> %SystemRoot%\System32\svchost.exe -k LocalService
R3 - netr28x (@oem46.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver) -> \SystemRoot\system32\DRIVERS\netr28x.sys
S3 - NetSetupSvc (@%SystemRoot%\system32\NetSetupSvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - NetTcpPortSharing (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S3 - NgcCtnrSvc (@%SystemRoot%\System32\NgcCtnrSvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - NgcSvc (@%SystemRoot%\System32\ngcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - NTFS () -> (?)
R3 - nvlddmkm () -> \SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_46890670f683b00d\nvlddmkm.sys
R3 - nvvad_WaveExtensible (@oem57.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)) -> \SystemRoot\system32\drivers\nvvad64v.sys
S3 - ose64 (Office 64 Source Engine) -> "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys
S3 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) -> %SystemRoot%\SysWow64\perfhost.exe
S3 - PhoneSvc (@%SystemRoot%\system32\PhoneserviceRes.dll,-10000) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - PimIndexMaintenanceSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-15001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R3 - PimIndexMaintenanceSvc_4d5ce (Contact Data_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - pla (@%systemroot%\system32\pla.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R3 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-200) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
S3 - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys
S3 - PrintNotify (@C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll,-1) -> %SystemRoot%\system32\svchost.exe -k print
S3 - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys
S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) -> %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys
S3 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
S3 - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys
S3 - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys
S3 - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys
S3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys
R3 - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys
S3 - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys
S3 - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys
S3 - ReFSv1 () -> (?)
R3 - RFCOMM (@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI)) -> \SystemRoot\System32\drivers\rfcomm.sys
S3 - RmSvc (@%SystemRoot%\system32\RMapi.dll,-1001) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) -> %SystemRoot%\system32\locator.exe
S3 - RSP2STOR (@oem22.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2) -> \SystemRoot\system32\DRIVERS\RtsP2Stor.sys
R3 - rt640x64 (@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver) -> \SystemRoot\System32\drivers\rt640x64.sys
R3 - rzbtendpt (@oem16.inf,%rzbtendpt.SvcDesc%;Razer Bluetooth End Point) -> \SystemRoot\System32\drivers\rzbtendpt.sys
R3 - rzendpt (@oem20.inf,%rzendpt.SvcDesc%;rzendpt) -> \SystemRoot\System32\drivers\rzendpt.sys
R3 - rzmpos (@oem47.inf,%rzmpos.SvcDesc%;rzmpos) -> \SystemRoot\System32\drivers\rzmpos.sys
R3 - rzudd (@oem21.inf,%Razer.SvcDesc%;Razer Mouse Driver) -> \SystemRoot\System32\drivers\rzudd.sys
R3 - rzvkeyboard (@oem52.inf,%rzvkeyboard%;Razer Virtual Keyboard Driver) -> \SystemRoot\System32\drivers\rzvkeyboard.sys
S3 - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys
S3 - ScDeviceEnum (@%SystemRoot%\System32\ScDeviceEnum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys
S3 - scmdisk0101 (@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver) -> \SystemRoot\System32\drivers\scmdisk0101.sys
S3 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys
S3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) -> %SystemRoot%\system32\svchost.exe -k SDRSVC
S3 - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys
S3 - SensorDataService (@%SystemRoot%\system32\SensorDataService.exe,-101) -> %SystemRoot%\System32\SensorDataService.exe
S3 - SensorService (@%SystemRoot%\System32\sensorservice.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys
S3 - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys
S3 - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys
S3 - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys
S3 - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys
S3 - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys
S3 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - SmbDrvI () -> \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
S3 - smphost (@%SystemRoot%\System32\smphost.dll,-102) -> %SystemRoot%\System32\svchost.exe -k smphost
R3 - SmsRouter (@%SystemRoot%\System32\SmsRouterSvc.dll,-10001) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) -> %SystemRoot%\System32\snmptrap.exe
S3 - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys
R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys
R3 - srvnet () -> System32\DRIVERS\srvnet.sys
R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - StateRepository (@%SystemRoot%\system32\windows.staterepository.dll,-1) -> %SystemRoot%\system32\svchost.exe -k appmodel
S3 - Steam Client Service (Steam Client Service) -> "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
R3 - STHDA (@%SystemRoot%\system32\stlang64.dll,-10301) -> \SystemRoot\system32\DRIVERS\stwrt64.sys
R3 - sthid (@oem0.inf,%splashtop.SvcDesc%;Splashtop Virtual Hid) -> \SystemRoot\System32\drivers\sthid.sys
