You are on page 1of 63

SpyHolesList Version:7.1 Build:6.9.7.10-BootCD 20.03.

2011 12:08:11 WinDir=C:\WINDOWS Startup=C:\DOCUMENTS AND SETTINGS\JOY\START MENU\PROGRAMS\STARTUP\ Common Startup=C:\DOCUMENTS AND SETTINGS\All Users\START MENU\PROGRAMS\STARTUP\ Microsoft Windows XP Service Pack 3 (6.0.6000) Internet Explorer 6.0.2900.5512 [Internet Explorer] [Default Home Page] :HKLM Default_Page_URL=http://www.microsoft.com/isapi/redi r.dll?prd=ie&pver=6&ar=msnhome [Current Home Page] :HKCU Start Page=about:blank [Current Home Page] :HKCU HOMEOldSP="" [Search URL Template] :HKLM 1=www.%s.com [Search URL Template] :HKLM 2=www.%s.org [Search URL Template] :HKLM 3=www.%s.net [Search URL Template] :HKLM 4=www.%s.edu [All Users Search] :HKLM Default_Search_URL=http://www.microsoft.com/isapi/red ir.dll?prd=ie&ar=iesearch [All Users Search] :HKLM Search Page=http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch [Current Users Search] :HKCU Search Page=http://www.microsoft.com/isapi/redir. dll?prd=ie&ar=iesearch [Current Users Search] :HKCU Search Bar="" [IE Local Blank Page] :HKLM Local Page=%SystemRoot%\system32\blank.htm [IE Local Blank Page] :HKCU Local Page=C:\WINDOWS\system32\blank.htm [Browser Helper Objects] {0055C089-8582-441B-A0BF-17B458C2A3A8}=C:\PROGRAM FIL ES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL ### IDM BHO Module Tonec Inc. Internet Download Manager Module 5, 17, 1, 0 [Browser Helper Objects] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}=C:\PROGRAM FIL ES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEHELPERSHIM.DLL ### Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated AcroIEHe lperShim Library 9.0.0.2008061100 [Browser Helper Objects] {30F9B915-B755-4826-820B-08FBA6BD249D}=C:\PROGRAM FIL ES\CONDUITENGINE\CONDUITENGINE.DLL ### Conduit Toolbar Conduit Ltd. Conduit Toolbar 6.2.3.0 [Browser Helper Objects] {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}=C:\PROGRAM FIL ES\SOFTONIC-ENG7\TBSOFT.DLL ### Conduit Toolbar Conduit Ltd. Conduit Toolbar 6.2.3.0 [Browser Helper Objects] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MI CROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Browser Helper Objects] {AE7CD045-E861-484f-8273-0445EE161910}=C:\PROGRAM FIL ES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEFAVCLIENT.DLL ### Adobe PDF Toolbar for Internet Explorer Adobe Systems Incorporated Adobe P DF Toolbar for IE 9.0.0.2008061100 [Browser Helper Objects] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}=C:\PROGRAM FIL ES\SKYPE\TOOLBARS\INTERNET EXPLORER\SKYPEIEPLUGIN.DLL ### Skype add-on for IE Skype Technologies S.A. Skype Toolbars 5.0.0.6906 [Browser Helper Objects] {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\PROGRAM FIL ES\JAVA\JRE6\BIN\JP2SSV.DLL ### Java(TM) Platform SE binary Sun Microsystems, Inc. Java(TM) Platform SE 6 U22 6.0.220.4 [Browser Helper Objects] {DDA57003-0068-4ed2-9D32-4D1EC707D94D}=C:\PROGRAM FIL ES\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\PRIVATEASSEMBLIES\MICROSOFT.VISUALST UDIO.QUALITYTOOLS.RECORDERBARBHO100.DLL ### Microsoft Web Test Recorder Helper Microsoft Corporation Microsoft Visual S tudio 2010 10.0.30319.1 [Browser Helper Objects] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}=C:\PROGRAM FIL ES\JAVA\JRE6\LIB\DEPLOY\JQS\IE\JQS_PLUGIN.DLL

### Java(TM) Quick Starter binary Sun Microsystems, Inc. Java(TM) Platform SE 6 U22 6.0.220.4 [Browser Helper Objects] {F4971EE7-DAA0-4053-9964-665D8EE6A077}=C:\PROGRAM FIL ES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEFAVCLIENT.DLL ### Adobe PDF Toolbar for Internet Explorer Adobe Systems Incorporated Adobe P DF Toolbar for IE 9.0.0.2008061100 [Auto Search URL] :HKCU provider="" [Auto Search URL] :HKCU "Default Value"="" [Search Assistant] :HKLM SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766 }/srchasst/srchasst.htm [Search Assistant] :HKLM CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766 }/srchasst/srchcust.htm [Search Assistant] :HKCU SearchAssistant="" [Search Assistant] :HKCU CustomizeSearch="" [CustomizeSearch] :HKLM CustomizeSearch="" [URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\SYSTEM 32\SHDOCVW.DLL ### Shell Doc Object and Control Library Microsoft Corporation Microsoft Window s Operating System 6.00.2900.5512 [URLSearchHook] :HKCU {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}=C:\PROGRAM FILES\ SOFTONIC-ENG7\TBSOFT.DLL ### Conduit Toolbar Conduit Ltd. Conduit Toolbar 6.2.3.0 [Default Prefix] :HKLM "Default Value"=http:// [URL Default Prefixes] :HKLM ftp=ftp:// [URL Default Prefixes] :HKLM gopher=gopher:// [URL Default Prefixes] :HKLM home=http:// [URL Default Prefixes] :HKLM mosaic=http:// [URL Default Prefixes] :HKLM www=http:// [Safe Sites] :HKLM ie.search.msn.com=http://ie.search.msn.com/* [AboutURLs] :HKLM DesktopItemNavigationFailure=res://shdoclc.dll/navcancl.htm [AboutURLs] :HKLM NavigationFailure=res://shdoclc.dll/navcancl.htm [AboutURLs] :HKLM NavigationCanceled=res://shdoclc.dll/navcancl.htm [AboutURLs] :HKLM OfflineInformation=res://shdoclc.dll/offcancl.htm [AboutURLs] :HKLM Home=270 [AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm [AboutURLs] :HKLM PostNotCached=res://mshtml.dll/repost.htm [User Style Sheet] :HKCU User Stylesheet="" [User Style Sheet] :HKCU Use My Stylesheet=0 [User Style Sheet] :HKLM User Stylesheet="" [User Style Sheet] :HKLM Use My Stylesheet=0 [Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=1 [Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=1 [Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=3 [Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=3 [Execute unsigned ActiveX in Internet Zone] :HKLM 1201=3 [Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3 [Links Toolbar] :HKCU LinksFolderName=Links [Toolbars] :HKLM {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}=C:\PROGRAM FILES\SOFTO NIC-ENG7\TBSOFT.DLL ### Conduit Toolbar Conduit Ltd. Conduit Toolbar 6.2.3.0 [Toolbars] :HKLM {30F9B915-B755-4826-820B-08FBA6BD249D}=C:\PROGRAM FILES\CONDU ITENGINE\CONDUITENGINE.DLL ### Conduit Toolbar Conduit Ltd. Conduit Toolbar 6.2.3.0 [Toolbars] :HKLM {47833539-D0C5-4125-9FA8-0819E2EAAC93}=C:\PROGRAM FILES\COMMO N FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEFAVCLIENT.DLL ### Adobe PDF Toolbar for Internet Explorer Adobe Systems Incorporated Adobe P DF Toolbar for IE 9.0.0.2008061100 [Explorer Bars] :HKLM {4D5C8C25-D075-11d0-B416-00C04FB90376}=C:\WINDOWS\SYSTEM 32\SHDOCVW.DLL ### Shell Doc Object and Control Library Microsoft Corporation Microsoft Window

s Operating System 6.00.2900.5512 [Explorer Bars] :HKLM {5802D092-1784-4908-8CDB-99B6842D353D}=C:\WINDOWS\System 32\MSCOREE.DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NE T Framework 4.0.31106.0 [IE Extensions - All Users] :HKLM {2670000A-7350-4f3c-8081-5663EE0C6C49}=C:\WI NDOWS\SYSTEM32\SHDOCVW.DLL ### Shell Doc Object and Control Library Microsoft Corporation Microsoft Window s Operating System 6.00.2900.5512 [IE Extensions - All Users] :HKLM {898EA8C8-E7FF-479B-8935-AEC46303B9E5}=C:\WI NDOWS\SYSTEM32\SHDOCVW.DLL ### Shell Doc Object and Control Library Microsoft Corporation Microsoft Window s Operating System 6.00.2900.5512 [IE Extensions - All Users] :HKLM {92780B25-18CC-41C8-B9BE-3C9C571A8263}=C:\PR OGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL ### Allows you to use the Research Library and its collection of information s ervices from Microsoft Internet Explorer Microsoft Corporation Research Library Explorer Bar 12.0.4518.1014 [IE Extensions - All Users] :HKLM {e2e2dd38-d088-4134-82b7-f2ba38496583}=C:\WI NDOWS\NETWORK DIAGNOSTIC\XPNETDIAG.EXE ### Network Diagnostic for Windows XP Microsoft Corporation Microsoft Windows Op erating System 5.1.2600.5512 [IE Extensions - All Users] :HKLM {FB5F1910-F110-11d2-BB9E-00C04F795683}=C:\PR OGRAM FILES\MESSENGER\MSMSGS.EXE ### Windows Messenger Microsoft Corporation Messenger Version 4.7.3001 [Context menu items] :HKCU Append Link Target to Existing PDF=res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLin ks.html ### File is deleted or hidden by rootkit or could not be located. [Context menu items] :HKCU Append to Existing PDF=res://C:\Program Files\Commo n Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html ### File is deleted or hidden by rootkit or could not be located. [Context menu items] :HKCU Convert Link Target to Adobe PDF=res://C:\Program F iles\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLink s.html ### File is deleted or hidden by rootkit or could not be located. [Context menu items] :HKCU Convert to Adobe PDF=res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html ### File is deleted or hidden by rootkit or could not be located. [Context menu items] :HKCU Download all links with IDM=C:\PROGRAM FILES\INTERN ET DOWNLOAD MANAGER\IEGETALL.HTM [Context menu items] :HKCU Download FLV video content with IDM=C:\PROGRAM FILE S\INTERNET DOWNLOAD MANAGER\IEGETVL.HTM [Context menu items] :HKCU Download with IDM=C:\PROGRAM FILES\INTERNET DOWNLOA D MANAGER\IEEXT.HTM [Context menu items] :HKCU E&xport to Microsoft Excel=res://C:\PROGRA~1\MICROS ~2\Office12\EXCEL.EXE/3000 ### File is deleted or hidden by rootkit or could not be located. [Active Desktop Components] :HKCU 0=About:Home ### Source=About:Home SubscribedURL=About:Home [Protocols Filter] :HKLM application/octet-stream=C:\WINDOWS\System32\MSCOREE. DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NE T Framework 4.0.31106.0 [Protocols Filter] :HKLM application/x-complus=C:\WINDOWS\System32\MSCOREE.DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NE T Framework 4.0.31106.0 [Protocols Filter] :HKLM application/x-msdownload=C:\WINDOWS\System32\MSCOREE. DLL ### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft .NE

T Framework 4.0.31106.0 [Protocols Filter] :HKLM Class Install Handler=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Filter] :HKLM deflate=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Filter] :HKLM gzip=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Filter] :HKLM lzdhtml=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Filter] :HKLM text/webviewhtml=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Protocols Filter] :HKLM text/xml=C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXM LMF.DLL ### Microsoft Office XML MIME Filter Microsoft Corporation Microsoft Office In foPath 12.0.4518.1014 [Protocols Handler] :HKLM about=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM cdl=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM dvd=C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL ### ActiveX control for streaming video Microsoft Corporation DirectShow 6.05. 2600.5512 [Protocols Handler] :HKLM file=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM ftp=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM gopher=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM grooveLocalGWS=C:\PROGRA~1\MICROS~2\OFFICE12\GR99D3~ 1.DLL ### GrooveSystemServices Module Microsoft Corporation GrooveSystemServices Mod ule 4.2.0.2623 [Protocols Handler] :HKLM http=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM https=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM ipp [Protocols Handler] :HKLM its=C:\WINDOWS\SYSTEM32\ITSS.DLL ### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft Wi ndows Operating System 5.2.3790.4186 [Protocols Handler] :HKLM javascript=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM local=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM mailto=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating

System 6.00.2900.5512 [Protocols Handler] :HKLM mhtml=C:\WINDOWS\SYSTEM32\INETCOMM.DLL ### Microsoft Internet Messaging API Microsoft Corporation Microsoft Windows Ope rating System 6.00.2900.5512 [Protocols Handler] :HKLM mk=C:\WINDOWS\SYSTEM32\URLMON.DLL ### OLE32 Extensions for Win32 Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM ms-help=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHAR ED\HELP\HXDS.DLL ### Microsoft Help Data Services Module Microsoft Corporation Microsoft Help 2. 5 2.05.50727.198 [Protocols Handler] :HKLM ms-its=C:\WINDOWS\SYSTEM32\ITSS.DLL ### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft Wi ndows Operating System 5.2.3790.4186 [Protocols Handler] :HKLM msdaipp [Protocols Handler] :HKLM res=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM skype-ie-addon-data=C:\PROGRAM FILES\SKYPE\TOOLBARS\ INTERNET EXPLORER\SKYPEIEPLUGIN.DLL ### Skype add-on for IE Skype Technologies S.A. Skype Toolbars 5.0.0.6906 [Protocols Handler] :HKLM skype4com=C:\PROGRA~1\COMMON~1\SKYPE\SKYPE4~1.DLL ### Skype for COM API Skype Technologies Skype4COM 1, 0, 36, 0 [Protocols Handler] :HKLM sysimage=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM tv=C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL ### ActiveX control for streaming video Microsoft Corporation DirectShow 6.05. 2600.5512 [Protocols Handler] :HKLM vbscript=C:\WINDOWS\SYSTEM32\MSHTML.DLL ### Microsoft (R) HTML Viewer Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Protocols Handler] :HKLM wia=C:\WINDOWS\SYSTEM32\WIASCR.DLL ### WIA Scripting Layer Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Proxy] :HKCU ProxyServer="" [Proxy] :HKCU ProxyEnable=0 [Network Settings] [Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc [Hosts File Contents] :HKLM 127.0.0.1 localhost [Hosts File Contents] :HKLM 127.0.0.1 serial.alcohol-soft.com [Hosts File Contents] :HKLM 127.0.0.1 www.alcohol-soft.com [Hosts File Contents] :HKLM 127.0.0.1 images.alcohol-soft.com [Hosts File Contents] :HKLM 127.0.0.1 trial.alcohol-soft.com [Hosts File Contents] :HKLM 127.0.0.1 alcohol-soft.com [Hosts File Contents] :HKLM 127.0.0.1 activate.adobe.c om [Domain Name] :HKLM Domain="" [Name Server] {ED4E77FA-B46A-47EA-BBED-C34F0750AB26}=8.8.8.8,208.67.222.222 ### Network Card:TL-WN322G Wireless USB Adapter DHCPNameServer:180.131.144.144 180.131.145.145 DhcpDefaultGateway:192.168.1.1 DhcpServer:192.168.1.1 [WinSock2 Components] :HKLM mswsock.dll=C:\WINDOWS\SYSTEM32\MSWSOCK.DLL ### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Micro soft Windows Operating System 5.1.2600.5512 [WinSock2 Components] :HKLM winrnr.dll=C:\WINDOWS\SYSTEM32\WINRNR.DLL ### LDAP RnR Provider DLL Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [WinSock2 Components] :HKLM rsvpsp.dll=C:\WINDOWS\SYSTEM32\RSVPSP.DLL ### Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation Microsof

t Windows Operating System 5.1.2600.5512 [Windows Shell] [Display Scrap's Extensions] :HKLM NeverShowExt="" [ScreenSaver] :HKCU SCRNSAVE.EXE=C:\WINDOWS\SYSTEM32\LOGON.SCR ### Logon Screen Saver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [System.ini] :HKLM shell=Explorer.exe [User Shell] :HKCU shell="" [Main File Extensions] :HKLM .exe="%1" %* [Main File Extensions] :HKLM .com="%1" %* [Main File Extensions] :HKLM .pif="%1" %* [Main File Extensions] :HKLM .bat="%1" %* [Main File Extensions] :HKLM .cmd="%1" %* [Main File Extensions] :HKLM .scr="C:\WINDOWS\system32\notepad.exe" "%1" [Main File Extensions] :HKLM .txt=%SystemRoot%\system32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .reg=regedit.exe %1 [Main File Extensions] :HKLM .inf=%SystemRoot%\System32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .ini=%SystemRoot%\System32\NOTEPAD.EXE %1 [Main File Extensions] :HKLM .js=%SystemRoot%\System32\WScript.exe "%1" %* [Main File Extensions] :HKLM .vbs=%SystemRoot%\System32\WScript.exe "%1" %* [Main File Extensions] :HKLM .vbe=%SystemRoot%\System32\WScript.exe "%1" %* [Main File Extensions] :HKLM .msc=%SystemRoot%\system32\mmc.exe "%1" %* [Main File Extensions] :HKLM .jpg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll ,ImageView_Fullscreen %1 [Main File Extensions] :HKLM .jpeg=rundll32.exe C:\WINDOWS\system32\shimgvw.dl l,ImageView_Fullscreen %1 [Shell Execute Hooks] :HKLM {AEB6717E-7E19-11d0-97EE-00C04FD91972}=C:\WINDOWS\ System32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Shell Execute Hooks] :HKLM {B5A7F190-DDA6-4420-B3BA-52453494E6CD}=C:\PROGRA~1 \MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Execute Hooks] :HKLM {F552DDE6-2090-4bf4-B924-6141E87789A5}=C:\PROGRA~1 \GREATIS\REGRUN~1\RRSHELL.DLL ### RRShell Module Greatis Software, LLC RRShell Module 1, 0, 1, 3 [UserInit Value] :HKLM UserInit=C:\WINDOWS\system32\userinit.exe, [Winlogon Notification] :HKLM crypt32chain=C:\WINDOWS\System32\CRYPT32.DLL ### crypt32chain Crypto API32 Microsoft Corporation Microsoft Windows Operating System 5.131.2600.5512 [Winlogon Notification] :HKLM cryptnet=C:\WINDOWS\System32\CRYPTNET.DLL ### cryptnet Crypto Network Related API Microsoft Corporation Microsoft Windows Operating System 5.131.2600.5512 [Winlogon Notification] :HKLM cscdll=C:\WINDOWS\System32\CSCDLL.DLL ### cscdll Offline Network Agent Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Winlogon Notification] :HKLM dimsntfy=C:\WINDOWS\SYSTEM32\DIMSNTFY.DLL ### dimsntfy DIMS Notification Handler Microsoft Corporation Microsoft Windows O perating System 5.1.2600.5512 [Winlogon Notification] :HKLM igfxcui=C:\WINDOWS\System32\IGFXDEV.DLL ### igfxcui igfxdev Module Intel Corporation Intel(R) Common User Interface 6. 14.10.4926 [Winlogon Notification] :HKLM ScCertProp=C:\WINDOWS\System32\WLNOTIFY.DLL ### ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporat ion Microsoft Windows Operating System 5.1.2600.5512 [Winlogon Notification] :HKLM Schedule=C:\WINDOWS\System32\WLNOTIFY.DLL ### Schedule Common DLL to receive Winlogon notifications Microsoft Corporatio n Microsoft Windows Operating System 5.1.2600.5512 [Winlogon Notification] :HKLM sclgntfy=C:\WINDOWS\System32\SCLGNTFY.DLL

### sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Winlogon Notification] :HKLM SensLogn=C:\WINDOWS\System32\WLNOTIFY.DLL ### SensLogn Common DLL to receive Winlogon notifications Microsoft Corporatio n Microsoft Windows Operating System 5.1.2600.5512 [Winlogon Notification] :HKLM termsrv=C:\WINDOWS\System32\WLNOTIFY.DLL ### termsrv Common DLL to receive Winlogon notifications Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Winlogon Notification] :HKLM wlballoon=C:\WINDOWS\System32\WLNOTIFY.DLL ### wlballoon Common DLL to receive Winlogon notifications Microsoft Corporati on Microsoft Windows Operating System 5.1.2600.5512 [Shell Services DelayLoad] :HKLM PostBootReminder=C:\WINDOWS\SYSTEM32\SHELL32. DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Shell Services DelayLoad] :HKLM CDBurn=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Shell Services DelayLoad] :HKLM WebCheck=C:\WINDOWS\SYSTEM32\WEBCHECK.DLL ### Web Site Monitor Microsoft Corporation Microsoft Windows Operating System 6. 00.2900.5512 [Shell Services DelayLoad] :HKLM SysTray=C:\WINDOWS\SYSTEM32\STOBJECT.DLL ### Systray shell service object Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [App Paths] :HKLM Acrobat.exe=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrob at.exe ### Acrobat.exe Adobe Acrobat 9.0 Adobe Systems Incorporated Adobe Acrobat 9.0 .0.2008061200 [App Paths] :HKLM AcrobatInfo.exe=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\A crobatInfo.exe ### AcrobatInfo.exe Adobe Acrobat 9.0 Adobe Systems Incorporated Adobe Acrobat 9.0.0.2008061100 [App Paths] :HKLM AcroDist.exe=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acro Dist.exe ### AcroDist.exe Acrobat Distiller Adobe Systems Incorporated. Acrobat Disti ller for Windows 9.0.0.2008061100 [App Paths] :HKLM alcohol.exe=C:\Program Files\Alcohol Soft\Alcohol 120\alcoho l.exe ### alcohol.exe Alcohol 120% loader v1.2 1.2.0.0 [App Paths] :HKLM alcohol__.exe=C:\Program Files\Alcohol Soft\Alcohol 120\alco hol__.exe ### alcohol__.exe Alcohol 120% Alcohol Soft Development Team Alcohol 120% 1.9 [App Paths] :HKLM bckgzm.exe=C:\Program Files\MSN Gaming Zone\Windows\bckgzm.e xe ### bckgzm.exe Zone Datafile Microsoft Corporation Zone.com 1.2.626.1 [App Paths] :HKLM bridge.exe=C:\Program Files\Adobe\Adobe Bridge CS4\bridge.ex e ### bridge.exe Adobe Bridge Adobe Systems, Inc. Bridge 3.0.0.464 [App Paths] :HKLM chkrzm.exe=C:\Program Files\MSN Gaming Zone\Windows\chkrzm.e xe ### chkrzm.exe Zone Datafile Microsoft Corporation Zone.com 1.2.626.1 [App Paths] :HKLM chrome.exe=C:\Documents and Settings\Joy\Local Settings\Appl ication Data\Google\Chrome\Application\chrome.exe ### chrome.exe Google Chrome Google Inc. Google Chrome 0.0.0.0 [App Paths] :HKLM CONF.EXE=C:\Program Files\NetMeeting\conf.exe ### CONF.EXE Windows NetMeeting Microsoft Corporation Windows NetMeeting 3.01 [App Paths] :HKLM devenv.exe=C:\Program Files\Microsoft Visual Studio 10.0\Com mon7\IDE\devenv.exe ### devenv.exe Microsoft Visual Studio 2010 Microsoft Corporation Microsoft Vis ual Studio 2010 10.0.30319.1

[App Paths] :HKLM dialer.exe=C:\Program Files\Windows NT\dialer.exe ### dialer.exe TAPI 3.0 Dialer and IP Multicast Conference Viewer Microsoft Co rporation Microsoft Windows Operating System 5.1.2600.5512 [App Paths] :HKLM excel.exe=C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE ### excel.exe Microsoft Office Excel Microsoft Corporation 2007 Microsoft Offi ce system 12.0.4518.1014 [App Paths] :HKLM GOM.exe=C:\Program Files\GRETECH\GomPlayer\GOM.exe ### GOM.exe GOM Player Gretech Corp. GOM Player 2, 1, 28, 5039 [App Paths] :HKLM GROOVE.EXE=C:\PROGRA~1\MICROS~2\Office12\GROOVE.EXE ### GROOVE.EXE Microsoft Office Groove Microsoft Corporation Microsoft Office Groove 4.2.0.2623 [App Paths] :HKLM HELPCTR.EXE=C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE ### HELPCTR.EXE Microsoft Help and Support Center Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [App Paths] :HKLM hrtzzm.exe=C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.e xe ### hrtzzm.exe Zone Datafile Microsoft Corporation Zone.com 1.2.626.1 [App Paths] :HKLM hypertrm.exe="C:\Program Files\Windows NT\hypertrm.exe" ### hypertrm.exe HyperTerminal Applet Hilgraeve, Inc. Microsoft Windows Operatin g System 5.1.2600.0 [App Paths] :HKLM ICWCONN1.EXE="C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE" ### ICWCONN1.EXE Internet Connection Wizard Microsoft Corporation Microsoft Win dows Operating System 6.00.2900.5512 [App Paths] :HKLM ICWCONN2.EXE="C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE" ### ICWCONN2.EXE Internet Connection Wizard Microsoft Corporation Microsoft Win dows Operating System 6.00.2900.5512 [App Paths] :HKLM IEXPLORE.EXE=C:\Program Files\Internet Explorer\iexplore.exe ### IEXPLORE.EXE Internet Explorer Microsoft Corporation Microsoft Windows Opera ting System 6.00.2900.5512 [App Paths] :HKLM INETWIZ.EXE="C:\Program Files\Internet Explorer\Connection W izard\INETWIZ.EXE" ### INETWIZ.EXE Internet Connection Wizard Microsoft Corporation Microsoft Wind ows Operating System 6.00.2900.5512 [App Paths] :HKLM infopath.exe=C:\PROGRA~1\MICROS~2\Office12\INFOPATH.EXE ### infopath.exe Microsoft Office InfoPath 2007 Microsoft Corporation Microsof t Office InfoPath 12.0.4518.1014 [App Paths] :HKLM install.exe ### install.exe [App Paths] :HKLM ISIGNUP.EXE="C:\Program Files\Internet Explorer\Connection W izard\ISIGNUP.EXE" ### ISIGNUP.EXE Internet Signup Microsoft Corporation Microsoft Windows Operatin g System 6.00.2600.0000 [App Paths] :HKLM javaws.exe=C:\Program Files\Java\jre6\bin\javaws.exe ### javaws.exe Java(TM) Web Start Launcher Sun Microsystems, Inc. Java(TM) Pla tform SE 6 U22 6.0.220.4 [App Paths] :HKLM migwiz.exe=%SystemRoot%\system32\usmt\migwiz.exe ### migwiz.exe [App Paths] :HKLM moviemk.exe=C:\Program Files\Movie Maker\moviemk.exe ### moviemk.exe Windows Movie Maker Microsoft Corporation Windows Movie Maker 2.1.4026.0 [App Paths] :HKLM mpc-hc.exe="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" ### mpc-hc.exe Media Player Classic - Home Cinema MPC-HC Team Media Player Cla ssic - Home Cinema 1, 4, 2764, 0 [App Paths] :HKLM mplayer2.exe="C:\Program Files\Windows Media Player\mplayer2 .exe" ### mplayer2.exe Windows Media Player Microsoft Corporation Microsoft Windows Media Player 6.4.09.1125

[App Paths] :HKLM MSACCESS.EXE=C:\PROGRA~1\MICROS~2\Office12\MSACCESS.EXE ### MSACCESS.EXE Microsoft Office Access Microsoft Corporation 2007 Microsoft Office system 12.0.4518.1014 [App Paths] :HKLM MSCONFIG.EXE=C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.E XE ### MSCONFIG.EXE System Configuration Utility Microsoft Corporation Microsoft W indows Operating System 5.1.2600.5512 [App Paths] :HKLM msimn.exe=%ProgramFiles%\Outlook Express\msimn.exe ### msimn.exe [App Paths] :HKLM msinfo32.exe=C:\Program Files\Common Files\Microsoft Shared\ MSInfo\MSInfo32.exe ### msinfo32.exe System Information Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.0 [App Paths] :HKLM MSMSGS.EXE=C:\Program Files\Messenger\msmsgs.exe ### MSMSGS.EXE Windows Messenger Microsoft Corporation Messenger Version 4.7.3 001 [App Paths] :HKLM MsoHtmEd.exe ### MsoHtmEd.exe [App Paths] :HKLM msoxmled.exe=C:\Program Files\Common Files\Microsoft Shared\ OFFICE12\MSOXMLED.EXE ### msoxmled.exe XML Editor Microsoft Corporation Microsoft Office InfoPath 12 .0.4518.1014 [App Paths] :HKLM MSPUB.EXE=C:\PROGRA~1\MICROS~2\Office12\MSPUB.EXE ### MSPUB.EXE Microsoft Office Publisher Microsoft Corporation 2007 Microsoft Office system 12.0.4518.1014 [App Paths] :HKLM ois.exe=C:\PROGRA~1\MICROS~2\Office12\OIS.EXE ### ois.exe Microsoft Office Picture Manager Microsoft Corporation Microsoft O ffice Picture Manager 12.0.4518.1014 [App Paths] :HKLM OneNote.exe=C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE ### OneNote.exe Microsoft Office OneNote Microsoft Corporation Microsoft Offic e OneNote 12.0.4518.1014 [App Paths] :HKLM OUTLOOK.EXE=C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE ### OUTLOOK.EXE Microsoft Office Outlook Microsoft Corporation Microsoft Offic e Outlook 12.0.4518.1014 [App Paths] :HKLM pbrush.exe=%SystemRoot%\system32\mspaint.exe ### pbrush.exe [App Paths] :HKLM PFPortChecker.exe=C:\Program Files\PFPortChecker\PFPortCheck er.exe ### PFPortChecker.exe PFPortchecker by portforward.com helps check if your por ts are properly forwarded. portforward.com PFPortChecker 1.00.0039 [App Paths] :HKLM Photoshop.exe=C:\Program Files\Adobe\Adobe Photoshop CS4\Pho toshop.exe ### Photoshop.exe Adobe Photoshop CS4 Adobe Systems, Incorporated Adobe Photos hop CS4 CS4 [App Paths] :HKLM PictureViewer.exe=C:\Program Files\QuickTime\PictureViewer.e xe ### PictureViewer.exe PictureViewer Apple Inc. QuickTime QuickTime 7.6.9 (1680 .9) [App Paths] :HKLM pinball.exe=C:\Program Files\Windows NT\Pinball\pinball.exe ### pinball.exe 3D Pinball Cinematronics 3D Pinball 5.1.2600.5512 [App Paths] :HKLM powerpnt.exe=C:\PROGRA~1\MICROS~2\Office12\POWERPNT.EXE ### powerpnt.exe Microsoft Office PowerPoint Microsoft Corporation 2007 Micros oft Office system 12.0.4518.1014 [App Paths] :HKLM QuickTimePlayer.exe=C:\Program Files\QuickTime\QuickTimePlay er.exe ### QuickTimePlayer.exe QuickTime Player Apple Inc. QuickTime QuickTime 7.6.9 (1680.9) [App Paths] :HKLM regrun2.exe=C:\Program Files\Greatis\RegRunSuite\regrun2.exe ### regrun2.exe RegRun Start Control Greatis Software RegRun Security Suite 6. 99 release

[App Paths] :HKLM rvsezm.exe=C:\Program Files\MSN Gaming Zone\Windows\rvsezm.e xe ### rvsezm.exe Zone Datafile Microsoft Corporation Zone.com 1.2.626.1 [App Paths] :HKLM sed.exe=C:\Program Files\Greatis\RegRunSuite\sed.exe ### sed.exe System Files Editor Greatis Software RegRun Security Suite 6.9 [App Paths] :HKLM setup.exe ### setup.exe [App Paths] :HKLM shvlzm.exe=C:\Program Files\MSN Gaming Zone\Windows\shvlzm.e xe ### shvlzm.exe Zone Datafile Microsoft Corporation Zone.com 1.2.626.1 [App Paths] :HKLM table30.exe ### table30.exe [App Paths] :HKLM wab.exe=%ProgramFiles%\Outlook Express\wab.exe ### wab.exe [App Paths] :HKLM wabmig.exe=%ProgramFiles%\Outlook Express\wabmig.exe ### wabmig.exe [App Paths] :HKLM winnt32.exe ### winnt32.exe [App Paths] :HKLM WinRAR.exe=C:\Program Files\WinRAR\WinRAR.exe ### WinRAR.exe [App Paths] :HKLM Winword.exe=C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE ### Winword.exe Microsoft Office Word Microsoft Corporation 2007 Microsoft Off ice system 12.0.4518.1014 [App Paths] :HKLM wmplayer.exe=C:\Program Files\Windows Media Player\wmplayer. exe ### wmplayer.exe Windows Media Player Microsoft Corporation Microsoft(R) Windo ws Media Player 9.00.00.4503 [App Paths] :HKLM WORDPAD.EXE=C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD. EXE ### WORDPAD.EXE WordPad MFC Application Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [App Paths] :HKLM WRITE.EXE="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE " ### WRITE.EXE [App Paths] :HKLM XPSViewer.exe="C:\WINDOWS\system32\XPSViewer\XPSViewer.exe" ### XPSViewer.exe XPSViewer.exe Microsoft Corporation Microsoft .NET Framework 3.0.6920.1427 [Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0 [Disable Registry Tools] :HKCU DisableRegistryTools =0 [SharedTaskScheduler] :HKLM {438755C2-A8BA-11D1-B96B-00A0C90312E1}=C:\WINDOWS\ SYSTEM32\BROWSEUI.DLL ### Shell Browser UI Library Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [SharedTaskScheduler] :HKLM {8C7461EF-2B13-11d2-BE35-3078302C2030}=C:\WINDOWS\ SYSTEM32\BROWSEUI.DLL ### Shell Browser UI Library Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Print Monitors] :HKLM Adobe PDF Port Monitor=C:\WINDOWS\System32\ADOBEPDF.DLL ### Adobe PDF Port Monitor DLL Adobe Systems Inc Adobe Acrobat 9.0.0000.0000 [Print Monitors] :HKLM BJ Language Monitor=C:\WINDOWS\System32\CNBJMON.DLL ### Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation Microso ft Windows Operating System 5.1.2600.2082 [Print Monitors] :HKLM Local Port=C:\WINDOWS\System32\LOCALSPL.DLL ### Local Spooler DLL Microsoft Corporation Microsoft Windows Operating System 5 .1.2600.5512 [Print Monitors] :HKLM PJL Language Monitor=C:\WINDOWS\System32\PJLMON.DLL ### PJL Language monitor Microsoft Corporation Microsoft Windows Operating Syste m 5.1.2600.5512 [Print Monitors] :HKLM Send To Microsoft OneNote Monitor=C:\WINDOWS\System32\M SONPMON.DLL

### Microsoft Office OneNote 2007 Printer Driver Microsoft Corporation Microso ft Office OneNote 2007 Printer Driver 12.3.4518.1014 [Print Monitors] :HKLM Standard TCP/IP Port=C:\WINDOWS\System32\TCPMON.DLL ### Standard TCP/IP Port Monitor DLL Microsoft Corporation Microsoft Windows Ope rating System 5.1.2600.5512 [Print Monitors] :HKLM USB Monitor=C:\WINDOWS\System32\USBMON.DLL ### Standard Dynamic Printing Port Monitor DLL Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Shell Icon Overlay Handlers] :HKLM AutoCAD Digital Signatures Icon Overlay Ha ndler=C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL ### AutoCAD component Autodesk, Inc. AutoCAD 17.1.51.0 [Shell Icon Overlay Handlers] :HKLM Groove Explorer Icon Overlay 1 (GFS Unread Stub)=C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Icon Overlay Handlers] :HKLM Groove Explorer Icon Overlay 2 (GFS Stub)= C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Icon Overlay Handlers] :HKLM Groove Explorer Icon Overlay 2.5 (GFS Unre ad Folder)=C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Icon Overlay Handlers] :HKLM Groove Explorer Icon Overlay 3 (GFS Folder )=C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Icon Overlay Handlers] :HKLM Groove Explorer Icon Overlay 4 (GFS Unread Mark)=C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Shell Icon Overlay Handlers] :HKLM Offline Files=C:\WINDOWS\SYSTEM32\CSCUI.DL L ### Client Side Caching UI Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Context Menu Handlers] :HKLM Adobe.Acrobat.ContextMenu=C:\PROGRAM FILES\ADOBE \ACROBAT 9.0\ACROBAT ELEMENTS\CONTEXTMENU.DLL ### Adobe Acrobat Context Menu Adobe Systems Inc. Adobe Acrobat Elements 9.0.5 .0\0 [Context Menu Handlers] :HKLM Autodesk.DWF.ContextMenu=C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\DWF COMMON\DWFSHELLEXTENSION.DLL ### Autodesk DWF ShellExtension Module Autodesk, Inc. Autodesk DWF Viewer 1.1. 0.341 [Context Menu Handlers] :HKLM Offline Files=C:\WINDOWS\SYSTEM32\CSCUI.DLL ### Client Side Caching UI Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Context Menu Handlers] :HKLM Open With=C:\WINDOWS\SYSTEM32\SHELL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Context Menu Handlers] :HKLM Open With EncryptionMenu=C:\WINDOWS\SYSTEM32\SHE LL32.DLL ### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Context Menu Handlers] :HKLM WinRAR=C:\PROGRAM FILES\WINRAR\RAREXT.DLL [Context Menu Handlers] :HKLM XXX Groove GFS Context Menu Handler XXX=C:\PROGR A~1\MICROS~2\OFFICE12\GRA8E1~1.DLL ### GrooveShellExtensions Module Microsoft Corporation GrooveShellExtensions M odule 4.2.0.2623 [Context Menu Handlers] :HKLM {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}=C:\WINDOW S\SYSTEM32\SHELL32.DLL

### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating S ystem 6.00.2900.5512 [Kernel Auto Boot] [Svchost DLLs] :HKLM HTTPFilter=C:\WINDOWS\SYSTEM32\W3SSL.DLL ### SSL service for HTTP Microsoft Corporation Internet Information Services 6 .0.2600.5512 [Svchost DLLs] :HKLM Alerter=C:\WINDOWS\SYSTEM32\ALRSVC.DLL ### Alerter Service DLL Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM WebClient=C:\WINDOWS\SYSTEM32\WEBCLNT.DLL ### Web DAV Service DLL Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM LmHosts=C:\WINDOWS\SYSTEM32\LMHSVC.DLL ### TCPIP NetBios Transport Services DLL Microsoft Corporation Microsoft Window s Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM RemoteRegistry=C:\WINDOWS\SYSTEM32\REGSVC.DLL ### Remote Registry Service Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Svchost DLLs] :HKLM upnphost=C:\WINDOWS\SYSTEM32\UPNPHOST.DLL ### UPnP Device Host Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Svchost DLLs] :HKLM SSDPSRV=C:\WINDOWS\SYSTEM32\SSDPSRV.DLL ### SSDP Service DLL Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Svchost DLLs] :HKLM DnsCache=C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL ### DNS Caching Resolver Service Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Svchost DLLs] :HKLM 6to4 [Svchost DLLs] :HKLM AppMgmt=C:\WINDOWS\SYSTEM32\APPMGMTS.DLL ### Software installation Service Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.5512 [Svchost DLLs] :HKLM AudioSrv=C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL ### Windows Audio Service Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Svchost DLLs] :HKLM Browser=C:\WINDOWS\SYSTEM32\BROWSER.DLL ### Computer Browser Service DLL Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Svchost DLLs] :HKLM CryptSvc=C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL ### Cryptographic Services Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Svchost DLLs] :HKLM DMServer=C:\WINDOWS\SYSTEM32\DMSERVER.DLL ### Logical Disk Manager service dll Microsoft Corp. Logical Disk Manager for Windows NT 1.0 [Svchost DLLs] :HKLM DHCP=C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL ### DHCP Client Service Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM ERSvc=C:\WINDOWS\SYSTEM32\ERSVC.DLL ### Windows Error Reporting Service Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Svchost DLLs] :HKLM EventSystem=C:\WINDOWS\SYSTEM32\ES.DLL ### Microsoft Corporation COM Services 03.00.00.4414 [Svchost DLLs] :HKLM FastUserSwitchingCompatibility=C:\WINDOWS\SYSTEM32\SHSVCS .DLL ### Windows Shell Services Dll Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Svchost DLLs] :HKLM HidServ=%SystemRoot%\System32\hidserv.dll [Svchost DLLs] :HKLM Ias [Svchost DLLs] :HKLM Iprip [Svchost DLLs] :HKLM Irmon [Svchost DLLs] :HKLM LanmanServer=C:\WINDOWS\SYSTEM32\SRVSVC.DLL

### Server Service DLL Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM LanmanWorkstation=C:\WINDOWS\SYSTEM32\WKSSVC.DLL ### Workstation Service DLL Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Svchost DLLs] :HKLM Messenger=C:\WINDOWS\SYSTEM32\MSGSVC.DLL ### NT Messenger Service Microsoft Corporation Microsoft Windows Operating Syste m 5.1.2600.5512 [Svchost DLLs] :HKLM Netman=C:\WINDOWS\SYSTEM32\NETMAN.DLL ### Network Connections Manager Microsoft Corporation Microsoft Windows Operatin g System 5.1.2600.5512 [Svchost DLLs] :HKLM Nla=C:\WINDOWS\SYSTEM32\MSWSOCK.DLL ### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation Micro soft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM Ntmssvc=C:\WINDOWS\SYSTEM32\NTMSSVC.DLL ### Removable Storage Manager Microsoft Corporation Microsoft Windows Whistler O perating System 5.1.2400.5512 [Svchost DLLs] :HKLM NWCWorkstation [Svchost DLLs] :HKLM Nwsapagent [Svchost DLLs] :HKLM Rasauto=C:\WINDOWS\SYSTEM32\RASAUTO.DLL ### Remote Access AutoDial Manager Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Svchost DLLs] :HKLM Rasman=C:\WINDOWS\SYSTEM32\RASMANS.DLL ### Remote Access Connection Manager Microsoft Corporation Microsoft Windows Ope rating System 5.1.2600.5512 [Svchost DLLs] :HKLM Remoteaccess=C:\WINDOWS\SYSTEM32\MPRDIM.DLL ### Dynamic Interface Manager Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM Schedule=C:\WINDOWS\SYSTEM32\SCHEDSVC.DLL ### Task Scheduler Engine Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Svchost DLLs] :HKLM Seclogon=C:\WINDOWS\SYSTEM32\SECLOGON.DLL ### Secondary Logon Service DLL Microsoft Corporation Microsoft Windows Operatin g System 5.1.2600.5512 [Svchost DLLs] :HKLM SENS=C:\WINDOWS\SYSTEM32\SENS.DLL ### System Event Notification Service (SENS) Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM Sharedaccess=C:\WINDOWS\SYSTEM32\IPNATHLP.DLL ### Microsoft NAT Helper Components Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Svchost DLLs] :HKLM SRService=C:\WINDOWS\SYSTEM32\SRSVC.DLL ### System Restore Service Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Svchost DLLs] :HKLM Tapisrv=C:\WINDOWS\SYSTEM32\TAPISRV.DLL ### Microsoft Windows(TM) Telephony Server Microsoft Corporation Microsoft Windo ws Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM Themes=C:\WINDOWS\SYSTEM32\SHSVCS.DLL ### Windows Shell Services Dll Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Svchost DLLs] :HKLM TrkWks=C:\WINDOWS\SYSTEM32\TRKWKS.DLL ### Distributed Link Tracking Client Microsoft Corporation Microsoft Windows Ope rating System 5.1.2600.5512 [Svchost DLLs] :HKLM W32Time=C:\WINDOWS\SYSTEM32\W32TIME.DLL ### Windows Time Service Microsoft Corporation Microsoft Windows Operating Syste m 5.1.2600.5512 [Svchost DLLs] :HKLM WZCSVC=C:\WINDOWS\SYSTEM32\WZCSVC.DLL ### Wireless Zero Configuration Service Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM Wmi=C:\WINDOWS\SYSTEM32\ADVAPI32.DLL ### Advanced Windows 32 Base API Microsoft Corporation Microsoft Windows Operati

ng System 5.1.2600.5512 [Svchost DLLs] :HKLM WmdmPmSp [Svchost DLLs] :HKLM winmgmt=C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL ### WMI Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM wscsvc=C:\WINDOWS\SYSTEM32\WSCSVC.DLL ### Windows Security Center Service Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Svchost DLLs] :HKLM xmlprov=C:\WINDOWS\SYSTEM32\XMLPROV.DLL ### Network Provisioning Service Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Svchost DLLs] :HKLM napagent=C:\WINDOWS\SYSTEM32\QAGENTRT.DLL ### Quarantine Agent Service Run-Time Microsoft Corporation Microsoft Windows Op erating System 5.1.2600.5512 [Svchost DLLs] :HKLM hkmsvc=C:\WINDOWS\SYSTEM32\KMSVC.DLL ### Key Management Service Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Svchost DLLs] :HKLM BITS=C:\WINDOWS\SYSTEM32\QMGR.DLL ### Background Intelligent Transfer Service Microsoft Corporation Microsoft Win dows Operating System 6.7.2600.5512 [Svchost DLLs] :HKLM wuauserv=C:\WINDOWS\SYSTEM32\WUAUSERV.DLL ### Windows Update AutoUpdate Service Microsoft Corporation Microsoft Windows Op erating System 5.4.3790.5512 [Svchost DLLs] :HKLM ShellHWDetection=C:\WINDOWS\SYSTEM32\SHSVCS.DLL ### Windows Shell Services Dll Microsoft Corporation Microsoft Windows Operating System 6.00.2900.5512 [Svchost DLLs] :HKLM helpsvc=C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL ### Microsoft PCHealth Service Holder Microsoft Corporation Microsoft Windows Op erating System 5.1.2600.5512 [Svchost DLLs] :HKLM WmdmPmSN=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL ### Microsoft Media Device Service Provider Microsoft Corporation Windows Medi a Device Manager 9.0.1.56 [Svchost DLLs] :HKLM DcomLaunch=C:\WINDOWS\SYSTEM32\RPCSS.DLL ### Distributed COM Services Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Svchost DLLs] :HKLM TermService=C:\WINDOWS\SYSTEM32\TERMSRV.DLL ### Terminal Server Service Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Svchost DLLs] :HKLM RpcSs=C:\WINDOWS\SYSTEM32\RPCSS.DLL ### Distributed COM Services Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Svchost DLLs] :HKLM eaphost=C:\WINDOWS\SYSTEM32\EAPSVC.DLL ### Microsoft EAPHost service Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Svchost DLLs] :HKLM dot3svc=C:\WINDOWS\SYSTEM32\DOT3SVC.DLL ### Wired AutoConfig Service Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Svchost DLLs] :HKLM StiSvc=C:\WINDOWS\SYSTEM32\WIASERVC.DLL ### Still Image Devices Service Microsoft Corporation Microsoft Windows Operatin g System 5.1.2600.5512 [Bootexecute] :HKLM BootExecute=autocheck autochk * Partizan [Winlogon System] :HKLM system="" ### File is deleted or hidden by rootkit or could not be located. [Winlogon System] :HKLM taskman="" ### File is deleted or hidden by rootkit or could not be located. [Winlogon System] :HKLM UIHost=C:\WINDOWS\System32\LOGONUI.EXE ### Windows Logon UI Microsoft Corporation Microsoft Windows Operating System 6. 00.2900.5512 [Winlogon Autostart] :HKLM VmApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl "

[Winlogon Autostart] :HKLM AppSetup="" [KnownDLLs] :HKLM advapi32=advapi32.dll [KnownDLLs] :HKLM comdlg32=comdlg32.dll [KnownDLLs] :HKLM DllDirectory=%SystemRoot%\system32 [KnownDLLs] :HKLM gdi32=gdi32.dll [KnownDLLs] :HKLM imagehlp=imagehlp.dll [KnownDLLs] :HKLM kernel32=kernel32.dll [KnownDLLs] :HKLM lz32=lz32.dll [KnownDLLs] :HKLM ole32=ole32.dll [KnownDLLs] :HKLM oleaut32=oleaut32.dll [KnownDLLs] :HKLM olecli32=olecli32.dll [KnownDLLs] :HKLM olecnv32=olecnv32.dll [KnownDLLs] :HKLM olesvr32=olesvr32.dll [KnownDLLs] :HKLM olethk32=olethk32.dll [KnownDLLs] :HKLM rpcrt4=rpcrt4.dll [KnownDLLs] :HKLM shell32=shell32.dll [KnownDLLs] :HKLM url=url.dll [KnownDLLs] :HKLM urlmon=urlmon.dll [KnownDLLs] :HKLM user32=user32.dll [KnownDLLs] :HKLM version=version.dll [KnownDLLs] :HKLM wininet=wininet.dll [KnownDLLs] :HKLM wldap32=wldap32.dll [Environment - Path] :HKLM Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot %\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\ [List of Injected DLLs] :HKLM AppInit_DLLs=acaptuser32.dll [LSA Notification Packages] :HKLM scecli=C:\WINDOWS\System32\SCECLI.DLL ### scecli Windows Security Configuration Editor Client Engine Microsoft Corpo ration Microsoft Windows Operating System 5.1.2600.5512 [LSA Security Packages] :HKLM kerberos=C:\WINDOWS\System32\KERBEROS.DLL ### kerberos Kerberos Security Package Microsoft Corporation Microsoft Windows O perating System 5.1.2600.5512 [LSA Security Packages] :HKLM msv1_0=C:\WINDOWS\System32\MSV1_0.DLL ### msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation Microso ft Windows Operating System 5.1.2600.5512 [LSA Security Packages] :HKLM schannel=C:\WINDOWS\System32\SCHANNEL.DLL ### schannel TLS / SSL Security Provider Microsoft Corporation Microsoft Window s Operating System 5.1.2600.5512 [LSA Security Packages] :HKLM wdigest=C:\WINDOWS\System32\WDIGEST.DLL ### wdigest Microsoft Digest Access Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Drivers] :HKLM ACPI=C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS ### Driver Microsoft ACPI Driver Start Type: loaded automatically by the Boot Loader ACPI Driver for NT Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ACPIEC=C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS ### Driver Start Type: disabled ACPI Embedded Controller Driver Microsoft Corp oration Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM aec=C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS ### Driver Microsoft Kernel Acoustic Echo Canceller Start Type: loaded manuall y on demand Microsoft Acoustic Echo Canceller Microsoft Corporation Microsoft Win dows Operating System 5.1.2601.3142 [Drivers] :HKLM AFD=C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS ### Driver AFD AFD Networking Support Environment Start Type: loaded automatic ally at Kernel initialization Ancillary Function Driver for WinSock Microsoft Co rporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Alerter=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Alerter Notifies selected users and computers of administrative al erts. If the service is stopped, programs that use administrative alerts will no t receive them. If this service is disabled, any services that explicitly depend

on it will fail to start. Start Type: disabled Generic Host Process for Win32 S ervices Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ALG=C:\WINDOWS\SYSTEM32\ALG.EXE ### Service Application Layer Gateway Service Provides support for 3rd party p rotocol plug-ins for Internet Connection Sharing and the Windows Firewall. Start Type: loaded manually on demand Application Layer Gateway Service Microsoft Cor poration Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM AppMgmt=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Application Management Provides software installation services suc h as Assign, Publish, and Remove. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM aspnet_state=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASP NET_STATE.EXE ### Service ASP.NET State Service Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded manually on demand Microsoft ASP.NE T State Server Microsoft Corporation Microsoft .NET Framework 4.0.30319.1 [Drivers] :HKLM AsyncMac=C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS ### Driver RAS Asynchronous Media Driver RAS Asynchronous Media Driver Start T ype: loaded manually on demand MS Remote Access serial network driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM atapi=C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS ### Driver Standard IDE/ESDI Hard Disk Controller Start Type: loaded automatic ally by the Boot Loader IDE/ATAPI Port Driver Microsoft Corporation Microsoft Win dows Operating System 5.1.2600.5512 [Drivers] :HKLM Atmarpc=C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS ### Driver ATM ARP Client Protocol ATM ARP Client Protocol Start Type: loaded manually on demand IP/ATM Arp Client Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Drivers] :HKLM AudioSrv=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Audio Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Proce ss for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1 .2600.5512 [Drivers] :HKLM audstub=C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS ### Driver Audio Stub Driver Start Type: loaded manually on demand AudStub Dri ver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM Autodesk Licensing Service=C:\PROGRAM FILES\COMMON FILES\AUTOD ESK SHARED\SERVICE\ADSKSCSRV.EXE ### Service Autodesk Licensing Service Anchor service for Autodesk products li censed with SafeCast Start Type: loaded manually on demand System Level Service Utility Autodesk Autodesk Licensing Service [Drivers] :HKLM Beep=C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS ### Driver Start Type: loaded automatically at Kernel initialization BEEP Driv er Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM BITS=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Background Intelligent Transfer Service Transfers data between cli ents and servers in the background. If BITS is disabled, features such as Window s Update will not work correctly. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM BootlogService=C:\PROGRAM FILES\GREATIS\REGRUNSUITE\BOOTLOGSER VICE.EXE ### Service BootlogService Start Type: loaded automatically by Server Manager Bootlog XP Service Greatis Software (c) BootLog XP 2, 0, 5, 1 [Drivers] :HKLM Browser=C:\WINDOWS\SYSTEM32\SVCHOST.EXE

### Service Computer Browser Maintains an updated list of computers on the net work and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is dis abled, any services that explicitly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM cbidf2k=C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS ### Driver Start Type: disabled CardBus/PCMCIA IDE Miniport Driver Microsoft C orporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM Cdaudio=C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS ### Driver Start Type: loaded automatically at Kernel initialization CD-ROM Au dio Filter Driver Microsoft Corporation Microsoft Windows Operating System 5.1.260 0.0 [Drivers] :HKLM Cdfs=C:\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS ### Driver Start Type: disabled CD-ROM File System Driver Microsoft Corporatio n Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Cdrom=C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS ### Driver CD-ROM Driver Start Type: loaded automatically at Kernel initializa tion SCSI CD-ROM Driver Microsoft Corporation Microsoft Windows Operating System 5 .1.2600.5512 [Drivers] :HKLM CiSvc=C:\WINDOWS\SYSTEM32\CISVC.EXE ### Service Indexing Service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Start Type: loaded manually on demand Content Index service Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ClipSrv=C:\WINDOWS\SYSTEM32\CLIPSRV.EXE ### Service ClipBook Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be a ble to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: disabled Windows NT DDE Server Microsoft Corporation Microsoft Windows Operating System 5.1 .2600.5512 [Drivers] :HKLM clr_optimization_v2.0.50727_32=C:\WINDOWS\MICROSOFT.NET\FRAMEW ORK\V2.0.50727\MSCORSVW.EXE ### Service .NET Runtime Optimization Service v2.0.50727_X86 Microsoft .NET Fr amework NGEN Start Type: disabled .NET Runtime Optimization Service Microsoft Co rporation Microsoft .NET Framework 2.0.50727.3053 [Drivers] :HKLM clr_optimization_v4.0.30319_32=C:\WINDOWS\MICROSOFT.NET\FRAMEW ORK\V4.0.30319\MSCORSVW.EXE ### Service Microsoft .NET Framework NGEN v4.0.30319_X86 Microsoft .NET Framew ork NGEN Start Type: loaded automatically by Server Manager .NET Runtime Optimiz ation Service Microsoft Corporation Microsoft .NET Framework 4.0.30319.1 [Drivers] :HKLM COMSysApp=C:\WINDOWS\SYSTEM32\DLLHOST.EXE ### Service COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, a ny services that explicitly depend on it will fail to start. Start Type: loaded manually on demand COM Surrogate Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM CryptSvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Cryptographic Services Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Roo t Service, which adds and removes Trusted Root Certification Authority certifica tes from this computer; and Key Service, which helps enroll this computer for ce rtificates. If this service is stopped, these management services will not funct ion properly. If this service is disabled, any services that explicitly depend o n it will fail to start. Start Type: loaded automatically by Server Manager Gene ric Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.5512 [Drivers] :HKLM DcomLaunch=C:\WINDOWS\SYSTEM32\SVCHOST.exe

### Service DCOM Server Process Launcher Provides launch functionality for DCO M services. Start Type: loaded automatically by Server Manager Generic Host Proc ess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM Dhcp=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service DHCP Client Manages network configuration by registering and updat ing IP addresses and DNS names. Start Type: loaded automatically by Server Manag er Generic Host Process for Win32 Services Microsoft Corporation Microsoft Window s Operating System 5.1.2600.5512 [Drivers] :HKLM Disk=C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS ### Driver Disk Driver Start Type: loaded automatically by the Boot Loader PnP Disk Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.551 2 [Drivers] :HKLM dmadmin=C:\WINDOWS\SYSTEM32\DMADMIN.EXE ### Service Logical Disk Manager Administrative Service Configures hard disk d rives and volumes. The service only runs for configuration processes and then st ops. Start Type: loaded manually on demand Logical Disk Manager service process Microsoft Corp., Veritas Software Logical Disk Manager for Windows NT 1.0 [Drivers] :HKLM dmboot=C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS ### Driver Start Type: disabled NT Disk Manager Startup Driver Microsoft Corp. , Veritas Software VERITAS NT Disk Manager 1.0 [Drivers] :HKLM dmio=C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS ### Driver Logical Disk Manager Driver Start Type: loaded automatically by the Boot Loader NT Disk Manager I/O Driver Microsoft Corp., Veritas Software VERITA S NT Disk Manager 1.0 [Drivers] :HKLM dmload=C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS ### Driver Start Type: loaded automatically by the Boot Loader NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. Logical Disk Manager for Wind ows NT 1.0 [Drivers] :HKLM dmserver=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Logical Disk Manager Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service fo r configuration. If this service is stopped, dynamic disk status and configurati on information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded automatical ly by Server Manager Generic Host Process for Win32 Services Microsoft Corporati on Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM DMusic=C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS ### Driver Microsoft Kernel DLS Syntheiszer Start Type: loaded manually on dem and Microsoft Kernel DLS Synthesizer Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Drivers] :HKLM Dnscache=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service DNS Client Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to res olve DNS names and locate Active Directory domain controllers. If this service i s disabled, any services that explicitly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Serv ices Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Dot3svc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Wired AutoConfig This service performs IEEE 802.1X authentication on Ethernet interfaces Start Type: loaded manually on demand Generic Host Proces s for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1. 2600.5512 [Drivers] :HKLM drmkaud=C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS ### Driver Microsoft Kernel DRM Audio Descrambler Start Type: loaded manually on demand Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM EapHost=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Extensible Authentication Protocol Service Provides windows client s Extensible Authentication Protocol Service Start Type: loaded manually on dema

nd Generic Host Process for Win32 Services Microsoft Corporation Microsoft Window s Operating System 5.1.2600.5512 [Drivers] :HKLM ERSvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Error Reporting Service Allows error reporting for services and ap plictions running in non-standard environments. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Eventlog=C:\WINDOWS\SYSTEM32\SERVICES.EXE ### Service Event Log Enables event log messages issued by Windows-based progr ams and components to be viewed in Event Viewer. This service cannot be stopped. Start Type: loaded automatically by Server Manager Services and Controller app Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM EventSystem=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service COM+ Event System Supports System Event Notification Service (SENS ), which provides automatic distribution of events to subscribing Component Obje ct Model (COM) components. If the service is stopped, SENS will close and will n ot be able to provide logon and logoff notifications. If this service is disable d, any services that explicitly depend on it will fail to start. Start Type: loa ded manually on demand Generic Host Process for Win32 Services Microsoft Corpora tion Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Fastfat=C:\WINDOWS\SYSTEM32\DRIVERS\FASTFAT.SYS ### Driver Start Type: disabled Fast FAT File System Driver Microsoft Corporat ion Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM FastUserSwitchingCompatibility=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Fast User Switching Compatibility Provides management for applicat ions that require assistance in a multiple user environment. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Fdc=C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS ### Driver Floppy Disk Controller Driver Start Type: loaded manually on demand Floppy Disk Controller Driver Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Drivers] :HKLM Fips=C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS ### Driver Start Type: loaded automatically at Kernel initialization FIPS Cryp to Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM FLEXnet Licensing Service=C:\PROGRAM FILES\COMMON FILES\MACROV ISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE ### Service FLEXnet Licensing Service This service performs licensing function s on behalf of FLEXnet enabled products. Start Type: loaded manually on demand A ctivation Licensing Service Acresso Software Inc. FLEXnet Publisher (32 bit) [Drivers] :HKLM Flpydisk=C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS ### Driver Floppy Disk Driver Start Type: loaded manually on demand Floppy Dri ver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM FltMgr=C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS ### Driver FltMgr File System Filter Manager Driver Start Type: loaded automat ically by the Boot Loader Microsoft Filesystem Filter Manager Microsoft Corporat ion Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM FontCache3.0.0.0=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\P RESENTATIONFONTCACHE.EXE ### Service Windows Presentation Foundation Font Cache 3.0.0.0 Optimizes perfo rmance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already r unning. It can be disabled, though doing so will degrade the performance of WPF applications. Start Type: loaded manually on demand PresentationFontCache.exe Mi crosoft Corporation Microsoft .NET Framework 3.0.6920.1427 [Drivers] :HKLM Fs_Rec=C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS ### Driver Start Type: loaded automatically at Kernel initialization File Syst em Recognizer Driver Microsoft Corporation Microsoft Windows Operating System 5.1. 2600.0 [Drivers] :HKLM Ftdisk=C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS

### Driver Volume Manager Driver Start Type: loaded automatically by the Boot Loader FT Disk Driver Microsoft Corporation Microsoft Windows Operating System 5.1 .2600.0 [Drivers] :HKLM Gpc=C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS ### Driver Generic Packet Classifier Generic Packet Classifier Start Type: loa ded manually on demand MS General Packet Classifier Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM gupdate=C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE ### Service Google Update Service (gupdate) Keeps your Google software up to d ate. If this service is disabled or stopped, your Google software will not be ke pt up to date, meaning security vulnerabilities that may arise cannot be fixed a nd features may not work. This service uninstalls itself when there is no Google software using it. Start Type: loaded automatically by Server Manager Google In staller Google Inc. Google Update 1.2.183.21 [Drivers] :HKLM HDAudBus=C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS ### Driver Microsoft UAA Bus Driver for High Definition Audio Start Type: load ed manually on demand High Definition Audio Bus Driver v1.0a Windows (R) Server 2003 DDK provider Microsoft Windows Operating System 5.10.01.5013 [Drivers] :HKLM helpsvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Help and Support Enables Help and Support Center to run on this co mputer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fai l to start. Start Type: loaded automatically by Server Manager Generic Host Proc ess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM HidServ=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Human Interface Device Access Enables generic input access to Huma n Interface Devices (HID), which activates and maintains the use of predefined h ot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer functi on. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: disabled Generic Host Process for Win32 Services Micr osoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM hidusb=C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS ### Driver Microsoft HID Class Driver Start Type: loaded manually on demand US B Miniport Driver for Input Devices Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.5512 [Drivers] :HKLM hkmsvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Health Key and Certificate Management Service Manages health certi ficates and keys (used by NAP) Start Type: loaded manually on demand Generic Hos t Process for Win32 Services Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM HTTP=C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS ### Driver HTTP This service implements the hypertext transfer protocol (HTTP) . If this service is disabled, any services that explicitly depend on it will fa il to start. Start Type: loaded manually on demand HTTP Protocol Stack Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM HTTPFilter=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service HTTP SSL This service implements the secure hypertext transfer pro tocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If th is service is disabled, any services that explicitly depend on it will fail to s tart. Start Type: loaded manually on demand Generic Host Process for Win32 Servi ces Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM i8042prt=C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS ### Driver i8042 Keyboard and PS/2 Mouse Port Driver Start Type: loaded automa tically at Kernel initialization i8042 Port Driver Microsoft Corporation Microso ft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ialm=C:\WINDOWS\SYSTEM32\DRIVERS\IGXPMP32.SYS ### Driver Start Type: loaded manually on demand Intel Graphics Miniport Drive r Intel Corporation Intel Graphics Accelerator Drivers for Windows NT(R) 6.14.10

.4926 [Drivers] :HKLM idsvc=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNIC ATION FOUNDATION\INFOCARD.EXE ### Service Windows CardSpace Securely enables the creation, management, and d isclosure of digital identities. Start Type: loaded manually on demand Windows C ardSpace Microsoft Corporation Microsoft .NET Framework 3.0.4506.2152 [Drivers] :HKLM Imapi=C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS ### Driver CD-Burning Filter Driver Start Type: loaded automatically at Kernel initialization IMAPI Kernel Driver Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.5512 [Drivers] :HKLM ImapiService=C:\WINDOWS\SYSTEM32\IMAPI.EXE ### Service IMAPI CD-Burning COM Service Manages CD recording using Image Mast ering Applications Programming Interface (IMAPI). If this service is stopped, th is computer will be unable to record CDs. If this service is disabled, any servi ces that explicitly depend on it will fail to start. Start Type: loaded manually on demand Image Mastering API Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Drivers] :HKLM IntcAzAudAddService=C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS ### Driver Service for Realtek HD Audio (WDM) Start Type: loaded manually on d emand Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Cor p. Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab) 5.10.0.5449 [Drivers] :HKLM intelppm=C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS ### Driver Intel Processor Driver Start Type: loaded automatically at Kernel i nitialization Processor Device Driver Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Drivers] :HKLM Ip6Fw=C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS ### Driver IPv6 Windows Firewall Driver Provides intrusion prevention service for a home or small office network. Start Type: loaded manually on demand IPv6 W indows Firewall Driver Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM IpFilterDriver=C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS ### Driver IP Traffic Filter Driver IP Traffic Filter Driver Start Type: loade d manually on demand IP FILTER DRIVER Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.0 [Drivers] :HKLM IpInIp=C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS ### Driver IP in IP Tunnel Driver IP in IP Tunnel Driver Start Type: loaded ma nually on demand IP in IP Encapsulation Driver Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.5512 [Drivers] :HKLM IpNat=C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS ### Driver IP Network Address Translator IP Network Address Translator Start T ype: loaded manually on demand IP Network Address Translator Microsoft Corporati on Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM IPSec=C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS ### Driver IPSEC driver IPSEC driver Start Type: loaded automatically at Kerne l initialization IPSec Driver Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Drivers] :HKLM IRENUM=C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS ### Driver IR Enumerator Service Start Type: loaded manually on demand Infra-R ed Bus Enumerator Microsoft Corporation Microsoft Windows Operating System 5.1.260 0.5512 [Drivers] :HKLM isapnp=C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS ### Driver PnP ISA/EISA Bus Driver Start Type: loaded automatically by the Boo t Loader PNP ISA Bus Driver Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Drivers] :HKLM JavaQuickStarterService=C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE ### Service Java Quick Starter Prefetches JRE files for faster startup of Java applets and applications Start Type: loaded automatically by Server Manager Jav a(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U22 6. 0.220.4

[Drivers] :HKLM Kbdclass=C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS ### Driver Keyboard Class Driver Start Type: loaded automatically at Kernel in itialization Keyboard Class Driver Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Drivers] :HKLM kmixer=C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS ### Driver Microsoft Kernel Wave Audio Mixer Start Type: loaded manually on de mand Kernel Mode Audio Mixer Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM KProcWatch=C:\WINDOWS\SYSTEM32\DRIVERS\KPROCWATCH.SYS ### Driver KProcWatch Start Type: loaded manually on demand [Drivers] :HKLM KSecDD=C:\WINDOWS\SYSTEM32\DRIVERS\KSECDD.SYS ### Driver Start Type: loaded automatically by the Boot Loader Kernel Security Support Provider Interface Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Drivers] :HKLM LanmanServer=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Server Supports file, print, and named-pipe sharing over the netwo rk for this computer. If this service is stopped, these functions will be unavai lable. If this service is disabled, any services that explicitly depend on it wi ll fail to start. Start Type: loaded automatically by Server Manager Generic Hos t Process for Win32 Services Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM lanmanworkstation=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Workstation Creates and maintains client network connections to re mote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fai l to start. Start Type: loaded automatically by Server Manager Generic Host Proc ess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM LmHosts=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service TCP/IP NetBIOS Helper Enables support for NetBIOS over TCP/IP (Net BT) service and NetBIOS name resolution. Start Type: loaded automatically by Ser ver Manager Generic Host Process for Win32 Services Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Messenger=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Messenger Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this s ervice is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Start Ty pe: disabled Generic Host Process for Win32 Services Microsoft Corporation Micro soft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Microsoft Office Groove Audit Service=C:\PROGRAM FILES\MICROSO FT OFFICE\OFFICE12\GROOVEAUDITSERVICE.EXE ### Service Microsoft Office Groove Audit Service Start Type: loaded manually on demand Groove Audit Service Microsoft Corporation Groove Audit Service 4.2.0. 2623 [Drivers] :HKLM mnmdd=C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS ### Driver Start Type: loaded automatically at Kernel initialization Frame buf fer simulator Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM mnmsrvc=C:\WINDOWS\SYSTEM32\MNMSRVC.EXE ### Service NetMeeting Remote Desktop Sharing Enables an authorized user to ac cess this computer remotely by using NetMeeting over a corporate intranet. If th is service is stopped, remote desktop sharing will be unavailable. If this servi ce is disabled, any services that explicitly depend on it will fail to start. St art Type: loaded manually on demand NetMeeting Remote Desktop Sharing Microsoft Corporation Windows NetMeeting 3.01 [Drivers] :HKLM Modem=C:\WINDOWS\SYSTEM32\DRIVERS\MODEM.SYS ### Driver Start Type: loaded manually on demand Modem Device Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Mouclass=C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS ### Driver Mouse Class Driver Start Type: loaded automatically at Kernel initi

alization Mouse Class Driver Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM mouhid=C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS ### Driver Mouse HID Driver Start Type: loaded manually on demand HID Mouse Fi lter Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM MountMgr=C:\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGR.SYS ### Driver Start Type: loaded automatically by the Boot Loader Mount Manager M icrosoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM MRxDAV=C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS ### Driver WebDav Client Redirector WebDav Client Redirector Start Type: loade d manually on demand Windows NT WebDav Minirdr Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.5512 [Drivers] :HKLM MRxSmb=C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS ### Driver MRXSMB MRXSMB Start Type: loaded automatically at Kernel initializa tion Windows NT SMB Minirdr Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Drivers] :HKLM MSDTC=C:\WINDOWS\SYSTEM32\MSDTC.EXE ### Service Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file sys tems. If this service is stopped, these transactions will not occur. If this ser vice is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded manually on demand MS DTC console program Microsoft Corporat ion Microsoft Distributed Transaction Coordinator 03.01.00.4414 [Drivers] :HKLM Msfs=C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS ### Driver Start Type: loaded automatically at Kernel initialization Mailslot driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM MSIServer=C:\WINDOWS\SYSTEM32\MSIEXEC.EXE ### Service Windows Installer Adds, modifies, and removes applications provide d as a Windows Installer (*.msi) package. If this service is disabled, any servi ces that explicitly depend on it will fail to start. Start Type: loaded manually on demand Windows installer Microsoft Corporation Windows Installer - Unicode 4. 5.6001.22159 [Drivers] :HKLM MSKSSRV=C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS ### Driver Microsoft Streaming Service Proxy Start Type: loaded manually on de mand MS KS Server Microsoft Corporation Microsoft(R) Windows(R) Operating System 5.3.2600.5512 [Drivers] :HKLM MSPCLOCK=C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS ### Driver Microsoft Streaming Clock Proxy Start Type: loaded manually on dema nd MS Proxy Clock Microsoft Corporation Microsoft(R) Windows(R) Operating System 5.3.2600.5512 [Drivers] :HKLM MSPQM=C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS ### Driver Microsoft Streaming Quality Manager Proxy Start Type: loaded manual ly on demand MS Proxy Quality Manager Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Drivers] :HKLM mssmbios=C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS ### Driver Microsoft System Management BIOS Driver Start Type: loaded manually on demand System Management BIOS Driver Microsoft Corporation Microsoft Windows O perating System 5.1.2600.5512 [Drivers] :HKLM MSSQL$SQLEXPRESS=C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10 .SQLEXPRESS\MSSQL\BINN\SQLSERVR.EXE ### Service SQL Server (SQLEXPRESS) Provides storage, processing and controlle d access of data, and rapid transaction processing. Start Type: loaded automatic ally by Server Manager SQL Server Windows NT Microsoft Corporation Microsoft SQL Server 10.0.2531.0 [Drivers] :HKLM MSSQLServerADHelper100=C:\PROGRAM FILES\MICROSOFT SQL SERVER\1 00\SHARED\SQLADHLP.EXE ### Service SQL Active Directory Helper Service Enables integration with Activ e Directories Start Type: disabled Microsoft SQL Server Active Directory Helper Service Microsoft Corporation Microsoft SQL Server 10.0.1600.22 [Drivers] :HKLM Mup=C:\WINDOWS\SYSTEM32\DRIVERS\MUP.SYS