R3 - StorSvc (@%SystemRoot%\System32\StorSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - svsvc (@%SystemRoot%\system32\svsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys
R3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k swprv
S3 - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys
R3 - SynTP (@oem4.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver) -> \SystemRoot\system32\DRIVERS\SynTP.sys
S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys
S3 - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys
S3 - TieringEngineService (@%SystemRoot%\system32\TieringEngineService.exe,-702) -> %SystemRoot%\system32\TieringEngineService.exe
R3 - TimeBrokerSvc (@%windir%\system32\TimeBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys
S3 - TrustedInstaller (Windows Modules Installer) -> %SystemRoot%\servicing\TrustedInstaller.exe
S3 - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys
S3 - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys
S3 - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys
S3 - UASPStor (@uaspstor.inf,
SPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys
S3 - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys
S3 - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys
S3 - UcmUcsi (@UcmUcsi.inf,mUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys
R3 - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys
S3 - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys
S3 - UEFI (@uefi.inf,ïI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys
S3 - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys
S3 - UfxChipidea (@ufxchipidea.inf,xChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys
S3 - ufxsynopsys (@ufxsynopsys.inf,xsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys
S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) -> %SystemRoot%\system32\UI0Detect.exe
R3 - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys
R3 - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys
S3 - UnistoreSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup
R3 - UnistoreSvc_4d5ce (User Data Storage_4d5ce) -> C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
S3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys
S3 - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys
S3 - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys
R3 - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys
S3 - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys
R3 - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys
R3 - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys
R3 - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys
S3 - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys
S3 - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys
S3 - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys
S3 - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS
S3 - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys
R3 - usbvideo (@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM)) -> \SystemRoot\System32\Drivers\usbvideo.sys
R3 - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS
S3 - UserDataSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-14001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R3 - UserDataSvc_4d5ce (User Data Access_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - UsoSvc (@%systemroot%\system32\usocore.dll,-102) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) -> %SystemRoot%\system32\lsass.exe
S3 - vds (@%SystemRoot%\system32\vds.exe,-100) -> %SystemRoot%\System32\vds.exe
S3 - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys
S3 - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys
S3 - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys
S3 - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys
S3 - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys
S3 - vmicguestinterface (@%systemroot%\system32\icsvc.dll,-801) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicheartbeat (@%systemroot%\system32\icsvc.dll,-101) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmickvpexchange (@%systemroot%\system32\icsvc.dll,-201) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicrdv (@%systemroot%\system32\icsvcext.dll,-601) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmicshutdown (@%systemroot%\system32\icsvc.dll,-301) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmictimesync (@%systemroot%\system32\icsvc.dll,-401) -> %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - vmicvmsession (@%systemroot%\system32\icsvc.dll,-901) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicvss (@%systemroot%\system32\icsvcext.dll,-501) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - vmulti (@oem61.inf,%vmulti%;HUION HID) -> \SystemRoot\System32\drivers\vmulti.sys
S3 - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys
R3 - VSS (@%systemroot%\system32\vssvc.exe,-102) -> %systemroot%\system32\vssvc.exe
R3 - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys
R3 - vwifimp (@%SystemRoot%\System32\drivers\vwifimp.sys,-261) -> \SystemRoot\System32\drivers\vwifimp.sys
S3 - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys
S3 - WalletService (@%SystemRoot%\System32\WalletService.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k appmodel
S3 - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys
S3 - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys
S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) -> "%systemroot%\system32\wbengine.exe"
S3 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) -> %SystemRoot%\System32\svchost.exe -k LocalService
R3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys
S3 - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys
S3 - WdNisSvc (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320) -> "%ProgramFiles%\Windows Defender\NisSrv.exe"
S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k NetworkService
S3 - WEPHOSTSVC (@%systemroot%\system32\wephostsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k WepHostSvcGroup
S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
S3 - WiaRpc (@%SystemRoot%\system32\wiarpc.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys
R3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys
S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R3 - WINUSB (@winusb.inf,%WinUsb_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS
S3 - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys
R3 - WirelessButtonDriver64 (@oem11.inf,%ServiceDesc%;HP Wireless Button Driver Service) -> \SystemRoot\system32\DRIVERS\WirelessButtonDriver64.sys
S3 - wisvc (@%SystemRoot%\system32\flightsettings.dll,-104) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - wlidsvc (@%SystemRoot%\system32\wlidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys
S3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) -> %systemroot%\system32\wbem\WmiApSrv.exe
S3 - workfolderssvc (@%systemroot%\system32\workfolderssvc.dll,-102) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys
S3 - WpnService (@%SystemRoot%\system32\wpnservice.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - WpnUserService (@%SystemRoot%\system32\WpnUserService.dll,-1) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - WpnUserService_4d5ce (Windows Push Notifications User Service_4d5ce) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
R3 - wrUrlFlt (Webroot UrlFilter) -> \??\C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys
S3 - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys
S3 - WSDScan (@sti.inf,%WSDScan.SvcDesc%;WSD Scan Support) -> \SystemRoot\system32\DRIVERS\WSDScan.sys
R3 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys
R3 - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
R3 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
R3 - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
S3 - XblAuthManager (@%systemroot%\system32\XblAuthManager.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - XblGameSave (@%systemroot%\system32\XblGameSave.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys
S3 - XboxNetApiSvc (@%systemroot%\system32\XboxNetApiSvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys
S3 - ztap (Zscaler Network Adapter 1.0.2.0) -> \SystemRoot\System32\drivers\ztap.sys
S4 - !SASCORE (SAS Core Service) -> "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
S4 - Bonjour Service (Bonjour Service) -> "C:\Program Files\Bonjour\mDNSResponder.exe"
S4 - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys
S4 - ClickToRunSvc (Microsoft Office Click-to-Run Service) -> "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
S4 - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys
S4 - DiagTrack (Connected User Experiences and Telemetry) -> %SystemRoot%\System32\svchost.exe -k utcsvc
S4 - dmwappushservice (@%SystemRoot%\system32\dmwappushsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S4 - GfExperienceService (NVIDIA GeForce Experience Service) -> "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
S4 - NvStreamNetworkSvc (NVIDIA Streamer Network Service) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
S4 - NvStreamSvc (NVIDIA Streamer Service) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
S4 - RasAuto (Remote Access Auto Connection Manager) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - RasMan (Remote Access Connection Manager) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - RemoteRegistry (@regsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k localService
S4 - RetailDemo (Retail Demo Service) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S4 - seclogon (Secondary Logon) -> %windir%\system32\svchost.exe -k netsvcs
S4 - SessionEnv (Remote Desktop Configuration) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - shpamsvc (@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - SplashtopRemoteService (Splashtop® Remote Service) -> "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
S4 - SSUService (Splashtop Software Updater Service) -> C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
S4 - TermService (Remote Desktop Services) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S4 - tzautoupdate (@%SystemRoot%\system32\tzautoupdate.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S4 - udfs (udfs) -> system32\DRIVERS\udfs.sys
S4 - UmRdpService (Remote Desktop Services UserMode Port Redirector) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S4 - uvnc_service (uvnc_service) -> "C:\Program Files (x86)\CentraStage\UltraVNC\winvnc.exe" -service
S4 - valWBFPolicyService (@oem63.inf,%WBFService_SvcDesc%;Validity WBF Policy Service) -> %SystemRoot%\system32\valWBFPolicyService.exe
S4 - WMPNetworkSvc (Windows Media Player Network Sharing Service) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
S4 - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys
S4 - WSearch (Windows Search) -> %systemroot%\system32\SearchIndexer.exe /Embedding
 