### Driver Mup Start Type: loaded automatically by the Boot Loader Multiple UN C Provider driver Microsoft Corporation Microsoft Windows Operating System 5.1.260 0.5512 [Drivers] :HKLM napagent=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Network Access Protection Agent Allows windows clients to particip ate in Network Access Protection Start Type: loaded manually on demand Generic H ost Process for Win32 Services Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Drivers] :HKLM NDIS=C:\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS ### Driver NDIS System Driver Start Type: loaded automatically by the Boot Loa der NDIS 5.1 wrapper driver Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Drivers] :HKLM NdisTapi=C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS ### Driver Remote Access NDIS TAPI Driver Remote Access NDIS TAPI Driver Start Type: loaded manually on demand NDIS 3.0 connection wrapper driver Microsoft Co rporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Ndisuio=C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS ### Driver NDIS Usermode I/O Protocol NDIS Usermode I/O Protocol Start Type: l oaded manually on demand NDIS User mode I/O Driver Microsoft Corporation Microso ft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NdisWan=C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS ### Driver Remote Access NDIS WAN Driver Remote Access NDIS WAN Driver Start T ype: loaded manually on demand MS PPP Framing Driver (Strong Encryption) Microso ft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NetBIOS=C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS ### Driver NetBIOS Interface NetBIOS Interface Start Type: loaded automaticall y at Kernel initialization NetBIOS interface driver Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NetBT=C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS ### Driver NetBios over Tcpip NetBios over Tcpip Start Type: loaded automatica lly at Kernel initialization MBT Transport driver Microsoft Corporation Microsof t Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NetDDE=C:\WINDOWS\SYSTEM32\NETDDE.EXE ### Service Network DDE Provides network transport and security for Dynamic Da ta Exchange (DDE) for programs running on the same computer or on different comp uters. If this service is stopped, DDE transport and security will be unavailabl e. If this service is disabled, any services that explicitly depend on it will f ail to start. Start Type: disabled Network DDE - DDE Communication Microsoft Cor poration Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NetDDEdsdm=C:\WINDOWS\SYSTEM32\NETDDE.EXE ### Service Network DDE DSDM Manages Dynamic Data Exchange (DDE) network share s. If this service is stopped, DDE network shares will be unavailable. If this s ervice is disabled, any services that explicitly depend on it will fail to start . Start Type: disabled Network DDE - DDE Communication Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Netlogon=C:\WINDOWS\SYSTEM32\LSASS.EXE ### Service Net Logon Supports pass-through authentication of account logon ev ents for computers in a domain. Start Type: loaded manually on demand LSA Shell (Export Version) Microsoft Corporation Microsoft Windows Operating System 5.1.2600 .5512 [Drivers] :HKLM Netman=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Network Connections Manages objects in the Network and Dial-Up Con nections folder, in which you can view both local area network and remote connec tions. Start Type: loaded manually on demand Generic Host Process for Win32 Serv ices Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NetTcpPortSharing=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.3031 9\SMSVCHOST.EXE ### Service Net.Tcp Port Sharing Service Provides ability to share TCP ports o ver the net.tcp protocol. Start Type: disabled SMSvcHost.exe Microsoft Corporati on Microsoft .NET Framework 4.0.30319.1

[Drivers] :HKLM Nla=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Network Location Awareness (NLA) Collects and stores network confi guration and location information, and notifies applications when this informati on changes. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM nlsX86cc=C:\WINDOWS\SYSTEM32\NLSSRV32.EXE ### Service NLS Service Nalpeiron Licensing Service Start Type: loaded automat ically by Server Manager This service enables products that use the Nalpeiron Li censing System Nalpeiron Ltd. Nalpeiron License Management 6, 3, 8, 0 [Drivers] :HKLM Npfs=C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS ### Driver Start Type: loaded automatically at Kernel initialization NPFS Driv er Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Ntfs=C:\WINDOWS\SYSTEM32\DRIVERS\NTFS.SYS ### Driver Start Type: disabled NT File System Driver Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NtLmSsp=C:\WINDOWS\SYSTEM32\LSASS.EXE ### Service NT LM Security Support Provider Provides security to remote proced ure call (RPC) programs that use transports other than named pipes. Start Type: loaded manually on demand LSA Shell (Export Version) Microsoft Corporation Micro soft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM NtmsSvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Removable Storage Start Type: loaded manually on demand Generic Ho st Process for Win32 Services Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Drivers] :HKLM Null=C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS ### Driver Start Type: loaded automatically at Kernel initialization NULL Driv er Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM NwlnkFlt=C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS ### Driver IPX Traffic Filter Driver IPX Traffic Filter Driver Start Type: loa ded manually on demand NWLINK2 Traffic Filter Driver Microsoft Corporation Micro soft Windows Operating System 5.1.2600.0 [Drivers] :HKLM NwlnkFwd=C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS ### Driver IPX Traffic Forwarder Driver IPX Traffic Forwarder Driver Start Typ e: loaded manually on demand NWLINK2 Forwarder Driver Microsoft Corporation Micr osoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM odserv=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12 \ODSERV.EXE ### Service Microsoft Office Diagnostics Service Run portions of Microsoft Off ice Diagnostics. Start Type: loaded manually on demand Microsoft Office Diagnost ics Microsoft Corporation Office Diagnostics Service 12.0.4518.1014 [Drivers] :HKLM ose=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGI NE\OSE.EXE ### Service Office Source Engine Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error r eports. Start Type: loaded manually on demand Office Source Engine Microsoft Cor poration Office Source Engine 12.0.4518.1014 [Drivers] :HKLM Parport=C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS ### Driver Parallel port driver Start Type: loaded manually on demand Parallel Port Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.551 2 [Drivers] :HKLM Partizan=C:\WINDOWS\SYSTEM32\DRIVERS\PARTIZAN.SYS ### Driver Partizan Start Type: loaded automatically by the Boot Loader Partiz an - Rootkit detector Greatis Software RegRun Security Suite 6, 8, 0, 0 [Drivers] :HKLM PartMgr=C:\WINDOWS\SYSTEM32\DRIVERS\PARTMGR.SYS ### Driver Start Type: loaded automatically by the Boot Loader Partition Manag er Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ParVdm=C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS ### Driver Start Type: loaded automatically by Server Manager VDM Parallel Dri ver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM PCI=C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS

### Driver PCI Bus Driver Start Type: loaded automatically by the Boot Loader NT Plug and Play PCI Enumerator Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM PCIIde=C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS ### Driver Start Type: loaded automatically by the Boot Loader Generic PCI IDE Bus Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM Pcmcia=C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS ### Driver Start Type: disabled PCMCIA Bus Driver Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM PlugPlay=C:\WINDOWS\SYSTEM32\SERVICES.EXE ### Service Plug and Play Enables a computer to recognize and adapt to hardwar e changes with little or no user input. Stopping or disabling this service will result in system instability. Start Type: loaded automatically by Server Manager Services and Controller app Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM PolicyAgent=C:\WINDOWS\SYSTEM32\LSASS.EXE ### Service IPSEC Services Manages IP security policy and starts the ISAKMP/Oa kley (IKE) and the IP security driver. Start Type: loaded automatically by Serve r Manager LSA Shell (Export Version) Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Drivers] :HKLM PptpMiniport=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS ### Driver WAN Miniport (PPTP) WAN Miniport (PPTP) Start Type: loaded manually on demand Peer-to-Peer Tunneling Protocol Microsoft Corporation Microsoft Window s Operating System 5.1.2600.5512 [Drivers] :HKLM ProtectedStorage=C:\WINDOWS\SYSTEM32\LSASS.EXE ### Service Protected Storage Provides protected storage for sensitive data, s uch as private keys, to prevent access by unauthorized services, processes, or u sers. Start Type: loaded automatically by Server Manager LSA Shell (Export Versi on) Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM PSched=C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS ### Driver QoS Packet Scheduler QoS Packet Scheduler Start Type: loaded manual ly on demand MS QoS Packet Scheduler Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Drivers] :HKLM Ptilink=C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS ### Driver Direct Parallel Link Driver Direct Parallel Link Driver Start Type: loaded manually on demand Parallel Technologies DirectParallel IO Library Paral lel Technologies, Inc. Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM RasAcd=C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS ### Driver Remote Access Auto Connection Driver Remote Access Auto Connection Driver Start Type: loaded automatically at Kernel initialization RAS Automatic C onnection Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600 .0 [Drivers] :HKLM RasAuto=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Remote Access Auto Connection Manager Creates a connection to a re mote network whenever a program references a remote DNS or NetBIOS name or addre ss. Start Type: loaded manually on demand Generic Host Process for Win32 Service s Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Rasl2tp=C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS ### Driver WAN Miniport (L2TP) WAN Miniport (L2TP) Start Type: loaded manually on demand RAS L2TP mini-port/call-manager driver Microsoft Corporation Microsof t Windows Operating System 5.1.2600.5512 [Drivers] :HKLM RasMan=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Remote Access Connection Manager Creates a network connection. Sta rt Type: loaded manually on demand Generic Host Process for Win32 Services Micro soft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM RasPppoe=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS ### Driver Remote Access PPPOE Driver Remote Access PPPOE Driver Start Type: l oaded manually on demand RAS PPPoE mini-port/call-manager driver Microsoft Corpo ration Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Raspti=C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS

### Driver Direct Parallel Direct Parallel Start Type: loaded manually on dema nd PTI DirectParallel(R) mini-port/call-manager driver Microsoft Corporation Mic rosoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM Rdbss=C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS ### Driver Rdbss Rdbss Start Type: loaded automatically at Kernel initializati on Redirected Drive Buffering SubSystem Driver Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.5512 [Drivers] :HKLM RDPCDD=C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS ### Driver Start Type: loaded automatically at Kernel initialization RDP Minip ort Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM rdpdr=C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS ### Driver Terminal Server Device Redirector Driver Start Type: loaded manuall y on demand Microsoft RDP Device redirector Microsoft Corporation Microsoft Windo ws Operating System 5.1.2600.5512 [Drivers] :HKLM RDPWD=C:\WINDOWS\SYSTEM32\DRIVERS\RDPWD.SYS ### Driver Start Type: loaded manually on demand RDP Terminal Stack Driver (US /Canada Only, Not for Export) Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Drivers] :HKLM RDSessMgr=C:\WINDOWS\SYSTEM32\SESSMGR.EXE ### Service Remote Desktop Help Session Manager Manages and controls Remote As sistance. If this service is stopped, Remote Assistance will be unavailable. Bef ore stopping this service, see the Dependencies tab of the Properties dialog box . Start Type: loaded manually on demand Microsoft Remote Desktop Help Session Man ager Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM redbook=C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS ### Driver Digital CD Audio Playback Filter Driver Start Type: loaded automati cally at Kernel initialization Redbook Audio Filter Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM RemoteAccess=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Start Type: disabled Generic Hos t Process for Win32 Services Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.5512 [Drivers] :HKLM RemoteRegistry=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Remote Registry Enables remote users to modify registry settings o n this computer. If this service is stopped, the registry can be modified only b y users on this computer. If this service is disabled, any services that explici tly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft W indows Operating System 5.1.2600.5512 [Drivers] :HKLM RimUsb=C:\WINDOWS\SYSTEM32\DRIVERS\RIMUSB.SYS ### Driver BlackBerry Smartphone Start Type: loaded manually on demand BlackBe rry Device Driver Research In Motion Limited BlackBerry Device Driver 4.2.0.10 [Drivers] :HKLM RimVSerPort=C:\WINDOWS\SYSTEM32\DRIVERS\RIMSERIAL.SYS ### Driver RIM Virtual Serial Port v2 Start Type: loaded manually on demand RI M Virtual Serial Driver Research in Motion Ltd RIM Modem 2.2.0.3 [Drivers] :HKLM ROOTMODEM=C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS ### Driver Microsoft Legacy Modem Driver Start Type: loaded manually on demand Legacy Non-Pnp Modem Device Driver Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.0 [Drivers] :HKLM RpcLocator=C:\WINDOWS\SYSTEM32\LOCATOR.EXE ### Service Remote Procedure Call (RPC) Locator Manages the RPC name service d atabase. Start Type: loaded manually on demand Rpc Locator Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM RpcSs=C:\WINDOWS\SYSTEM32\SVCHOST.exe ### Service Remote Procedure Call (RPC) Provides the endpoint mapper and other miscellaneous RPC services. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Op erating System 5.1.2600.5512 [Drivers] :HKLM RsFx0103=C:\WINDOWS\SYSTEM32\DRIVERS\RSFX0103.SYS

### Driver RsFx0103 Driver RsFx 0103 driver allows Win32 user-mode application s/services to own and manage Win32 namespaces of the UNC format. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: disab led RsFx Driver Microsoft Corporation Microsoft SQL Server 10.0.2531.0 [Drivers] :HKLM RSVP=C:\WINDOWS\SYSTEM32\RSVP.EXE ### Service QoS RSVP Provides network signaling and local traffic control setu p functionality for QoS-aware programs and control applets. Start Type: loaded m anually on demand Microsoft RSVP Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Drivers] :HKLM SamSs=C:\WINDOWS\SYSTEM32\LSASS.EXE ### Service Security Accounts Manager Stores security information for local us er accounts. Start Type: loaded automatically by Server Manager LSA Shell (Expor t Version) Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM SCardSvr=C:\WINDOWS\SYSTEM32\SCARDSVR.EXE ### Service Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If t his service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded manually on demand Smart Card Resource Management Serv er Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Schedule=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Task Scheduler Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explici tly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft W indows Operating System 5.1.2600.5512 [Drivers] :HKLM Secdrv=C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS ### Driver Secdrv SafeDisc driver Start Type: loaded manually on demand Macrov ision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and M acrovision Japan and Asia K.K. Macrovision SECURITY Driver SECURITY Driver 4.03. 086 2006/09/13 [Drivers] :HKLM seclogon=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Secondary Logon Enables starting processes under alternate credent ials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fai l to start. Start Type: loaded automatically by Server Manager Generic Host Proc ess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM SENS=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service System Event Notification Tracks system events such as Windows log on, network, and power events. Notifies COM+ Event System subscribers of these events. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.26 00.5512 [Drivers] :HKLM serenum=C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS ### Driver Serenum Filter Driver Start Type: loaded manually on demand Serial Port Enumerator Microsoft Corporation Microsoft Windows Operating System 5.1.2600. 5512 [Drivers] :HKLM Serial=C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS ### Driver Serial port driver Start Type: loaded automatically at Kernel initi alization Serial Device Driver Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Drivers] :HKLM Sfloppy=C:\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS ### Driver Start Type: loaded automatically at Kernel initialization SCSI Flop py Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM SharedAccess=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Firewall/Internet Connection Sharing (ICS) Provides networ k address translation, addressing, name resolution and/or intrusion prevention s ervices for a home or small office network. Start Type: loaded automatically by

Server Manager Generic Host Process for Win32 Services Microsoft Corporation Mic rosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM ShellHWDetection=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Shell Hardware Detection Provides notifications for AutoPlay hardw are events. Start Type: loaded automatically by Server Manager Generic Host Proc ess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5. 1.2600.5512 [Drivers] :HKLM splitter=C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS ### Driver Microsoft Kernel Audio Splitter Start Type: loaded manually on dema nd Microsoft Kernel Audio Splitter Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Drivers] :HKLM Spooler=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE ### Service Print Spooler Loads files to memory for later printing. Start Type : loaded automatically by Server Manager Spooler SubSystem App Microsoft Corpora tion Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM sptd=C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS ### Driver Start Type: loaded automatically by the Boot Loader SCSI Pass Throu gh Direct Host Duplex Secure Ltd. SCSI Pass Through Direct 1.56.0.0 [Drivers] :HKLM SQLAgent$SQLEXPRESS=C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQ L10.SQLEXPRESS\MSSQL\BINN\SQLAGENT.EXE ### Service SQL Server Agent (SQLEXPRESS) Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks. Start Type: di sabled SQLAGENT - SQL Server Agent Microsoft Corporation Microsoft SQL Server 10 .0.2531.0 [Drivers] :HKLM SQLBrowser=C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQL BROWSER.EXE ### Service SQL Server Browser Provides SQL Server connection information to c lient computers. Start Type: disabled SQL Browser Service EXE Microsoft Corporat ion Microsoft SQL Server 10.0.2531.0 [Drivers] :HKLM SQLWriter=C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLW RITER.EXE ### Service SQL Server VSS Writer Provides the interface to backup/restore Mic rosoft SQL server through the Windows VSS infrastructure. Start Type: loaded aut omatically by Server Manager SQL Server VSS Writer Microsoft Corporation Microso ft SQL Server 10.0.1600.22 [Drivers] :HKLM sr=C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS ### Driver System Restore Filter Driver Start Type: loaded automatically by th e Boot Loader System Restore Filesystem Filter Driver Microsoft Corporation Micr osoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM srservice=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service System Restore Service Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Pro perties Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.26 00.5512 [Drivers] :HKLM Srv=C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS ### Driver Srv Srv Start Type: loaded manually on demand Server driver Microso ft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM SSDPSRV=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service SSDP Discovery Service Enables discovery of UPnP devices on your h ome network. Start Type: loaded manually on demand Generic Host Process for Win3 2 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM StarWindServiceAE=C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\ST ARWIND\STARWINDSERVICEAE.EXE ### Service StarWind AE Service Enables network access to local burners via iS CSI protocol. Start Type: loaded automatically by Server Manager StarWind iSCSI Target (Alcohol Edition) Rocket Division Software StarWind Alcohol Edition 3.2.3 Build 20070527 [Drivers] :HKLM stisvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Image Acquisition (WIA) Provides image acquisition service

s for scanners and cameras. Start Type: loaded manually on demand Generic Host P rocess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM swenum=C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS ### Driver Software Bus Driver Start Type: loaded manually on demand Plug and Play Software Device Enumerator Microsoft Corporation Microsoft(R) Windows(R) Op erating System 5.3.2600.5512 [Drivers] :HKLM swmidi=C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS ### Driver Microsoft Kernel GS Wavetable Synthesizer Start Type: loaded manual ly on demand Microsoft GS Wavetable Synthesizer Microsoft Corporation Microsoft W indows Operating System 5.1.2600.5512 [Drivers] :HKLM SwPrv=C:\WINDOWS\SYSTEM32\DLLHOST.EXE ### Service MS Software Shadow Copy Provider Manages software-based volume sha dow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabl ed, any services that explicitly depend on it will fail to start. Start Type: lo aded manually on demand COM Surrogate Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Drivers] :HKLM sysaudio=C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS ### Driver Microsoft Kernel System Audio Device Start Type: loaded manually on demand System Audio WDM Filter Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM SysmonLog=C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE ### Service Performance Logs and Alerts Collects performance data from local o r remote computers based on preconfigured schedule parameters, then writes the d ata to a log or triggers an alert. If this service is stopped, performance infor mation will not be collected. If this service is disabled, any services that exp licitly depend on it will fail to start. Start Type: loaded manually on demand P erformance Logs and Alerts Service Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.5512 [Drivers] :HKLM TapiSrv=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Telephony Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer a nd, through the LAN, on servers that are also running the service. Start Type: l oaded manually on demand Generic Host Process for Win32 Services Microsoft Corpo ration Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Tcpip=C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS ### Driver TCP/IP Protocol Driver TCP/IP Protocol Driver Start Type: loaded au tomatically at Kernel initialization TCP/IP Protocol Driver Microsoft Corporatio n Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM TDPIPE=C:\WINDOWS\SYSTEM32\DRIVERS\TDPIPE.SYS ### Driver Start Type: loaded manually on demand Named Pipe Transport Driver M icrosoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM TDTCP=C:\WINDOWS\SYSTEM32\DRIVERS\TDTCP.SYS ### Driver Start Type: loaded manually on demand TCP Transport Driver Microsof t Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM TermDD=C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS ### Driver Terminal Device Driver Start Type: loaded automatically at Kernel i nitialization Terminal Server Driver Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Drivers] :HKLM TermService=C:\WINDOWS\SYSTEM32\SVCHOST.exe ### Service Terminal Services Allows multiple users to be connected interactiv ely to a machine as well as the display of desktops and applications to remote c omputers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Themes=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Themes Provides user experience theme management. Start Type: load ed automatically by Server Manager Generic Host Process for Win32 Services Micro

soft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM TlntSvr=C:\WINDOWS\SYSTEM32\TLNTSVR.EXE ### Service Telnet Enables a remote user to log on to this computer and run pr ograms, and supports various TCP/IP Telnet clients, including UNIX-based and Win dows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: disabled Telnet Microsoft Corporat ion Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM TrkWks=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Distributed Link Tracking Client Maintains links between NTFS file s within a computer or across computers in a network domain. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsof t Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Udfs=C:\WINDOWS\SYSTEM32\DRIVERS\UDFS.SYS ### Driver Start Type: disabled UDF File System Driver Microsoft Corporation M icrosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Update=C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS ### Driver Microcode Update Driver Start Type: loaded manually on demand Updat e Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM upnphost=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Universal Plug and Play Device Host Provides support to host Unive rsal Plug and Play devices. Start Type: loaded manually on demand Generic Host P rocess for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM UPS=C:\WINDOWS\SYSTEM32\UPS.EXE ### Service Uninterruptible Power Supply Manages an uninterruptible power supp ly (UPS) connected to the computer. Start Type: loaded manually on demand UPS Se rvice Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM usbccgp=C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS ### Driver Microsoft USB Generic Parent Driver Start Type: loaded manually on demand USB Common Class Generic Parent Driver Microsoft Corporation Microsoft Win dows Operating System 5.1.2600.5512 [Drivers] :HKLM usbehci=C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS ### Driver Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Start Ty pe: loaded manually on demand EHCI eUSB Miniport Driver Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM usbhub=C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS ### Driver Microsoft USB Standard Hub Driver Start Type: loaded manually on de mand Default Hub Driver for USB Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM USBSTOR=C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS ### Driver USB Mass Storage Driver Start Type: loaded manually on demand USB M ass Storage Class Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM usbuhci=C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS ### Driver Microsoft USB Universal Host Controller Miniport Driver Start Type: loaded manually on demand UHCI USB Miniport Driver Microsoft Corporation Micros oft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM VgaSave=C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS ### Driver Start Type: loaded automatically at Kernel initialization VGA/Super VGA Video Driver Microsoft Corporation Microsoft Windows Operating System 5.1.260 0.5512 [Drivers] :HKLM VolSnap=C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS ### Driver Start Type: loaded automatically by the Boot Loader Volume Shadow C opy Driver Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM VSPerfDrv100=C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\TEA M TOOLS\PERFORMANCE TOOLS\VSPERFDRV100.SYS ### Driver Performance Tools Driver 10.0 Start Type: loaded manually on demand VSPerf Profiling Control Driver Microsoft Corporation Microsoft Visual Studio 201 0 10.0.21104.0