Security Check
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 29.12.2016 08:43:19
Path starting: C:\Users\Luke Shaw\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Luke Shaw
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________
 
Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 02.10.2016 02:24:35
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Timebased activation will expire :38814 minutes
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [464.4 Gb] Used: [186.7 Gb] Free: [277.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
 
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Webroot SecureAnywhere (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Webroot SecureAnywhere (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Webroot SecureAnywhere v.9.0.13.75
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.6.0.1220
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.31 (64-bit) v.5.31.0 Warning! Download Update
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.24.0.0.180
Adobe Acrobat XI Pro v.11.0.18
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.84 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
SAS Core Service (!SASCORE) - The service has stopped
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 
Minitoolbox
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Luke Shaw (administrator) on 29-12-2016 at 08:45:41
Running from "C:\Users\Luke Shaw\Downloads"
Microsoft Windows 10 Home  (X64)
Model: HP ENVY dv6 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LUKE-ENVY
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-B3-CC-51-97-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : BC-85-56-08-F8-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : BC-85-56-08-F8-C7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.1.156(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 29, 2016 8:17:45 AM
   Lease Expires . . . . . . . . . . : Friday, December 30, 2016 8:17:49 AM
   Default Gateway . . . . . . . . . : 10.10.1.1
   DHCP Server . . . . . . . . . . . : 10.10.1.1
   DNS Servers . . . . . . . . . . . : 10.10.0.2
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 00-1B-DC-06-AA-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  nt1.ut.local
Address:  10.10.0.2
 
Name:    google.com
Addresses:  2607:f8b0:4002:c06::65
 173.194.223.102
 173.194.223.101
 173.194.223.113
 173.194.223.138
 173.194.223.139
 173.194.223.100
 
 
Pinging google.com [173.194.223.101] with 32 bytes of data:
Reply from 173.194.223.101: bytes=32 time=56ms TTL=44
Reply from 173.194.223.101: bytes=32 time=50ms TTL=44
 
Ping statistics for 173.194.223.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 50ms, Maximum = 56ms, Average = 53ms
Server:  nt1.ut.local
Address:  10.10.0.2
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=70ms TTL=49
Reply from 98.138.253.109: bytes=32 time=68ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 70ms, Average = 69ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...a0 b3 cc 51 97 0f ......Realtek PCIe GBE Family Controller
 11...bc 85 56 08 f8 c1 ......Microsoft Wi-Fi Direct Virtual Adapter
  7...bc 85 56 08 f8 c7 ......Ralink RT5390R 802.11bgn Wi-Fi Adapter
 12...00 1b dc 06 aa 7d ......Bluetooth Device (Personal Area Network) #2
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.10.1.1      10.10.1.156     56
        10.10.1.0    255.255.255.0         On-link       10.10.1.156    311
      10.10.1.156  255.255.255.255         On-link       10.10.1.156    311
      10.10.1.255  255.255.255.255         On-link       10.10.1.156    311
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       10.10.1.156    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       10.10.1.156    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  1    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/29/2016 08:44:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (12/29/2016 08:39:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/29/2016 08:32:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
 
Error: (12/29/2016 08:21:48 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (12/29/2016 08:43:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/29/2016 08:19:58 AM) (Source: DCOM) (User: LUKE-ENVY)
Description: {21F282D1-A881-49E1-9A3A-26E44E39B86C}
 
Error: (12/29/2016 08:17:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/29/2016 08:17:58 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/29/2016 08:17:44 AM) (Source: Service Control Manager) (User: )
Description: The HvHost service terminated with the following error: 
%%31 = A device attached to the system is not functioning.
 
 
Error: (12/29/2016 08:17:44 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
Microsoft Office Sessions:
=========================
Error: (12/29/2016 08:44:58 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifestc:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe
 
Error: (12/29/2016 08:39:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/29/2016 08:32:27 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifestc:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe
 
Error: (12/29/2016 08:21:48 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.18 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CentraStage (HKLM-x32\...\CentraStage) (Version: 4.4.1951.1951 - CentraStage Limited)
Chatter Desktop (HKLM-x32\...\{2E5CF58A-7268-AAC7-1037-B4DDACF91B4D}) (Version: 3.2.3 - Salesforce.com) Hidden
Chatter Desktop (HKLM-x32\...\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1) (Version: 3.2.3 - Salesforce.com)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\{1B1804FD-E82B-3F90-BF06-C790151AA7EB}) (Version: 51.0.2704.84 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Node.js (HKLM\...\{EBF9E075-7642-489B-B557-992F349CFB40}) (Version: 6.9.2 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Razer Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.6.4 - Splashtop Inc.)
Spotify (HKCU\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.13.75 - Webroot)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: ACPI\HPQ0004\2&DABA3FF&1
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 16273.28 MB
Available physical RAM: 12319.23 MB
Total Virtual: 17553.28 MB
Available Virtual: 13597.1 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:464.36 GB) (Free:277.65 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LUKE-ENVY
 
Administrator            DefaultAccount           Guest                    
Luke Shaw                
 
 
**** End of log ****

Edited by limitless285, 29 December 2016 - 08:51 AM.


#5 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 08:55 AM

URGENT: My Windows Office 2016 has stopped working - it says that "something went wrong" every time I try to open Word, Powerpoint, Outlook, etc.

 

It says to repair it, but I'm guessing that O&O Shutup caused it. I tried to open it right after O&O, before everything else, and that's when it stopped working.

 

I'm at work and really need to have these programs running!

 

Again, thank you so much for your help. It's very appreciated



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 09:03 AM

Remove these two with Geek Uninstaller.

 

 

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.6.4 - Splashtop Inc.)
 
It's gonna take a while to go over this....


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 09:04 AM

Remove O&O with geek uninstaller, then reboot.



#8 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 09:13 AM

Splashtop is a part of my company's IT system - I will be leaving it. 

 

O&O is not showing up in the programs list. It doesn't get installed, it's just a run program



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 09:16 AM

Does O&O have a revert option? If not perform a system restore prior to running the tool. I am on windows 7...



#10 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 09:26 AM

Okay System Restore done... that wasn't the problem though. The Office 365 Click-to-open service was disabled, so all I had to do was enable that again.

 

So: Splashtop is being saved, Office is working again. Should I re-run O&O Shutup?



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 09:30 AM

Should I re-run O&O Shutup?

 

Yes, now you know that it may disable that service... And this is going to take me while to go over, so do not expect a reply anytime soon. But within 24 hours or so...



#12 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 09:35 AM

Sounds great, thank you. Running O&O now! I really appreciate your help.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 12:12 PM

While researching your issue, I came across an  interesting batch file. I think this is right up your alley, please read what it does and see if you wish to run this.

 

http://win10epicfail.proboards.com/thread/100/interested-participating-tweaker-development-test

 

Removes a lot of the Telemetry and remote desktop things you are inquiring about. I think this may be just what the doctor ordered for your particular case.



#14 limitless285

limitless285
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 29 December 2016 - 01:13 PM

While researching your issue, I came across an  interesting batch file. I think this is right up your alley, please read what it does and see if you wish to run this.

 

http://win10epicfail.proboards.com/thread/100/interested-participating-tweaker-development-test

 

Removes a lot of the Telemetry and remote desktop things you are inquiring about. I think this may be just what the doctor ordered for your particular case.

 

A lot of that tool certainly appeals to me, but it's too much. There some features that it explicitely gets rid of that I would want to keep. 

 

Thank you for the recommendation though. Are you able to continue with checking through my logs/do more scans?



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 December 2016 - 05:47 PM

Yeah, please run these tools while I look things over. :)

 

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

 

Clean up temp files and reduce startup load with CCleaner.
 

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.





  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users