[Drivers] :HKLM VSS=C:\WINDOWS\SYSTEM32\VSSVC.EXE ### Service Volume Shadow Copy Manages and implements Volume Shadow Copies use d for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Start Type: loaded manually on demand Microsoft Volume Shadow Copy Service Microsoft Corporation Mi crosoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM W32Time=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Time Maintains date and time synchronization on all client s and servers in the network. If this service is stopped, date and time synchron ization will be unavailable. If this service is disabled, any services that expl icitly depend on it will fail to start. Start Type: loaded automatically by Server Manager Generic Host Process for Win 32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Wanarp=C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS ### Driver Remote Access IP ARP Driver Remote Access IP ARP Driver Start Type: loaded manually on demand MS Remote Access and Routing ARP Driver Microsoft Cor poration Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Wdf01000=C:\WINDOWS\SYSTEM32\DRIVERS\WDF01000.SYS ### Driver Kernel Mode Driver Frameworks service Start Type: loaded manually o n demand Kernel Mode Driver Framework Runtime Microsoft Corporation Microsoft Win dows Operating System 1.9.7600.16385 [Drivers] :HKLM wdmaud=C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS ### Driver Microsoft WINMM WDM Audio Compatibility Driver Start Type: loaded m anually on demand MMSYSTEM Wave/Midi API mapper Microsoft Corporation Microsoft W indows Operating System 5.1.2600.5512 [Drivers] :HKLM WebClient=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service WebClient Enables Windows-based programs to create, access, and mo dify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend o n it will fail to start. Start Type: loaded automatically by Server Manager Gene ric Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operat ing System 5.1.2600.5512 [Drivers] :HKLM winmgmt=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based softwa re will not function properly. If this service is disabled, any services that ex plicitly depend on it will fail to start. Start Type: loaded automatically by Se rver Manager Generic Host Process for Win32 Services Microsoft Corporation Micro soft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM WmdmPmSN=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Portable Media Serial Number Service Retrieves the serial number o f any portable media player connected to this computer. If this service is stopp ed, protected content might not be down loaded to the device. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporatio n Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM Wmi=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Windows Management Instrumentation Driver Extensions Provides syst ems management information to and from drivers. Start Type: loaded manually on d emand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Win dows Operating System 5.1.2600.5512 [Drivers] :HKLM WmiApSrv=C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE ### Service WMI Performance Adapter Provides performance library information f rom WMI HiPerf providers. Start Type: loaded manually on demand WMI Performance Adapter Service Microsoft Corporation Microsoft Windows Operating System 5.1.2600. 5512 [Drivers] :HKLM WPFFontCache_v0400=C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.303 19\WPF\WPFFONTCACHE_V0400.EXE

### Service Windows Presentation Foundation Font Cache 4.0.0.0 Optimizes perfo rmance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already r unning. It can be disabled, though doing so will degrade the performance of WPF applications. Start Type: loaded manually on demand wpffontcache_v0400.exe Micro soft Corporation Microsoft .NET Framework 4.0.30319.1 [Drivers] :HKLM WS2IFSL=C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS ### Driver Windows Socket 2.0 Non-IFS Service Provider Support Environment Sta rt Type: disabled Winsock2 IFS Layer Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.0 [Drivers] :HKLM wscsvc=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Security Center Monitors system security settings and configuratio ns. Start Type: loaded automatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5 512 [Drivers] :HKLM wuauserv=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Automatic Updates Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Start Type: loaded au tomatically by Server Manager Generic Host Process for Win32 Services Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Drivers] :HKLM WZCSVC=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Wireless Zero Configuration Provides automatic configuration for t he 802.11 adapters Start Type: loaded automatically by Server Manager Generic Ho st Process for Win32 Services Microsoft Corporation Microsoft Windows Operating Sy stem 5.1.2600.5512 [Drivers] :HKLM xmlprov=C:\WINDOWS\SYSTEM32\SVCHOST.EXE ### Service Network Provisioning Service Manages XML configuration files on a domain basis for automatic network provisioning. Start Type: loaded manually on demand Generic Host Process for Win32 Services Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.5512 [Drivers] :HKLM ZD1211BU(TP-LINK)=C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.SYS ### Driver TL-WN322G Wireless USB Adapter Driver(TP-LINK) Start Type: loaded m anually on demand ZD1211B 802.11 b+g USB LAN Driver Atheros Technology Corporati on ZD1211B 802.11 b+g USB LAN Adapter 1, 2, 1, 1 [Drivers] :HKLM ZDPSp50=C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSP50.SYS ### Driver ZDPSp50 NDIS Protocol Driver Start Type: loaded manually on demand PCAUSA NDIS 5.0 SPR Protocol Driver Printing Communications Assoc., Inc. (PCAUSA ) PCAUSA Rawether for Windows 5.5.18.02 [Codecs] :HKLM midimapper=C:\WINDOWS\System32\MIDIMAP.DLL ### Microsoft MIDI Mapper Microsoft Corporation Microsoft Windows Operating Syst em 5.1.2600.5512 [Codecs] :HKLM msacm.imaadpcm=C:\WINDOWS\System32\IMAADP32.ACM ### IMA ADPCM CODEC for MSACM Microsoft Corporation Microsoft Windows Operating System 5.1.2600.5512 [Codecs] :HKLM msacm.msadpcm=C:\WINDOWS\System32\MSADP32.ACM ### Microsoft ADPCM CODEC for MSACM Microsoft Corporation Microsoft Windows Oper ating System 5.1.2600.5512 [Codecs] :HKLM msacm.msg711=C:\WINDOWS\System32\MSG711.ACM ### Microsoft CCITT G.711 (A-Law and u-Law) CODEC for MSACM Microsoft Corporat ion Microsoft Windows Operating System 5.1.2600.0 [Codecs] :HKLM msacm.msgsm610=C:\WINDOWS\System32\MSGSM32.ACM ### Microsoft GSM 6.10 Audio CODEC for MSACM Microsoft Corporation Microsoft Wi ndows Operating System 5.1.2600.0 [Codecs] :HKLM msacm.trspch=C:\WINDOWS\System32\TSSOFT32.ACM ### DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50 DSP GROUP, INC. DSP G ROUP Windows NT(TM) TrueSpeech CODEC 1.01 [Codecs] :HKLM vidc.cvid=C:\WINDOWS\System32\ICCVID.DLL ### Cinepak Codec Radius Inc. Cinepak for Windows 32 1.10.0.0 [Codecs] :HKLM vidc.I420=C:\WINDOWS\System32\MSH263.DRV

### Microsoft H.263 ICM Driver Microsoft Corporation Windows NetMeeting 3.01 [Codecs] :HKLM vidc.iv31=C:\WINDOWS\System32\IR32_32.DLL [Codecs] :HKLM vidc.iv32=C:\WINDOWS\System32\IR32_32.DLL [Codecs] :HKLM vidc.iv41=C:\WINDOWS\System32\IR41_32.AX ### Intel Indeo Video 4.5 Intel Corporation Intel Indeo Video 4.5 4.51.16.03 [Codecs] :HKLM vidc.iyuv=C:\WINDOWS\System32\IYUV_32.DLL ### Intel Indeo(R) Video YUV Codec Microsoft Corporation Microsoft Windows Opera ting System 5.1.2600.5512 [Codecs] :HKLM vidc.mrle=C:\WINDOWS\System32\MSRLE32.DLL ### Microsoft RLE Compressor Microsoft Corporation Microsoft Windows Operating S ystem 5.1.2600.5512 [Codecs] :HKLM vidc.msvc=C:\WINDOWS\System32\MSVIDC32.DLL ### Microsoft Video 1 Compressor Microsoft Corporation Microsoft Windows Operati ng System 5.1.2600.0 [Codecs] :HKLM vidc.uyvy=C:\WINDOWS\System32\MSYUV.DLL ### Microsoft UYVY Video Decompressor Microsoft Corporation Microsoft(R) Windo ws(R) Operating System 5.3.2600.5512 [Codecs] :HKLM vidc.yuy2=C:\WINDOWS\System32\MSYUV.DLL ### Microsoft UYVY Video Decompressor Microsoft Corporation Microsoft(R) Windo ws(R) Operating System 5.3.2600.5512 [Codecs] :HKLM vidc.yvu9=C:\WINDOWS\System32\TSBYUV.DLL ### Toshiba Video Codec Microsoft Corporation Microsoft Windows Operating System 5.1.2600.0 [Codecs] :HKLM vidc.yvyu=C:\WINDOWS\System32\MSYUV.DLL ### Microsoft UYVY Video Decompressor Microsoft Corporation Microsoft(R) Windo ws(R) Operating System 5.3.2600.5512 [Codecs] :HKLM wavemapper=C:\WINDOWS\System32\MSACM32.DRV ### Microsoft Sound Mapper Microsoft Corporation Microsoft Windows Operating Sys tem 5.1.2600.0 [Codecs] :HKLM msacm.msg723=C:\WINDOWS\System32\MSG723.ACM ### Microsoft G.723.1 CODEC for MSACM Microsoft Corporation Windows NetMeeting 3 .01 [Codecs] :HKLM vidc.M263=C:\WINDOWS\System32\MSH263.DRV ### Microsoft H.263 ICM Driver Microsoft Corporation Windows NetMeeting 3.01 [Codecs] :HKLM vidc.M261=C:\WINDOWS\System32\MSH261.DRV ### Microsoft H.261 ICM Driver Microsoft Corporation Windows NetMeeting 3.01 [Codecs] :HKLM msacm.msaudio1=C:\WINDOWS\System32\MSAUD32.ACM ### Windows Media Audio Microsoft Corporation Windows Media Audio 8.00.00.4487 [Codecs] :HKLM msacm.sl_anet=C:\WINDOWS\System32\SL_ANET.ACM ### Audio codec for MS ACM Sipro Lab Telecom Inc. ACELP.net Audio Codec 3.02 [Codecs] :HKLM msacm.iac2=C:\WINDOWS\SYSTEM32\IAC25_32.AX ### Indeo audio software Intel Corporation Indeo audio software 2.05.53 [Codecs] :HKLM vidc.iv50=C:\WINDOWS\System32\IR50_32.DLL ### Intel Indeo video 5.10 Intel Corporation Intel Indeo video 5.10 R.5.10.15.2. 55 [Codecs] :HKLM msacm.l3acm=C:\WINDOWS\SYSTEM32\L3CODECA.ACM ### MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltu ngen IIS MPEG Layer-3 Audio Codec for MSACM 1, 0, 0, 0 [Codecs] :HKLM wave=C:\WINDOWS\System32\WDMAUD.DRV ### WDM Audio driver mapper Microsoft Corporation Microsoft Windows Operating stem 5.1.2600.5512 [Codecs] :HKLM midi=C:\WINDOWS\System32\WDMAUD.DRV ### WDM Audio driver mapper Microsoft Corporation Microsoft Windows Operating stem 5.1.2600.5512 [Codecs] :HKLM mixer=C:\WINDOWS\System32\WDMAUD.DRV ### WDM Audio driver mapper Microsoft Corporation Microsoft Windows Operating stem 5.1.2600.5512 [Codecs] :HKLM aux=C:\WINDOWS\System32\WDMAUD.DRV ### WDM Audio driver mapper Microsoft Corporation Microsoft Windows Operating

Sy Sy Sy Sy

stem 5.1.2600.5512 [Codecs] :HKLM msacm.ac3filter=C:\WINDOWS\System32\AC3FILTER.ACM [Codecs] :HKLM VIDC.XVID=C:\WINDOWS\System32\XVIDVFW.DLL [Codecs] :HKLM VIDC.YV12=C:\WINDOWS\System32\YV12VFW.DLL ### Helix YV12 YUV Codec www.helixcommunity.org Helix YV12 YUV Codec Helix YV1 2 YUV Codec [Codecs] :HKLM msacm.ac3acm=C:\WINDOWS\System32\AC3ACM.ACM ### AC-3 ACM Codec fccHandler AC-3 ACM Codec 1, 5, 0, 0 [Codecs] :HKLM msacm.lameacm=C:\WINDOWS\System32\LAMEACM.ACM ### Lame MP3 codec engine http://www.mp3dev.org/ Lame MP3 codec 0.9.2 [Codecs] :HKLM VIDC.FFDS=C:\WINDOWS\System32\FF_VFW.DLL [Codecs] :HKLM msacm.divxa32=C:\WINDOWS\System32\MSAUD32_DIVX.ACM ### Windows Media Audio Microsoft Corporation Windows Media Audio 8.00.00.4487 [Auto Start Apps] [Registry Run] :HKLM IgfxTray=C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE ### igfxTray Module Intel Corporation Intel(R) Common User Interface 6.14.10.4 926 [Registry Run] :HKLM HotKeysCmds=C:\WINDOWS\SYSTEM32\HKCMD.EXE ### hkcmd Module Intel Corporation Intel(R) Common User Interface 6.14.10.4926 [Registry Run] :HKLM Persistence=C:\WINDOWS\SYSTEM32\IGFXPERS.EXE ### persistence Module Intel Corporation Intel(R) Common User Interface 6.14.1 0.4926 [Registry Run] :HKLM RTHDCPL=C:\WINDOWS\RTHDCPL.EXE ### Realtek HD Audio Control Panel Realtek Semiconductor Corp. Realtek HD Audi o Sound Effect Manager 2.1.4.2 [Registry Run] :HKLM SkyTel=C:\WINDOWS\SKYTEL.EXE ### Realtek Voice Manager Realtek Semiconductor Corp. Realtek Voice Manager 2.0.1.19 [Registry Run] :HKLM Alcmtr=C:\WINDOWS\ALCMTR.EXE ### Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. Realtek A C97 Audio - Event Monitor 1.6.0.2 [Registry Run] :HKLM GrooveMonitor=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ GROOVEMONITOR.EXE ### GrooveMonitor Utility Microsoft Corporation GrooveMonitor Utility 4.2.0.26 23 [Registry Run] :HKLM SunJavaUpdateSched=C:\PROGRAM FILES\COMMON FILES\JAVA\JAV A UPDATE\JUSCHED.EXE ### Java(TM) Update Scheduler Sun Microsystems, Inc. Java(TM) Platform SE Auto Updater 2 0 2.0.2.4 [Registry Run] :HKLM QuickTime Task=C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE ### QuickTime Task Apple Inc. QuickTime QuickTime 7.6.9 (1680.9) [Registry Run] :HKLM Adobe Acrobat Speed Launcher=C:\PROGRAM FILES\ADOBE\ACROB AT 9.0\ACROBAT\ACROBAT_SL.EXE ### Adobe Acrobat SpeedLauncher Adobe Systems Incorporated Adobe Acrobat 9.0.0 .2008061200 [Registry Run] :HKLM "Default Value"="" ### File is deleted or hidden by rootkit or could not be located. [Registry Run] :HKLM Acrobat Assistant 8.0=C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ ACROBAT\ACROTRAY.EXE ### AcroTray Adobe Systems Inc. AcroTray - Adobe Acrobat Distiller helper appl ication. 9.0.0.2008061100 [Registry Run] :HKLM AdobeCS4ServiceManager=C:\PROGRAM FILES\COMMON FILES\ADOB E\CS4SERVICEMANAGER\CS4SERVICEMANAGER.EXE ### Adobe CS4 Service Manager Adobe Systems Incorporated Adobe CS4 Service Man ager 4, 0, 0 [Registry Run] :HKLM bsf=BSF.EXE ### org min 1.00 [Registry Run] :HKLM RegRun WinBait=C:\WINDOWS\WINBAIT.EXE

[Registry Run] :HKLM @RegRunOnSecure=C:\PROGRA~1\GREATIS\REGRUN~1\ONSECURE.EXE ### Secure Start Support Application Greatis Software RegRun Security Suite 3. 4 [Registry Run] :HKCU Google Update=C:\DOCUMENTS AND SETTINGS\JOY\LOCAL SETTING S\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE ### Google Installer Google Inc. Google Update 1.2.183.21 [Registry Run] :HKCU IDMan=C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EX E ### Internet Download Manager (IDM) Tonec Inc. Internet Download Manager (IDM) 5, 17, 1, 0 [Registry Run] :HKCU AlcoholAutomount=C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 12 0\AXCMD.EXE ### Alcohol Launcher Alcohol Soft Development Team Alcohol Soft Development Te am 1.9 [Registry Run] :HKCU ctfmon.exe=C:\WINDOWS\SYSTEM32\CTFMON.EXE ### CTF Loader Microsoft Corporation Microsoft Windows Operating System 5.1.2600 .5512 [Registry Run] :HKCU Skype=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE ### Skype Skype Technologies S.A. Skype 5.1 [Registry Run] :HKCU Registry=C:\PROGRAM FILES\GREATIS\REGRUNSUITE\LSOON.EXE ### Launch application with delay Greatis Software RegRun Security Suite 6.9 [Registry Run] :HKCU Regrun2=C:\PROGRA~1\GREATIS\REGRUN~1\WATCHDOG.EXE ### WatchDog Greatis Software RegRun Security Suite 6.9 [Registry Run] :HKCU UnHackMe Monitor=C:\PROGRAM FILES\UNHACKME\HACKMON.EXE ### Detects Rootkits in background Greatis Software UnHackMe 5.8 [Win.ini] :HKCU load="" ### File is deleted or hidden by rootkit or could not be located. [Win.ini] :HKCU run="" ### File is deleted or hidden by rootkit or could not be located. [Startup Folder] OneNote 2007 Screen Clipper and Launcher.lnk=C:\PROGRAM FILES \MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE ### Microsoft Office OneNote Quick Launcher Microsoft Corporation Microsoft Of fice OneNote 12.0.4518.1014 [Scheduled Tasks] bsf=C:\WINDOWS\SYSTEM32\BSF.EXE ### org min 1.00 [Scheduled Tasks] GoogleUpdateTaskMachineCore=C:\PROGRAM FILES\GOOGLE\UPDATE\G OOGLEUPDATE.EXE ### Google Installer Google Inc. Google Update 1.2.183.21 [Scheduled Tasks] GoogleUpdateTaskMachineUA=C:\PROGRAM FILES\GOOGLE\UPDATE\GOO GLEUPDATE.EXE ### Google Installer Google Inc. Google Update 1.2.183.21 [Scheduled Tasks] GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-160698084 8-1003Core=C:\DOCUMENTS AND SETTINGS\JOY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\ UPDATE\GOOGLEUPDATE.EXE ### Google Installer Google Inc. Google Update 1.2.183.21 [Scheduled Tasks] GoogleUpdateTaskUserS-1-5-21-1547161642-1715567821-160698084 8-1003UA=C:\DOCUMENTS AND SETTINGS\JOY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UP DATE\GOOGLEUPDATE.EXE ### Google Installer Google Inc. Google Update 1.2.183.21 [Uninstall] [Applications] :HKLM AC3Filter 1.63b="C:\Program Files\AC3Filter\unins000.exe" ### AC3Filter_is1 Setup/Uninstall [Applications] :HKLM AddressBook ### AddressBook [Applications] :HKLM Adobe Flash Player 10 ActiveX=C:\WINDOWS\system32\Macrome d\Flash\FlashUtil10l_ActiveX.exe -maintain activex ### Adobe Flash Player ActiveX Adobe Flash Player Installer/Uninstaller 10.1 r10 2 Adobe Systems, Inc. Flash Player Installer/Uninstaller 10,1,102,64 [Applications] :HKLM Adobe Flash Player 10 Plugin=C:\WINDOWS\system32\Macromed \Flash\FlashUtil10l_Plugin.exe -maintain plugin

### Adobe Flash Player Plugin Adobe Flash Player Installer/Uninstaller 10.1 r102 Adobe Systems, Inc. Flash Player Installer/Uninstaller 10,1,102,64 [Applications] :HKLM Adobe Photoshop CS4=C:\Program Files\Common Files\Adobe\I nstallers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 ### Adobe_faf656ef605427ee2f42989c3ad31b8 Adobe Setup Adobe Systems, Copyright 2005-2008 Adobe Setup 2,0,133,0 [Applications] :HKLM AutoCAD MEP 2008=C:\Program Files\AutoCAD MEP 2008\Setup\ Setup.exe /P {5783F2D7-6006-0409-0002-0060B0CE6BBA} /M ACAD ### AutoCAD MEP 2008 AutoCAD component Autodesk, Inc. AutoCAD 17.1.51.0 [Applications] :HKLM Autodesk DWF Viewer=MsiExec.exe /I{9A346205-EA92-4406-B1A B-50379DA3F057} ### Autodesk DWF Viewer Windows installer Microsoft Corporation Windows Install er - Unicode 4.5.6001.22159 [Applications] :HKLM BlackBerry Desktop Software 6.0.1=MsiExec.exe /i{84A78614 -0E4B-4A4E-BA8C-2B0A05A08E4E} ### BlackBerry_Desktop Windows installer Microsoft Corporation Windows Installe r - Unicode 4.5.6001.22159 [Applications] :HKLM Branding ### Branding [Applications] :HKLM Conduit Engine=C:\PROGRA~1\CONDUI~1\ConduitEngineUninstal l.exe ### conduitEngine Conduit Engine Uninstall Conduit Ltd. Conduit Engine Uninsta ll 1, 0, 2, 0 [Applications] :HKLM Connection Manager ### Connection Manager [Applications] :HKLM DirectAnimation ### DirectAnimation [Applications] :HKLM DirectDrawEx ### DirectDrawEx [Applications] :HKLM DXM_Runtime ### DXM_Runtime [Applications] :HKLM Microsoft Office Enterprise 2007="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall E NTERPRISE /dll OSETUP.DLL ### ENTERPRISE Microsoft Setup Bootstrapper Microsoft Corporation Microsoft Se tup Bootstrapper 12.0.4518.1014 [Applications] :HKLM Fontcore ### Fontcore [Applications] :HKLM Free PDF to Word Doc Converter v1.1="C:\Program Files\Fre e PDF to Word Doc Converter\unins000.exe" ### Free PDF to Word Doc Converter_is1 Setup/Uninstall 0.0.0.0 [Applications] :HKLM GOM Player="C:\Program Files\GRETECH\GomPlayer\Uninstall. exe" ### GOM Player GOM Player Setup File (2010-11-18 ?? 5:16:01) Gretech Corporati on GOM Player 2.1.28.5039 [Applications] :HKLM Intel(R) Graphics Media Accelerator Driver=C:\WINDOWS\sys tem32\igxpun.exe -uninstall ### HDMI Intel Graphics Media Accelerator Driver installer Intel Corporation Int el Graphics Media Accelerator Driver 1, 1, 6, 0 [Applications] :HKLM Hidden Finder 1.5.6="C:\Program Files\HiddenFinder\unins0 00.exe" ### Hidden Finder_is1 Setup/Uninstall [Applications] :HKLM ICW ### ICW [Applications] :HKLM IE40 ### IE40 [Applications] :HKLM IE4Data ### IE4Data [Applications] :HKLM IE5BAKEX ### IE5BAKEX

[Applications] :HKLM IEData ### IEData [Applications] :HKLM Internet Download Manager=C:\Program Files\Internet Downl oad Manager\Uninstall.exe ### Internet Download Manager Internet Download Manager installer Tonec Inc. I nternet Download Manager installer 5, 16, 3, 0 [Applications] :HKLM KB884016 ### KB884016 [Applications] :HKLM KB893803 ### KB893803 [Applications] :HKLM KB893803v2 ### KB893803v2 [Applications] :HKLM KB935695_Beta ### KB935695_Beta [Applications] :HKLM Hotfix for Windows XP (KB942288-v3)="C:\WINDOWS\$NtUninst allKB942288-v3$\spuninst\spuninst.exe" ### KB942288-v3 Windows Service Pack Uninstall Microsoft Corporation Microsoft Windows Operating System 6.3.0013.0 [Applications] :HKLM Hotfix for Windows XP (KB954550-v5) ### KB954550-v5 [Applications] :HKLM Hotfix for Windows XP (KB958655-v2)="C:\WINDOWS\$NtUninst allKB958655-v2$\spuninst\spuninst.exe" ### KB958655-v2 Windows Service Pack Uninstall Microsoft Corporation Microsoft Windows Operating System 6.3.0013.0 [Applications] :HKLM Service Pack 1 for SQL Server 2008 (KB968369)="C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePac k\setup.exe" /Action=RemovePatch /AllInstances ### KB968369 Native SQL Install Bootstrapper Microsoft Corporation Microsoft S QL Server 10.0.2731.23 [Applications] :HKLM K-Lite Codec Pack 6.6.6 (Full)="C:\Program Files\K-Lite C odec Pack\unins000.exe" ### KLiteCodecPack_is1 Setup/Uninstall [Applications] :HKLM Microsoft .NET Framework 3.5 SP1=C:\WINDOWS\Microsoft.NET \Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe ### Microsoft .NET Framework 3.5 SP1 Suite Integration Toolkit Executable Micr osoft Corporation Microsoft Visual Studio 2008 9.0.30729.1 [Applications] :HKLM Microsoft .NET Framework 4 Client Profile=C:\WINDOWS\Micr osoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /paramet erfolder Client ### Microsoft .NET Framework 4 Client Profile Setup Installer Microsoft Corpor ation Microsoft .NET Framework 10.0.30319.1 [Applications] :HKLM Microsoft .NET Framework 4 Extended=C:\WINDOWS\Microsoft. NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfo lder Extended ### Microsoft .NET Framework 4 Extended Setup Installer Microsoft Corporation Microsoft .NET Framework 10.0.30319.1 [Applications] :HKLM Microsoft Help Viewer 1.0=C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe ### Microsoft Help Viewer 1.0 External Installer Microsoft Corporation Microso ft Visual Studio 2010 10.0.30319.1 [Applications] :HKLM Microsoft SQL Server 2008="C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86 ### Microsoft SQL Server 10 Managed SQL Server ARP Dialog Microsoft Corporatio n Microsoft SQL Server 10.0.1600.22 [Applications] :HKLM Microsoft SQL Server 2008="C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86 ### Microsoft SQL Server 10 Release Managed SQL Server ARP Dialog Microsoft Co rporation Microsoft SQL Server 10.0.1600.22 [Applications] :HKLM Microsoft Team Foundation Server 2010 Object Model - ENU= MsiExec.exe /X{6ED37A91-7710-3183-BE50-AB043FF6689E}

### Microsoft Team Foundation Server 2010 Object Model - ENU Windows installer Microsoft Corporation Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 Tools for Office Runtime (x8 6)=C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Stu dio 2010 Tools for Office Runtime (x86)\install.exe ### Microsoft Visual Studio 2010 Tools for Office Runtime (x86) External Insta ller Microsoft Corporation Microsoft Visual Studio 2010 10.0.30319.1 [Applications] :HKLM Microsoft Visual Studio 2010 Ultimate - ENU=C:\Program Fi les\Microsoft Visual Studio 10.0\Microsoft Visual Studio 2010 Ultimate - ENU\set up.exe ### Microsoft Visual Studio 2010 Ultimate - ENU Suite Integration Toolkit Exec utable Microsoft Corporation Microsoft Visual Studio 2010 10.0.30319.1 [Applications] :HKLM Microsoft Visual Studio Macro Tools=msiexec.exe /uninstal l {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3} ### Microsoft Visual Studio Macro Tools Windows installer Microsoft Corporation Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM MobileOptionPack ### MobileOptionPack [Applications] :HKLM MPlayer2 ### MPlayer2 [Applications] :HKLM MSI30-Beta1 ### MSI30-Beta1 [Applications] :HKLM MSI30-Beta2 ### MSI30-Beta2 [Applications] :HKLM MSI30-KB884016 ### MSI30-KB884016 [Applications] :HKLM MSI30-RC1 ### MSI30-RC1 [Applications] :HKLM MSI30-RC2 ### MSI30-RC2 [Applications] :HKLM MSI30a-KB884016 ### MSI30a-KB884016 [Applications] :HKLM MSI31-Beta ### MSI31-Beta [Applications] :HKLM MSI31-RC1 ### MSI31-RC1 [Applications] :HKLM NetMeeting ### NetMeeting [Applications] :HKLM NVIDIA Drivers ### NVIDIA Drivers [Applications] :HKLM OutlookExpress ### OutlookExpress [Applications] :HKLM PCHealth=rundll32.exe setupapi.dll,InstallHinfSection Def aultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ### PCHealth [Applications] :HKLM PFPortChecker 1.0.39=C:\Program Files\PFPortChecker\unins t.exe ### PFPortChecker [Applications] :HKLM RegRun Security Suite Platinum=C:\Program Files\Greatis\R egRunSuite\R3UR.exe ### RegRun Security Suite_is1 Uninstall Routine Greatis Software RegRun Securi ty Suite 6.9 [Applications] :HKLM SchedulingAgent ### SchedulingAgent [Applications] :HKLM Softonic-Eng7 Toolbar=C:\PROGRA~1\SOFTON~1\UNWISE.EXE / U C:\PROGRA~1\SOFTON~1\INSTALL.LOG ### Softonic-Eng7 Toolbar [Applications] :HKLM UnHackMe 5.99 release="C:\Program Files\UnHackMe\unins000 .exe" ### UnHackMe_is1 Setup/Uninstall Inno Setup 0.0.0.0

[Applications] :HKLM Vdns Client/Server v2.0=C:\PROGRA~1\Vdns\UNWISE.EXE C:\PR OGRA~1\Vdns\INSTALL.LOG ### Vdns Client/Server v2.0 [Applications] :HKLM Wdf01000 ### Wdf01000 [Applications] :HKLM Wdf01001 ### Wdf01001 [Applications] :HKLM Wdf01005 ### Wdf01005 [Applications] :HKLM Wdf01007 ### Wdf01007 [Applications] :HKLM Microsoft Kernel-Mode Driver Framework Feature Pack 1.9=" C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe" ### Wdf01009 Windows Service Pack Uninstall Microsoft Corporation Microsoft Win dows Operating System 6.3.0015.0 [Applications] :HKLM WIC ### WIC [Applications] :HKLM WinRAR archiver=C:\Program Files\WinRAR\uninstall.exe ### WinRAR archiver [Applications] :HKLM Adobe Color NA Recommended Settings CS4=MsiExec.exe /I{00 ADFB20-AE75-46F4-AD2C-F48B15AC3100} ### {00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 Office Developer Tools (x86) =MsiExec.exe /X{035400A4-29BD-3723-BEED-E2718A68CDE0} ### {035400A4-29BD-3723-BEED-E2718A68CDE0} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Update Manager CS4=MsiExec.exe /I{05308C4E-7285-406 6-BAE3-6B50DA6ED755} ### {05308C4E-7285-4066-BAE3-6B50DA6ED755} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM kuler=MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243 } ### {098727E1-775A-4450-B573-3F441F1CA243} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft .NET Framework 4 Extended=MsiExec.exe /X{0A0CAD CF-78DA-33C4-A350-CD51849B9702} ### {0A0CADCF-78DA-33C4-A350-CD51849B9702} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Color JA Extra Settings CS4=MsiExec.exe /I{0D6013AB -A0C7-41DC-973C-E93129C9A29F} ### {0D6013AB-A0C7-41DC-973C-E93129C9A29F} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Setup=MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B 433F23} ### {0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 R2 Data-Tier Application Framew ork=MsiExec.exe /I{0DDCEC37-369C-484B-B16D-B4413FD42FB9} ### {0DDCEC37-369C-484B-B16D-B4413FD42FB9} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Web Deployment Tool=MsiExec.exe /I{0F37D969-1260-419E-B30 8-EF7D29ABDE20} ### {0F37D969-1260-419E-B308-EF7D29ABDE20} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe CSI CS4=MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80 AD292DAF} ### {0F723FC1-7606-4867-866C-CE80AD292DAF} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 E

NU=MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C} ### {112C23F2-C036-4D40-BED4-0CB47BF5555C} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 ADO.NET Entity Framework Too ls=MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C} ### {14DD7530-CCD2-3798-B37D-3839ED6A441C} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Anchor Service CS4=MsiExec.exe /I{1618734A-3957-4AD D-8199-F973763109A8} ### {1618734A-3957-4ADD-8199-F973763109A8} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM AdobeColorCommonSetRGB=MsiExec.exe /I{16E6D2C1-7C90-43098EC4-D2212690AAA4} ### {16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 Performance Collection Tools - ENU=MsiExec.exe /I{170DE2A7-4768-370C-9671-D8D17826EFBF} ### {170DE2A7-4768-370C-9671-D8D17826EFBF} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft ASP.NET MVC 2=MsiExec.exe /X{1803A630-3C38-4D2B -9B9A-0CB37243539C} ### {1803A630-3C38-4D2B-9B9A-0CB37243539C} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Common Files=MsiExec.exe /I{196 E77C5-F524-4B50-BD1A-2C21EEE9B8F7} ### {196E77C5-F524-4B50-BD1A-2C21EEE9B8F7} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Silverlight 3 SDK=MsiExec.exe /X{2012098D-EEE94769-8DD3-B038050854D4} ### {2012098D-EEE9-4769-8DD3-B038050854D4} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Java(TM) 6 Update 22=MsiExec.exe /X{26A24AE4-039D-4CA4-87 B4-2F83216022FF} ### {26A24AE4-039D-4CA4-87B4-2F83216022FF} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server System CLR Types=MsiExec.exe /I{2A2F 3AE8-246A-4252-BB26-1BEB45627074} ### {2A2F3AE8-246A-4252-BB26-1BEB45627074} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 SharePoint Developer Tools=M siExec.exe /X{2D9FEBEE-F1B7-344F-BFDF-760E18332D96} ### {2D9FEBEE-F1B7-344F-BFDF-760E18332D96} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 RsFx Driver=MsiExec.exe /I{33AE 9E89-47C9-4A0D-9E9D-BDD6966A3804} ### {33AE9E89-47C9-4A0D-9E9D-BDD6966A3804} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM WebFldrs XP ### {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} [Applications] :HKLM PDF Settings CS4=MsiExec.exe /I{35D94F92-1D3A-43C5-8605-E A268B1A7BD9} ### {35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe XMP Panels CS4=MsiExec.exe /I{3A4E8896-C2E7-4084-A4 A4-B8FD1894E739} ### {3A4E8896-C2E7-4084-A4A4-B8FD1894E739} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server Compact 3.5 SP2 ENU=MsiExec.exe /I{3 A9FC03D-C685-4831-94CF-4EDFD3749497} ### {3A9FC03D-C685-4831-94CF-4EDFD3749497} Windows installer Microsoft Corporat

ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 Tools for Office Runtime (x8 6)=MsiExec.exe /X{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841} ### {3BB19A2B-B9C5-3872-8FDF-3047CC9F9841} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft .NET Framework 4 Client Profile=MsiExec.exe /X{ 3C3901C5-3455-3E0A-A214-0B093A5070A6} ### {3C3901C5-3455-3E0A-A214-0B093A5070A6} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Color - Photoshop Specific CS4=MsiExec.exe /I{3D2C9 DE6-9ADE-4252-A241-E43723B0CE02} ### {3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe WinSoft Linguistics Plugin=MsiExec.exe /I{3DA8DF9A044E-46C4-8531-DEDBB0EE37FF} ### {3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools=MsiExe c.exe /X{40416836-56CC-4C0E-A6AF-5C34BADCE483} ### {40416836-56CC-4C0E-A6AF-5C34BADCE483} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Dotfuscator Software Services - Community Edition=MsiExec .exe /X{41B31ABE-5A6E-498A-8F28-3BA3B8779A41} ### {41B31ABE-5A6E-498A-8F28-3BA3B8779A41} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Help Viewer 1.0=MsiExec.exe /X{47C39E4A-28F2-33 B1-B9B7-97F24E52D917} ### {47C39E4A-28F2-33B1-B9B7-97F24E52D917} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Database Engine Shared=MsiExec. exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78} ### {4815BD99-96A4-49FE-A885-DCF06E9E4E78} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Service Manager Extension=MsiExec.exe /I{4943EFF5-2 29F-435D-BEA9-BE3CAEA783A7} ### {4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Java Auto Updater ### {4A03706F-666A-4037-7777-5F2748764D10} [Applications] :HKLM Microsoft SQL Server 2008 Common Files=MsiExec.exe /I{4A6 F34E2-09E5-4616-B227-4A26A488A6F9} ### {4A6F34E2-09E5-4616-B227-4A26A488A6F9} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 R2 Management Objects=MsiExec.e xe /I{4E968D9C-21A7-4915-B698-F7AEB913541D} ### {4E968D9C-21A7-4915-B698-F7AEB913541D} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Native Client=MsiExec.exe /I{4F 44B5AE-82A6-4A8A-A3E3-E24D489728E3} ### {4F44B5AE-82A6-4A8A-A3E3-E24D489728E3} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM VBA (2627.01) ### {5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6} [Applications] :HKLM Adobe Color EU Extra Settings CS4=MsiExec.exe /I{5570C7F0 -43D0-4916-8A9E-AEDD52FA86F4} ### {5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM QuickTime=MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4 E02C} ### {57752979-A1C9-4C02-856B-FBB27AC4E02C} Windows installer Microsoft Corporat

ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM AutoCAD MEP 2008 ### {5783F2D7-6006-0409-0002-0060B0CE6BBA} [Applications] :HKLM Microsoft SQL Server 2008 Database Engine Services=MsiExe c.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10} ### {58721EC3-8D4E-4B79-BC51-1054E2DDCD10} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Color Video Profiles CS CS4=MsiExec.exe /I{63C24A08 -70F3-4C8E-B9FB-9F21A903801D} ### {63C24A08-70F3-4C8E-B9FB-9F21A903801D} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Photoshop CS4 Support=MsiExec.exe /I{63E5CDBF-82144F03-84F8-CD3CE48639AD} ### {63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM AdobeColorCommonSetCMYK=MsiExec.exe /I{68243FF8-83CA-466B -B2B8-9F99DA5479C4} ### {68243FF8-83CA-466B-B2B8-9F99DA5479C4} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319=MsiEx ec.exe /X{6A86554B-8928-30E4-A53C-D7337689134D} ### {6A86554B-8928-30E4-A53C-D7337689134D} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio Macro Tools=MsiExec.exe /X{6CDEAD 7E-F8D8-37F7-AB6F-1E22716E30F3} ### {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Team Foundation Server 2010 Object Model - ENU= MsiExec.exe /I{6ED37A91-7710-3183-BE50-AB043FF6689E} ### {6ED37A91-7710-3183-BE50-AB043FF6689E} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual F# 2.0 Runtime=MsiExec.exe /X{729A3000-B C8A-3B74-BA5D-5068FE12D70C} ### {729A3000-BC8A-3B74-BA5D-5068FE12D70C} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 R2 Transact-SQL Language Servic e=MsiExec.exe /I{78C3657E-742C-40B1-9F53-E5A921D40F17} ### {78C3657E-742C-40B1-9F53-E5A921D40F17} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Type Support CS4=MsiExec.exe /I{820D3F45-F6EE-4AAF81EF-CE21FF21D230} ### {820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Bridge CS4=MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2 BAC22E093E0} ### {83877DB1-8B77-45BC-AB43-2BAC22E093E0} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Suite Shared Configuration CS4=MsiExec.exe /I{842B4B72-9E 8F-4962-B3C1-1C422A5C4434} ### {842B4B72-9E8F-4962-B3C1-1C422A5C4434} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM BlackBerry Desktop Software 6.0.1=MsiExec.exe /I{84A78614 -0E4B-4A4E-BA8C-2B0A05A08E4E} ### {84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Silverlight=MsiExec.exe /X{89F4137D-6C26-4A84-B DB8-2E5A4BB71E00} ### {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Software Update for Web Folders (English) 12

### {90120000-0010-0409-0000-0000000FF1CE} [Applications] :HKLM Microsoft Office Access MUI (English) 2007=MsiExec.exe /X {90120000-0015-0409-0000-0000000FF1CE} ### {90120000-0015-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Excel MUI (English) 2007=MsiExec.exe /X{ 90120000-0016-0409-0000-0000000FF1CE} ### {90120000-0016-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office PowerPoint MUI (English) 2007=MsiExec.ex e /X{90120000-0018-0409-0000-0000000FF1CE} ### {90120000-0018-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Publisher MUI (English) 2007=MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} ### {90120000-0019-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Outlook MUI (English) 2007=MsiExec.exe / X{90120000-001A-0409-0000-0000000FF1CE} ### {90120000-001A-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Word MUI (English) 2007=MsiExec.exe /X{9 0120000-001B-0409-0000-0000000FF1CE} ### {90120000-001B-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Proof (English) 2007=MsiExec.exe /X{9012 0000-001F-0409-0000-0000000FF1CE} ### {90120000-001F-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Proof (French) 2007=MsiExec.exe /X{90120 000-001F-040C-0000-0000000FF1CE} ### {90120000-001F-040C-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Proof (Spanish) 2007=MsiExec.exe /X{9012 0000-001F-0C0A-0000-0000000FF1CE} ### {90120000-001F-0C0A-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Proofing (English) 2007=MsiExec.exe /X{9 0120000-002C-0409-0000-0000000FF1CE} ### {90120000-002C-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Enterprise 2007=MsiExec.exe /X{901200000030-0000-0000-0000000FF1CE} ### {90120000-0030-0000-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office InfoPath MUI (English) 2007=MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} ### {90120000-0044-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Shared MUI (English) 2007=MsiExec.exe /X {90120000-006E-0409-0000-0000000FF1CE} ### {90120000-006E-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office OneNote MUI (English) 2007=MsiExec.exe / X{90120000-00A1-0409-0000-0000000FF1CE} ### {90120000-00A1-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Groove MUI (English) 2007=MsiExec.exe /X {90120000-00BA-0409-0000-0000000FF1CE} ### {90120000-00BA-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat

ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Groove Setup Metadata MUI (English) 2007 =MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} ### {90120000-0114-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Shared Setup Metadata MUI (English) 2007 =MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} ### {90120000-0115-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Office Access Setup Metadata MUI (English) 2007 =MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} ### {90120000-0117-0409-0000-0000000FF1CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Linguistics CS4=MsiExec.exe /I{931AB7EA-3656-4BB7-8 64D-022B09E3DD67} ### {931AB7EA-3656-4BB7-864D-022B09E3DD67} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe CMaps CS4=MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-59 2635E8A191} ### {94D398EB-D2FD-4FD1-B8C4-592635E8A191} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Application Error Reporting ### {95120000-00B9-0409-0000-0000000FF1CE} [Applications] :HKLM Microsoft Sync Framework SDK v1.0 SP1=MsiExec.exe /I{97CE 8B73-AA5A-4987-A1BE-50DD1A187478} ### {97CE8B73-AA5A-4987-A1BE-50DD1A187478} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Autodesk DWF Viewer 7=MsiExec.exe /I{9A346205-EA92-4406-B 1AB-50379DA3F057} ### {9A346205-EA92-4406-B1AB-50379DA3F057} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft .NET Framework 3.0 Service Pack 2=MsiExec.exe / I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} ### {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Google Update Helper=MsiExec.exe /I{A92DAB39-4E2C-4304-9A B6-BC44E68B55E2} ### {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Crystal Reports for Visual Studio=MsiExec.exe /I{AC41D924 -8C68-4BD5-A7A1-0AE4176C31A6} ### {AC41D924-8C68-4BD5-A7A1-0AE4176C31A6} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Acrobat 9 Pro Extended - English, Francais, Deutsch ### {AC76BA86-1033-F400-7761-000000000004} [Applications] :HKLM Adobe Acrobat 9 Pro Extended - English, Francais, Deutsch =msiexec /I {AC76BA86-1033-F400-7761-000000000004} ### {AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-00000000000 4} Windows installer Microsoft Corporation Windows Installer - Unicode 4.5.6001.2 2159 [Applications] :HKLM Microsoft SQL Server Database Publishing Wizard 1.4=MsiEx ec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969} ### {ACE28263-76A4-4BF5-B6F4-8BD719595969} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM MSXML 6.0 Parser=MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-4 7014492A0FE} ### {AEB9948B-4FF2-47C9-990E-47014492A0FE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Connect=MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C61 8D}

### {B29AD377-CC12-490A-A480-1452337C618D} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Database Engine Services=MsiExe c.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} ### {B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Photoshop CS4=MsiExec.exe /I{B65BA85C-0A27-4BC0-A22 D-A66F0E5B9494} ### {B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 .4974=MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1} ### {B7E38540-E355-3503-AFD7-635B2F2F76E1} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server VSS Writer=MsiExec.exe /I{B857D868-F 8B0-43EE-BC2B-D9E5ED21F237} ### {B857D868-F8B0-43EE-BC2B-D9E5ED21F237} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Output Module=MsiExec.exe /I{BB4E33EC-8181-4685-96F 7-8554293DEC6A} ### {BB4E33EC-8181-4685-96F7-8554293DEC6A} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Flash Player 9 ActiveX=MsiExec.exe /X{BB65C393-C76E -4F06-9B0C-2124AA8AF97B} ### {BB65C393-C76E-4F06-9B0C-2124AA8AF97B} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual Studio 2010 Ultimate - ENU ### {BC0464FA-A0BA-3E38-85BF-DC5B3A401F48} [Applications] :HKLM Microsoft .NET Framework 2.0 Service Pack 2=MsiExec.exe / I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} ### {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Default Language CS4=MsiExec.exe /I{C52E3EC1-048C-4 5E1-8D53-10B0C6509683} ### {C52E3EC1-048C-45E1-8D53-10B0C6509683} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Browser=MsiExec.exe /X{C688457E -03FD-4941-923B-A27F4D42A7DD} ### {C688457E-03FD-4941-923B-A27F4D42A7DD} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Sync Framework Runtime v1.0 SP1 (x86)=MsiExec.e xe /I{C6DD625F-4B61-4561-8286-87CA0275CEA1} ### {C6DD625F-4B61-4561-8286-87CA0275CEA1} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Google Earth=MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA 037B01E} ### {C768790F-04FB-11E0-9B2C-001AA037B01E} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Sql Server Customer Experience Improvement Program=MsiExe c.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7} ### {C965F01C-76EA-4BD7-973E-46236AE312D7} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Bible Code Oracle=MsiExec.exe /I{CA982100-A1E7-4465-9C5841AFD864813F} ### {CA982100-A1E7-4465-9C58-41AFD864813F} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Photoshop Camera Raw=MsiExec.exe /I{CC75AB5C-2110-4A7F-AF 52-708680D22FE8} ### {CC75AB5C-2110-4A7F-AF52-708680D22FE8} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159

[Applications] :HKLM Skype Toolbars=MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6 FB52FBAD6} ### {CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft .NET Framework 3.5 SP1=MsiExec.exe /I{CE2CDD620124-36CA-84D3-9F4DCF5C5BD9} ### {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)=C: \WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /u ninstall /qb+ REBOOTPROMPT="" ### {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 Windows installer Microsoft Corporation Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft .NET Framework 4 Multi-Targeting Pack=MsiExec.e xe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} ### {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 Setup Support Files =MsiExec.ex e /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8} ### {D441BD04-E548-4F8E-97A4-1B66135BAAA8} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)=MsiExe c.exe /I{DC3D6AFB-78B4-489F-81D7-30B66E0C2417} ### {DC3D6AFB-78B4-489F-81D7-30B66E0C2417} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe Photoshop CS4=MsiExec.exe /I{E4848436-0345-47E2-B64 8-8B522FCDA623} ### {E4848436-0345-47E2-B648-8B522FCDA623} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft SQL Server 2008 R2 Data-Tier Application Projec t=MsiExec.exe /I{E5AE9031-79A5-4627-9641-BEFA82819B08} ### {E5AE9031-79A5-4627-9641-BEFA82819B08} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Skype 5.1=MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF346 7E8} ### {E633D396-5188-4E9D-8F6B-BFB8BF3467E8} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM {E9F81423-211E-46B6-9AE0-38568BC5CF6F} ### {E9F81423-211E-46B6-9AE0-38568BC5CF6F} [Applications] :HKLM TL-WN322G Wireless Utility=RunDll32 C:\PROGRA~1\COMMON~1\ INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\I nstallShield Installation Information\{ED6DB38D-67B5-440D-A009-5A9E206F91F2}\set up.exe" -l0x9 -removeonly ### {ED6DB38D-67B5-440D-A009-5A9E206F91F2} InstallShield (R) Ctor DLL Macrovis ion Corporation InstallShield 11.50 [Applications] :HKLM Adobe Search for Help=MsiExec.exe /I{F0E64E2E-3A60-40D8-A 55D-92F6831875DA} ### {F0E64E2E-3A60-40D8-A55D-92F6831875DA} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Realtek High Definition Audio Driver=RunDll32 C:\PROGRA~1 \COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Progr am Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108F E7DBC}\Setup.exe" -l0x9 -removeonly ### {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} InstallShield (R) Ctor DLL Macrovis ion Corporation InstallShield 11.50 [Applications] :HKLM Microsoft SQL Server 2008 Database Engine Shared=MsiExec. exe /I{F3494AB6-6900-41C6-AF57-823626827ED8} ### {F3494AB6-6900-41C6-AF57-823626827ED8} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe ExtendScript Toolkit CS4=MsiExec.exe /I{F8EF2B3F-C3

45-4F20-8FE4-791A20333CD5} ### {F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Adobe PDF Library Files CS4=MsiExec.exe /I{F93C84A6-0DC642AF-89FA-776F7C377353} ### {F93C84A6-0DC6-42AF-89FA-776F7C377353} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Sync Framework Services v1.0 SP1 (x86)=MsiExec. exe /I{F990B526-8F7C-46E0-B1F1-6C893A8B478F} ### {F990B526-8F7C-46E0-B1F1-6C893A8B478F} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Realtek AC'97 Audio=RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~ 1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallS hield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly ### {FB08F381-6533-4108-B7DD-039E11FBC27E} InstallShield (R) Ctor DLL Macrovis ion Corporation InstallShield 11.50 [Applications] :HKLM Adobe Fonts All=MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE 86D1032794} ### {FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Passware Kit Enterprise 9.7=MsiExec.exe /I{FEBED6FC-140F43F6-8CB5-D3C0EB0F3D66} ### {FEBED6FC-140F-43F6-8CB5-D3C0EB0F3D66} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [Applications] :HKLM Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 =MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} ### {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Windows installer Microsoft Corporat ion Windows Installer - Unicode 4.5.6001.22159 [MD5] [ -2][0 -1 ]BSF.EXE [F02A533F517EB38333CB12A9E8963773][1 136176 ]C:\DOCUMENTS AND SETTINGS\JOY\LOCAL SETTINGS\APPLICATION DATA\ GOOGLE\UPDATE\GOOGLEUPDATE.EXE [1264F787E46DC572FA274CA09B446E01][1 44344 ]C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [9BBA1351FCA721098980ECF4AAD72946][0 2254216 F3CEA300587EE83F374BED72A5F 4E0B1C9FB41AB ]C:\PROGRA~1\COMMON~1\SKYPE\SKYPE4~1.DLL [397FD142F3FC6ECCB19A40BF871D24B0][1 61664 ]C:\PROGRA~1\GREATIS\REGRUN~1\ONSECURE.EXE [A45F4416A75C6E40599C81D526257197][2 335943 ]C:\PROGRA~1\GREATIS\REGRUN~1\RRSHELL.DLL [C77E31736C6CFD3A4D54616C1F6E449D][0 1123608 86ABFDFF0B3A14A399F1A4FDCB7 6A482DCE5B14E ]C:\PROGRA~1\GREATIS\REGRUN~1\WATCHDOG.EXE [BD25E3537B54C1BFF40335992B3686FD][1 222512 ]C:\PROGRA~1\MICROS~2\OFFICE12\GR99D3~1.DLL [786DD1892B553EFE5A004AC39775C851][1 2210608 ]C:\PROGRA~1\MICROS~2\OFFICE12\GRA8E1~1.DLL [7FC19DA1DC70C78D2FBD7A1D10942051][1 40424 ]C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL [510325E830BC5F2A2D93A11924989DE0][1 693632 ]C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT ELEMENTS\CONTEXTMEN U.DLL [35FD33EAE23AF69715EE3231A9F15B82][1 37232 ]C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROBAT_SL.EXE [0FE0EDF01CEA3BEB2E65A904BB87525E][1 640376 ]C:\PROGRAM FILES\ADOBE\ACROBAT 9.0\ACROBAT\ACROTRAY.EXE [D5A42B444ED2A91579761F0A3CD3AAD8][0 203928 55AA800CD86D232950C064DD3AA 33EE60122AF10 ]C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\AXCMD.EXE

[B1691AF4A072CB674D600DB16DD7308E][2 275968 ]C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSER VICEAE.EXE [F2DCB030FBDD320F858871515C18C5D1][1 345480 ]C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEFAVC LIENT.DLL [E96C752BBA0E22330A43258FC800200E][1 75128 ]C:\PROGRAM FILES\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEHELP ERSHIM.DLL [E43A851F7B12DE589424D6C656155CFC][1 611712 ]C:\PROGRAM FILES\COMMON FILES\ADOBE\CS4SERVICEMANAGER\CS4SERVI CEMANAGER.EXE [B8917A25F748C07D5FE671671AC413D8][1 2915896 ]C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\DWF COMMON\DWFSH ELLEXTENSION.DLL [EA2D28BBE98256654397CD1F6EAEBDD8][1 85096 ]C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\SERVICE\ADSKSCSR V.EXE [93DB1FF92B03D24738A71E6E4992DFD3][1 248552 ]C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE [1F63900E2EB00101B9ACA2B7A870704E][1 655624 ]C:\PROGRAM FILES\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLI SHER\FNPLICENSINGSERVICE.EXE [9E7370CC3D6A43942433F85D0E2BBDD8][1 873216 ]C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\HELP\HXDS.DLL [84DE1DD996B48B05ACE31AD015FA108A][1 441136 ]C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12\ODSERV .EXE [5A432A042DAE460ABE7199B758E8606C][1 145184 ]C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\O SE.EXE [0200C694B3922B95A008DD29F7AACDB4][0 3913000 353D89E9D10A292AF3843EE9C7C A70E35008528B ]C:\PROGRAM FILES\CONDUITENGINE\CONDUITENGINE.DLL [F02A533F517EB38333CB12A9E8963773][1 136176 ]C:\PROGRAM FILES\GOOGLE\UPDATE\GOOGLEUPDATE.EXE [A40F16F003FEDFCD59D58A519A57D831][0 65304 A44ACDD6CC813794568A25C7E05 668924F44F8CB ]C:\PROGRAM FILES\GREATIS\REGRUNSUITE\BOOTLOGSERVICE.EXE [40BEE47719428CB4AEDAA6A0F3A590FE][0 669464 1F4ED130505C8E75A8F418E8CA6 6D9D3C939E601 ]C:\PROGRAM FILES\GREATIS\REGRUNSUITE\LSOON.EXE [B1B58AF8304F773CAFED45F9822C8D32][0 2799024 F58684ECF231C71EBE7FCC49B37 194470E6C7EED ]C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE [B48CF0847A4C173C642A0FE7378702CF][1 169392 ]C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMIECC.DLL [55794B97A7FAABD2910873C85274F409][1 93184 ]C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [3F59EDE1444C14CFBAA15C7EBBFE6196][0 41760 EDEA89EFBE37ABBF319671B312C 358C1526CD4AA ]C:\PROGRAM FILES\JAVA\JRE6\BIN\JP2SSV.DLL [9AE07549A0D691A103FAF8946554BDB7][0 153376 BB8AD573471F6F42021D5CE3A24 AED7BA2C813C1 ]C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE [BEE32BCE0D0A5BF5692D9020BD0C0636][0 79648 BA931230B2BCB32D72176D32175 3BFD298835B8B ]C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\IE\JQS_PLUGIN.DLL [3E930C641079443D4DE036167A69CAA2][6 1695232 ]C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE [FAFE367D032ED82E9332B4C741A20216][1 65824 ]C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEAUDITSERVICE. EXE [38D198A2DD54A67120040566A38103BA][1 31016 ]C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE [D91AFB6D2A0DA7539B74FB5838775D94][1 98632 ]C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE

[F1761C8FB2B25A32C6D63E36BB88C3AE][1 47128 ]C:\PROGRAM FILES\MICROSOFT SQL SERVER\100\SHARED\SQLADHLP.EXE [B54B48F6D92423440C264E91225C5FF1][1 254808 ]C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLBROWSER.EXE [637A0F23F9012358E92E6F99835494D1][1 98840 ]C:\PROGRAM FILES\MICROSOFT SQL SERVER\90\SHARED\SQLWRITER.EXE [A687B5B326AFCFCF182C4931D1FF9771][1 366936 ]C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.SQLEXPRESS\MSSQL \BINN\SQLAGENT.EXE [B05640AC812FCCB488328DF34E7F663A][1 43010392 ]C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL10.SQLEXPRESS\MSSQL \BINN\SQLSERVR.EXE [2309E09B6B5668E9219C85E33B970FB7][1 61360 ]C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\PRIV ATEASSEMBLIES\MICROSOFT.VISUALSTUDIO.QUALITYTOOLS.RECORDERBARBHO100.DLL [5A2DDC5411A092BEDB1A07755E087784][2 48128 ]C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO 10.0\TEAM TOOLS\PERFO RMANCE TOOLS\VSPERFDRV100.SYS [0AEE5668EB59912F32FF245BFA72465F][0 421888 3DA25DE7C019095B69CBF83CBCF F9841BB36FEEA ]C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [61CFEDAF9C527A1463F34F71240F9BB5][0 15026056 0EAEED3F20AEBF07C564AA76302 38F702518D444 ]C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE [590C4454A1D36F76DA1F636FAD139771][0 1242504 A21C114FDE6ADCF3E1C8839CE0C 125B1B585794C ]C:\PROGRAM FILES\SKYPE\TOOLBARS\INTERNET EXPLORER\SKYPEIEPLUGI N.DLL [0200C694B3922B95A008DD29F7AACDB4][0 3913000 353D89E9D10A292AF3843EE9C7C A70E35008528B ]C:\PROGRAM FILES\SOFTONIC-ENG7\TBSOFT.DLL [360E83E16A06730042E1CDF8BC113CB6][0 594200 A7F22C8DB57EE11B6AFF9E51CCE 55175A930D885 ]C:\PROGRAM FILES\UNHACKME\HACKMON.EXE [F4BF3B83F909440724A358665867D6C8][1 214528 ]C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD.EXE [30A23A61E651C7487407CF74176C6AB1][2 141824 ]C:\PROGRAM FILES\WINRAR\RAREXT.DLL [8B4CBBA1EA526830C7F97E7822E2493A][1 69632 ]C:\WINDOWS\ALCMTR.EXE [12896823FB95BFB3DC9B46BCAEDC9923][1 1033728 ]C:\WINDOWS\EXPLORER.EXE [D87ACAED61E417BBA546CED5E7E36D9C][1 69632 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE [C01AC32DC5C03076CFB852CB5DA5229C][1 881664 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\INFOCARD.EXE [8BA7C024070F2B7FDD98ED8A4BA41789][1 46104 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\PRESENTATIONFONTCA CHE.EXE [776ACEFA0CA9DF0FAA51A5FB2F435705][1 35160 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE.EXE [C5A75EB48E2344ABDC162BDA79E16841][1 130384 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MSCORSVW.EXE [D22CD77D4F0D63D1169BB35911BFF12D][1 124240 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\SMSVCHOST.EXE [DCF3E3EDF5109EE8BC02FE6E1F045795][1 753504 ]C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WPF\WPFFONTCACHE _V0400.EXE [AAC1D4EE39DF138C5D30AC5883E3B59F][6 558080 ]C:\WINDOWS\NETWORK DIAGNOSTIC\XPNETDIAG.EXE [B32A4DB8FA8BA07AFB1E86F8C9FB852E][1 769024 ]C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE [A81135541C9D4EBCE43EFA8AD31395B4][1 169984 ]C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\MSCONFIG.EXE

[4FCCA060DFE0C51A09DD5C3843888BCD][6 38400 ]C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL [058710B720282CA82B909912D3EF28DB][1 146432 ]C:\WINDOWS\REGEDIT.EXE [321CD85C4B67CA5AC01546EC336FB61B][1 16380416 ]C:\WINDOWS\RTHDCPL.EXE [D373E15EB5E2E463EF01CF7BD8D7A1DF][1 1826816 ]C:\WINDOWS\SKYTEL.EXE [13FA039C5E464F3BF0C6D01E00581CAA][2 151552 ]C:\WINDOWS\SYSTEM32\AC3ACM.ACM [F93A57B044D0C4DB7C778151922265A6][2 497664 ]C:\WINDOWS\SYSTEM32\AC3FILTER.ACM [B412D322235CA1D4AF85F2BB850C3FF5][1 111992 ]C:\WINDOWS\SYSTEM32\ACAPTUSER32.DLL [F28ADCF2E9B3574F25089A69B03DC756][1 44648 ]C:\WINDOWS\SYSTEM32\ACSIGNICON.DLL [D65DB1C24E27ACD169971552C6FC9E2F][1 45392 ]C:\WINDOWS\SYSTEM32\ADOBEPDF.DLL [BAB489A5FE26F2D0C910CF7AF7E4CF92][1 617472 ]C:\WINDOWS\SYSTEM32\ADVAPI32.DLL [8C515081584A38AA007909CD02020B3D][6 44544 ]C:\WINDOWS\SYSTEM32\ALG.EXE [A9A3DAA780CA6C9671A19D52456705B4][6 17408 ]C:\WINDOWS\SYSTEM32\ALRSVC.DLL [D8849F77C0B66226335A59D26CB4EDC6][6 167936 ]C:\WINDOWS\SYSTEM32\APPMGMTS.DLL [DEF7A7882BEC100FE0B2CE2549188F9D][6 42496 ]C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL [A06CE3399D16DB864F55FAEB1F1927A9][6 77824 ]C:\WINDOWS\SYSTEM32\BROWSER.DLL [E392E172687BE172F8600C5F41AB03D9][1 1025024 ]C:\WINDOWS\SYSTEM32\BROWSEUI.DLL [E4934F6A86223C2E5855B0E0258A4DA0][0 81920 983B7576128210B9C865F323BCF 59BE8906B84C8 ]C:\WINDOWS\SYSTEM32\BSF.EXE [1CFE720EB8D93A7158A4EBC3AB178BDE][6 5632 ]C:\WINDOWS\SYSTEM32\CISVC.EXE [34CBE729F38138217F9C80212A2A0C82][1 33280 ]C:\WINDOWS\SYSTEM32\CLIPSRV.EXE [5D3D1AB0EF4EA55B731863050482C111][6 47104 ]C:\WINDOWS\SYSTEM32\CNBJMON.DLL [BDAAF79DD63F194434D31A74B9BB8B77][6 599040 ]C:\WINDOWS\SYSTEM32\CRYPT32.DLL [C14350FC0D47D806699C4F907FC6785B][6 64512 ]C:\WINDOWS\SYSTEM32\CRYPTNET.DLL [3D4E199942E29207970E04315D02AD3B][6 62464 ]C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL [515A7FAE2070C2B0242B2353443E2F11][1 101888 ]C:\WINDOWS\SYSTEM32\CSCDLL.DLL [085ED2E391A871C7BAE87E0228B546BA][1 326656 ]C:\WINDOWS\SYSTEM32\CSCUI.DLL [5F1D5F88303D4A4DBC8E5F97BA967CC3][1 15360 ]C:\WINDOWS\SYSTEM32\CTFMON.EXE [A340CD71EB535A3DD751B5F28723E50C][6 279552 ]C:\WINDOWS\SYSTEM32\DDRAW.DLL [5E38D7684A49CACFB752B046357E0589][6 126976 ]C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL [E2092F0A1D7ABC243F9C2362483D150D][6 19456 ]C:\WINDOWS\SYSTEM32\DIMSNTFY.DLL [0A9BA6AF531AFE7FA5E4FB973852D863][6 5120 ]C:\WINDOWS\SYSTEM32\DLLHOST.EXE

[E46050330BD42F33609117F861E32D3C][6 224768 ]C:\WINDOWS\SYSTEM32\DMADMIN.EXE [57EDEC2E5F59F0335E92F35184BC8631][6 23552 ]C:\WINDOWS\SYSTEM32\DMSERVER.DLL [474B4DC3983173E4B4C9740B0DAC98A6][6 45568 ]C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL [0F0F6E687E5E15579EF4DA8DD6945814][6 132096 ]C:\WINDOWS\SYSTEM32\DOT3SVC.DLL [8FD99680A539792A30E97944FDAECF17][6 187776 ]C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS [9859C0F6936E723E4892D7141B1327D5][6 11648 ]C:\WINDOWS\SYSTEM32\DRIVERS\ACPIEC.SYS [8BED39E3C35D6A489438B8141717A557][6 142592 ]C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS [322D0E36693D6E24A2398BEE62A268CD][6 138112 ]C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS [D9026163ED32A13923A2C909897A6B87][2 4030144 ]C:\WINDOWS\SYSTEM32\DRIVERS\alcxwdm.sys [D7701D7E72243286CC88C9973D891057][6 37376 ]C:\WINDOWS\SYSTEM32\DRIVERS\amdk6.sys [8FCE268CDBDD83B23419D1F35F42C7B1][6 37760 ]C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys [B5B8A80875C1DEDEDA8B02765642C32F][6 60800 ]C:\WINDOWS\SYSTEM32\DRIVERS\arp1394.sys [B153AFFAC761E7F5FCFA822B9C4E97BC][6 14336 ]C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS [9F3A2F5AA6875C72BF062C712CFA2674][6 96512 ]C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS [9916C1225104BA14794209CFA8012159][6 59904 ]C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS [39A0A59180F19946374275745B21AEBA][6 31360 ]C:\WINDOWS\SYSTEM32\DRIVERS\atmepvc.sys [AE76348A2605FB197FA8FF1D6F547836][6 55808 ]C:\WINDOWS\SYSTEM32\DRIVERS\atmlane.sys [E7EF69B38D17BA01F914AE8F66216A38][6 352256 ]C:\WINDOWS\SYSTEM32\DRIVERS\atmuni.sys [D9F724AA26C010A217C97606B160ED68][6 3072 ]C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS [DA1F27D85E0D1525F6621372E7B685E9][6 4224 ]C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS [EE0F41FA0466189A2C8B9CAF7D1CDDD5][2 20608 ]C:\WINDOWS\SYSTEM32\DRIVERS\BRGSp50.sys [7F4288419E9ABACF86DDBD0FD95DCC22][2 29184 ]C:\WINDOWS\SYSTEM32\DRIVERS\BRGSp50a64.sys [F934D1B230F84E1D19DD00AC5A7A83ED][6 71552 ]C:\WINDOWS\SYSTEM32\DRIVERS\bridge.sys [90A673FC8E12A79AFBED2576F6A7AAF9][6 13952 ]C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS [C1B486A7658353D33A10CC15211A873B][6 18688 ]C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS [C885B02847F5D2FD45A24E219ED93B32][6 63744 ]C:\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS [1F4260CC5B42272D71F79E570A27A4FE][6 62976 ]C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS [B562592B7F5759C99E179CA467ECFB4C][6 262528 ]C:\WINDOWS\SYSTEM32\DRIVERS\cinemst2.sys [FE47DD8FE6D7768FF94EBEC6C74B2719][6 49536 ]C:\WINDOWS\SYSTEM32\DRIVERS\classpnp.sys [9624293E55AD405415862B504CA95B73][6 11776 ]C:\WINDOWS\SYSTEM32\DRIVERS\cpqdap01.sys

[F50D9BDBB25CCE075E514DC07472A22F][6 36736 ]C:\WINDOWS\SYSTEM32\DRIVERS\crusoe.sys [044452051F3E02E7963599FC8F4F3E25][6 36352 ]C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS [E65E2353A5D74EA89971CB918EEEB2F6][6 14208 ]C:\WINDOWS\SYSTEM32\DRIVERS\diskdump.sys [D992FE1274BDE0F84AD826ACAE022A41][6 799744 ]C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS [7C824CF7BBDE77D95C08005717A95F6F][6 153344 ]C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS [E9317282A63CA4D188C0DF5E09C6AC5F][6 5888 ]C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS [8A208DFCF89792A484E76C40E5F50B45][6 52864 ]C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS [6CB08593487F5701D2D2254E693EAFCE][6 60160 ]C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys [8F5FCFF8E8848AFAC920905FBD9D33C8][6 2944 ]C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS [FE97D0343ACFDEBDD578FC67CC91FA87][6 10496 ]C:\WINDOWS\SYSTEM32\DRIVERS\dxapi.sys [AC7280566A7BB85CB3291F04DDC1198E][6 71168 ]C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys [A73F5D6705B1D820C19B18782E176EFD][6 3328 ]C:\WINDOWS\SYSTEM32\DRIVERS\dxgthk.sys [38D332A6D56AF32635675F132548343E][6 143744 ]C:\WINDOWS\SYSTEM32\DRIVERS\FASTFAT.SYS [92CDD60B6730B9F50F6A1A0C1F8CDC81][6 27392 ]C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS [D45926117EB9FA946A6AF572FBE1CAA3][6 44544 ]C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS [9D27E7B80BFCDF1CDD9B555862D5E7F0][6 20480 ]C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS [B2CF4B0786F8212CB92ED2B50C6DB6B0][6 129792 ]C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS [3E1E2BD4F39B0E2B7DC4F4D2BCC2779A][6 7936 ]C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS [455F778EE14368468560BD7CB8C854D0][6 12160 ]C:\WINDOWS\SYSTEM32\DRIVERS\fsvga.sys [6AC26732762483366C3969C9E4D2259D][6 125056 ]C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS [573C7D0A32852B48F3058CFD8026F511][6 144384 ]C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS [1AF592532532A402ED7C060F6954004F][1 36864 ]C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys [96ECCF28FDBF1B2CC12725818A63628D][1 24960 ]C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys [CCF82C5EC8A7326C3066DE870C06DAF1][1 10368 ]C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS [F6AACF5BCE2893E0C1754AFEB672E5C9][6 264832 ]C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS [4A0B06AA8943C1E332520F7440C0AA30][6 52480 ]C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS [48846B31BE5A4FA662CCFDE7A1BA86B9][1 5854752 ]C:\WINDOWS\SYSTEM32\DRIVERS\IGXPMP32.SYS [083A052659F5310DD8B6A6CB05EDCF8E][6 42112 ]C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS [8C953733D8F36EB2133F5BB58808B66B][6 36352 ]C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS [3BB22519A194418D5FEC05D800A19AD0][6 36608 ]C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS

[731F22BA402EE4B62748ADAF6363C182][6 32896 ]C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS [B87AB476DCF76E72010632B5550955F5][6 20864 ]C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS [CC748EA12C6EFFDE940EE98098BF96BB][6 152832 ]C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS [23C74D75E36E7158768DD63D92789A91][6 75264 ]C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS [C93C9FF7B04D772627A3646D89F7BF89][6 11264 ]C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS [05A299EC56E52649B1CF2FC52D20F2D7][6 37248 ]C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS [463C1EC80CD17420A542B7F36A36F128][6 24576 ]C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS [692BCF44383D056AED41B045A323D378][6 172416 ]C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS [9B82AC6F7B178628B46FCBB89F09AA87][2 8576 ]C:\WINDOWS\SYSTEM32\DRIVERS\KPROCWATCH.SYS [0753515F78DF7F271A5E61C20BCD36A1][6 141056 ]C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys [1705745D900DABF2D89F90EBADDC7517][6 92288 ]C:\WINDOWS\SYSTEM32\DRIVERS\KSECDD.SYS [D1F8BE91ED4DDB671D42E473E3FE71AB][6 7680 ]C:\WINDOWS\SYSTEM32\DRIVERS\mcd.sys [A7DA20AB18A1BDAE28B0F349E57DA0D1][6 63744 ]C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys [4AE068242760A1FB6E1A44BF4E16AFA6][6 4224 ]C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS [DFCBAD3CEC1C5F964962AE10E0BCC8E1][6 30080 ]C:\WINDOWS\SYSTEM32\DRIVERS\MODEM.SYS [35C9E97194C8CFB8430125F8DBC34D04][6 23040 ]C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS [B1C303E17FB9D46E87A98E4BA6769685][1 12160 ]C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS [A80B9A0BAD1B73637DBCBBA7DF72D3FD][6 42368 ]C:\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGR.SYS [70C14F5CCA5CF73F8A645C73A01D8726][6 92544 ]C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys [11D42BB6206F33FBB3BA0288D3EF81BD][6 180608 ]C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS [68755F0FF16070178B54674FE5B847B0][6 456576 ]C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS [C941EA2454BA8350021D774DAF0F1027][6 19072 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS [0A02C63C8B144BD8C86B103DEE7C86A2][6 35072 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS [D1575E71568F4D9E14CA56B7B0453BF1][6 7552 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS [325BB26842FC7CCC1FCCE2C457317F3E][6 5376 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS [BAD59648BA099DA4A17680B39730CB3D][6 4992 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS [AF5F4F3F14A8EA2C26DE30F7A1E17136][6 15488 ]C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS [2F625D11385B1A94360BFC70AAEFDEE1][6 105344 ]C:\WINDOWS\SYSTEM32\DRIVERS\MUP.SYS [1DF7F42665C94B825322FAE71721130D][6 182656 ]C:\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS [1AB3D00C991AB086E69DB84B6C0ED78F][6 10112 ]C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS

[F927A4434C5028758A842943EF1A3849][6 14592 ]C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS [EDC1531A49C80614B2CFDA43CA8659AB][6 91520 ]C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS [6215023940CFD3702B46ABC304E1D45A][6 40576 ]C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys [5D81CF9A2F1A3A756B66CF684911CDF0][6 34688 ]C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS [74B2B2F5BEA5E9A3DC021D685551BD3D][6 162816 ]C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS [E9E47CFB2D461FA0FC75B7A74C6383EA][6 61824 ]C:\WINDOWS\SYSTEM32\DRIVERS\nic1394.sys [BE984D604D91C217355CDD3737AAD25D][6 12032 ]C:\WINDOWS\SYSTEM32\DRIVERS\nikedrv.sys [1E421A6BCF2203CC61B821ADA9DE878B][6 40320 ]C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys [3182D64AE053D6FB034F44B6DEF8034A][6 30848 ]C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS [78A08DD6A8D65E697C18E1DB01C5CDCA][6 574976 ]C:\WINDOWS\SYSTEM32\DRIVERS\NTFS.SYS [73C1E1F395918BC2C6DD67AF7591A3AD][6 2944 ]C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS [B305F3FAD35083837EF46A0BBCE2FC57][6 12416 ]C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS [C99B3415198D1AAB7227F2C88FD664B9][6 32512 ]C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS [8B8B1BE2DBA4025DA6786C645F77F123][6 88320 ]C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys [56D34A67C05E94E16377C60609741FF8][6 63232 ]C:\WINDOWS\SYSTEM32\DRIVERS\nwlnknb.sys [C0BB7D1615E1ACBDC99757F6CEAF8CF0][6 55936 ]C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkspx.sys [36B9B950E3D2E100970A48D8BAD86740][6 163584 ]C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys [4BB30DDC53EBC76895E38694580CDFE9][6 3456 ]C:\WINDOWS\SYSTEM32\DRIVERS\oprghdlr.sys [C90018BAFDC7098619A4A95B046B30F3][6 42752 ]C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys [5575FAF8F97CE5E713D108C2A58D7C7C][6 80128 ]C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS [6DDCF3F801EC15FE698F6A215CF30A1F][1 35816 ]C:\WINDOWS\SYSTEM32\DRIVERS\PARTIZAN.SYS [BEB3BA25197665D82EC7065B724171C6][6 19712 ]C:\WINDOWS\SYSTEM32\DRIVERS\PARTMGR.SYS [70E98B3FD8E963A6A46A2E6247E0BEA1][6 6784 ]C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS [A219903CCF74233761D92BEF471A07B1][6 68224 ]C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS [CCF5F451BB1A5A2A522A76E670000FF0][1 3328 ]C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS [52E60F29221D0D1AC16737E8DBF7C3E9][6 24960 ]C:\WINDOWS\SYSTEM32\DRIVERS\pciidex.sys [9E89EF60E9EE05E3F2EEF2DA7397F1C1][6 120192 ]C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS [E82A496C3961EFC6828B508C310CE98F][6 146048 ]C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys [A32BEBAF723557681BFC6BD93E98BD26][6 35840 ]C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys [09298EC810B07E5D582CB3A3F9255424][6 69120 ]C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS

[80D317BD1C3DBC5D4FE7B1678C60CADD][6 17792 ]C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS [FE0D99D6F31E4FAD8159F690D68DED9C][6 8832 ]C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS [11B4A627BC9614B885C4969BFA5FF8A6][6 51328 ]C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS [5BC962F2654137C9909C3D4603587DEE][6 41472 ]C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS [EFEEC01B1D3CF84F16DDD24D9D9D8F99][6 48384 ]C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS [FDBB1D60066FCFBB7452FD8F9829B242][6 16512 ]C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS [01524CD237223B18ADBB48F70083F101][6 34432 ]C:\WINDOWS\SYSTEM32\DRIVERS\rawwan.sys [7AD224AD1A1437FE28D89CF22B17780A][6 175744 ]C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS [4912D5B403614CE99C28420F75353332][6 4224 ]C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS [15CABD0F7C00C47C70124907916AF3F1][6 196224 ]C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS [6728E45B66F93C08F11DE2E316FC70DD][6 139656 ]C:\WINDOWS\SYSTEM32\DRIVERS\RDPWD.SYS [F828DD7E1419B6653894A8F97A0094C5][6 57600 ]C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS [2C4FB2E9F039287767C384E46EE91030][1 27136 ]C:\WINDOWS\SYSTEM32\DRIVERS\RIMSERIAL.SYS [92D33F76769A028DDC54A863EB7DE4A2][0 75776 5C4B4F3E619DE8EBB1CE21C5135 B0295E5625F25 ]C:\WINDOWS\SYSTEM32\DRIVERS\RIMUSB.SYS [A56FE08EC7473E8580A390BB1081CDD7][6 12032 ]C:\WINDOWS\SYSTEM32\DRIVERS\rio8drv.sys [0A854DF84C77A0BE205BFEAB2AE4F0EC][6 12032 ]C:\WINDOWS\SYSTEM32\DRIVERS\riodrv.sys [ECFF394D65671EFDE5A872EB9EF4F2D5][6 202624 ]C:\WINDOWS\SYSTEM32\DRIVERS\RMCast.sys [601844CBCF617FF8C868130CA5B2039D][6 30592 ]C:\WINDOWS\SYSTEM32\DRIVERS\rndismp.sys [D8B0B4ADE32574B2D9C5CC34DC0DBBE7][6 5888 ]C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS [42BAC9C14D310190D3B7DECAB9BBCD11][1 232168 ]C:\WINDOWS\SYSTEM32\DRIVERS\RsFx0100.sys [6C5393956FC1DC0C7EF94684D02FBF03][1 235864 ]C:\WINDOWS\SYSTEM32\DRIVERS\RsFx0101.sys [BAAAE86BB4DDC7F71B0C6769BB488C5C][1 239464 ]C:\WINDOWS\SYSTEM32\DRIVERS\RsFx0102.sys [FD692C6FFADE58F7C4C3C3C9A0EC35BD][1 239336 ]C:\WINDOWS\SYSTEM32\DRIVERS\RSFX0103.SYS [C4006AF18682FCA0D8A011A0A21070F8][1 4547584 ]C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS [76C465F570E90C28942D52CCB2580A10][6 96384 ]C:\WINDOWS\SYSTEM32\DRIVERS\scsiport.sys [8D04819A3CE51B9EB47E5689B44D43C4][6 79232 ]C:\WINDOWS\SYSTEM32\DRIVERS\sdbus.sys [90A3935D05B494A5A39D37E71F09A677][6 20480 ]C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS [0F29512CCD6BEAD730039FB4BD2C85CE][6 15744 ]C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS [CCA207A8896D4C6A0C9CE29A4AE411A7][6 64512 ]C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS [0FA803C64DF0914B41F807EA276BF2A6][6 11904 ]C:\WINDOWS\SYSTEM32\DRIVERS\sffdisk.sys

[D66D22D76878BF3483A6BE30183FB648][6 10240 ]C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys [C17C331E435ED8737525C86A7557B3AC][6 11008 ]C:\WINDOWS\SYSTEM32\DRIVERS\sffp_sd.sys [8E6B8C671615D126FDC553D1E2DE5562][6 11392 ]C:\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS [017DAECF0ED3AA731313433601EC40FA][6 14592 ]C:\WINDOWS\SYSTEM32\DRIVERS\smclib.sys [489703624DAC94ED943C2ABDA022A1CD][6 25344 ]C:\WINDOWS\SYSTEM32\DRIVERS\sonydcam.sys [AB8B92451ECB048A4D1DE7C3FFCB4A9F][6 6272 ]C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS [71E276F6D189413266EA22171806597B][1 717296 ]C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS [76BB022C2FB6902FD5BDD4F78FC13A5D][6 73472 ]C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS [5252605079810904E31C332E241CD59B][6 334848 ]C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS [3E5D89099DED9E86E5639F411693218F][6 49408 ]C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys [3941D127AEF12E93ADDF6FE6EE027E0F][6 4352 ]C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS [8CE882BCC6CF8A62F2B2323D95CB3D01][6 56576 ]C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS [8B83F3ED0F1688B4958F77CD6D2BF290][6 60800 ]C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS [FD6093E3DECD925F1CFFC8A0DD539D72][6 14976 ]C:\WINDOWS\SYSTEM32\DRIVERS\tape.sys [93EA8D04EC73A85DB02EB8805988F733][6 361344 ]C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS [AA7A55536096D646DC7AB0AC5641E9E8][6 225664 ]C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys [0539D5E53587F82D1B4FD74C5BE205CF][6 19072 ]C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys [6471A66807F5E104E4885F5B67349397][6 12040 ]C:\WINDOWS\SYSTEM32\DRIVERS\TDPIPE.SYS [C56B6D0402371CF3700EB322EF3AAF61][6 21896 ]C:\WINDOWS\SYSTEM32\DRIVERS\TDTCP.SYS [88155247177638048422893737429D9E][6 40840 ]C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS [699450901C5CCFD82357CBC531CEDD23][6 51712 ]C:\WINDOWS\SYSTEM32\DRIVERS\tosdvd.sys [D74A8EC75305F1D3CFDE7C7FC1BD62A9][6 21376 ]C:\WINDOWS\SYSTEM32\DRIVERS\tsbvcap.sys [8F861EDA21C05857EB8197300A92501C][6 12288 ]C:\WINDOWS\SYSTEM32\DRIVERS\tunmp.sys [5787B80C2E3C5E2F56C2A233D91FA2C9][6 66048 ]C:\WINDOWS\SYSTEM32\DRIVERS\UDFS.SYS [9EC06B9D9F578C8962911C7C95246788][0 12808 53DE94EFD1727BCF8E3F177C858 2FB170B9D9C7C ]C:\WINDOWS\SYSTEM32\DRIVERS\UnHackMeDrv.sys [402DDC88356B1BAC0EE3DD1580C76A31][6 384768 ]C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS [BEE793D4A059CAEA55D6AC20E19B3A8F][6 12800 ]C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys [1C1A47B40C23358245AA8D0443B6935E][6 25600 ]C:\WINDOWS\SYSTEM32\DRIVERS\usbcamd.sys [CE97845D2E3F0D274B8BAC1ED07C6149][6 25728 ]C:\WINDOWS\SYSTEM32\DRIVERS\usbcamd2.sys [173F317CE0DB8E21322E71B7E60A27E8][1 32128 ]C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS

[596EB39B50D6EBD9B734DC4AE0544693][1 4736 ]C:\WINDOWS\SYSTEM32\DRIVERS\usbd.sys [65DCF09D0E37D4C6B11B5B0B76D470A7][1 30208 ]C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS [1AB3CDDE553B6E064D2E754EFE20285C][1 59520 ]C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS [290913DC4F1125E5A82DE52579A44C43][6 15872 ]C:\WINDOWS\SYSTEM32\DRIVERS\usbintel.sys [791912E524CC2CC6F50B5F2B52D1EB71][1 143872 ]C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys [A32426D9B14A089EAA1D922E0C5801A9][1 26368 ]C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS [26496F9DEE2D787FC3E61AD54821FFE6][1 20608 ]C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS [55E01061C74A8CEFFF58DC36114A8D3F][6 58112 ]C:\WINDOWS\SYSTEM32\DRIVERS\vdmindvd.sys [0D3A8FAFCEACD8B7625CD549757A7DF1][6 20992 ]C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS [E28726B72C46821A28830E077D39A55B][6 81664 ]C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys [4C8FCB5CC53AAB716D810740FE59D025][6 52352 ]C:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS [E20B95BAEDB550F32DD489265C1DA1F6][6 34560 ]C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS [D918617B46457B9AC28027722E30F647][1 444136 ]C:\WINDOWS\SYSTEM32\DRIVERS\WDF01000.SYS [399C974DDA25FD3E59F22BAB787F662B][1 37608 ]C:\WINDOWS\SYSTEM32\DRIVERS\wdfldr.sys [6768ACF64B18196494413695F0C3A00F][6 83072 ]C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS [2F31B7F954BED437F2C75026C65CAF7B][6 4352 ]C:\WINDOWS\SYSTEM32\DRIVERS\wmilib.sys [6ABE6E225ADB5A751622A9CC3BC19CE8][6 12032 ]C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS [D125E1445BB9DC951C250D4192E70841][2 500736 ]C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.SYS [00AE175B903D45ED4A62384D3315DC2A][2 17664 ]C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSP50.SYS [E11183B2F02AE38915982D10D717C6C6][5 31744 ]C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50a64.sys [4D83ED8BDDEC431FC8AD907B47CFB6E3][6 367616 ]C:\WINDOWS\SYSTEM32\DSOUND.DLL [2187855A7703ADEF0CEF9EE4285182CC][6 33792 ]C:\WINDOWS\SYSTEM32\EAPSVC.DLL [BC93B4A066477954555966D77FEC9ECB][6 23040 ]C:\WINDOWS\SYSTEM32\ERSVC.DLL [19A799805B24990867B00C120D300C3A][6 246272 ]C:\WINDOWS\SYSTEM32\ES.DLL [DB0789002F156AF17902020567CE5686][0 108032 A1FD5F90036EBFD9D2B31C41A93 5145A2300724A ]C:\WINDOWS\SYSTEM32\FF_VFW.DLL [4C53C44E7C20E65445037954DC3A6BA4][1 166424 ]C:\WINDOWS\SYSTEM32\HKCMD.EXE [877C90686858D899B042BBA45E9B7F2C][1 199680 ]C:\WINDOWS\SYSTEM32\IAC25_32.AX [7E86D471EF8DED7B9D15106002120271][6 80384 ]C:\WINDOWS\SYSTEM32\ICCVID.DLL [1180852DBFADAFC375DBBA1F6B23EEE7][1 208896 ]C:\WINDOWS\SYSTEM32\IGFXDEV.DLL [D8F3B455D3FA4B40C9BF544F55647C19][1 137752 ]C:\WINDOWS\SYSTEM32\IGFXPERS.EXE

[9F6B6D0BE4F77F8693E9FD15D81C8A01][1 141848 ]C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE [577E496F0D41411BF149394D80959D53][1 16384 ]C:\WINDOWS\SYSTEM32\IMAADP32.ACM [30DEAF54A9755BB8546168CFE8A6B5E1][6 150528 ]C:\WINDOWS\SYSTEM32\IMAPI.EXE [9DD302F647227DE5133E2B5E09A5E63F][6 691712 ]C:\WINDOWS\SYSTEM32\INETCOMM.DLL [83F41D0D89645D7235C051AB1D9523AC][6 331264 ]C:\WINDOWS\SYSTEM32\IPNATHLP.DLL [43ECA1576906BA76FB3E329A338A3CAE][6 199168 ]C:\WINDOWS\SYSTEM32\IR32_32.DLL [948E1498C6438625247F94534AAA82FE][1 848384 ]C:\WINDOWS\SYSTEM32\IR41_32.AX [5F10DC19D92CCF6B719B494572F4F74B][6 755200 ]C:\WINDOWS\SYSTEM32\IR50_32.DLL [0EC5ECE8762728ED734258B22D348A32][6 138240 ]C:\WINDOWS\SYSTEM32\ITSS.DLL [F201B7FE27967BC6EC3FA37619646439][6 47616 ]C:\WINDOWS\SYSTEM32\IYUV_32.DLL [B17DEFD576AE373E7A1A2C75665E4549][6 299520 ]C:\WINDOWS\SYSTEM32\KERBEROS.DLL [8878BD685E490239777BFE51320B88E9][6 61440 ]C:\WINDOWS\SYSTEM32\KMSVC.DLL [452705AC9E4C0DDE91A61F0E02292423][1 290816 ]C:\WINDOWS\SYSTEM32\L3CODECA.ACM [22722B4E887BB95AB071542DE5A42C80][2 839680 ]C:\WINDOWS\SYSTEM32\LAMEACM.ACM [A7DB739AE99A796D91580147E919CC59][6 13824 ]C:\WINDOWS\SYSTEM32\LMHSVC.DLL [D8AD3D7F927C686B8C233221513DA628][6 343040 ]C:\WINDOWS\SYSTEM32\LOCALSPL.DLL [AAED593F84AFA419BBAE8572AF87CF6A][6 75264 ]C:\WINDOWS\SYSTEM32\LOCATOR.EXE [9FAD7DFF67555FF1E06BC4A3893024A7][1 220672 ]C:\WINDOWS\SYSTEM32\LOGON.SCR [2081A5B5E4ABA206A0A8A1A97DF0FB23][1 514560 ]C:\WINDOWS\SYSTEM32\LOGONUI.EXE [012DF358CEBAA23ACB26D82077820817][6 22016 ]C:\WINDOWS\SYSTEM32\LPK.DLL [BF2466B3E18E970D8A976FB95FC1CA85][6 13312 ]C:\WINDOWS\SYSTEM32\LSASS.EXE [5C12660A97822F6E61576943B49AAAD6][1 18944 ]C:\WINDOWS\SYSTEM32\MIDIMAP.DLL [D18F1F0C101D06A1C1ADF26EED16FCDD][1 32768 ]C:\WINDOWS\SYSTEM32\MNMSRVC.EXE [7E699FF5F59B5D9DE5390E3C34C67CF5][6 53248 ]C:\WINDOWS\SYSTEM32\MPRDIM.DLL [9A3BD5F55AADFF859539142F6328A66E][1 20480 ]C:\WINDOWS\SYSTEM32\MSACM32.DRV [C5648BE5409E0AABDA8C9047BAC8F603][1 14848 ]C:\WINDOWS\SYSTEM32\MSADP32.ACM [CB9C24E95606A65397D1A00928BA9B77][1 294912 ]C:\WINDOWS\SYSTEM32\MSAUD32.ACM [71EA3DCE8B998B6730A942469D15ED44][2 186368 ]C:\WINDOWS\SYSTEM32\MSAUD32_DIVX.ACM [B04DB1F0B2652FCBCCC5FD0C46579F0F][1 297808 ]C:\WINDOWS\SYSTEM32\MSCOREE.DLL [A137F1470499A205ABBB9AAFB3B6F2B1][1 6144 ]C:\WINDOWS\SYSTEM32\MSDTC.EXE

[33271A2667334B9A8842C65A079EF375][1 9216 ]C:\WINDOWS\SYSTEM32\MSG711.ACM [B87F759738C52E8D6FBCDAAA84C6486F][1 118784 ]C:\WINDOWS\SYSTEM32\MSG723.ACM [3A9846E207DAFC13009C048A2F6F8C2A][1 19968 ]C:\WINDOWS\SYSTEM32\MSGSM32.ACM [986B1FF5814366D71E0AC5755C88F2D3][6 33792 ]C:\WINDOWS\SYSTEM32\MSGSVC.DLL [C6FD300A6100AC89BC4CB944C19FA2A9][1 188416 ]C:\WINDOWS\SYSTEM32\MSH261.DRV [7D529AA41EA993357F8C3D7E92C2372A][1 294912 ]C:\WINDOWS\SYSTEM32\MSH263.DRV [A706E122B398FE1AB85CB9B75D044223][1 3066880 ]C:\WINDOWS\SYSTEM32\MSHTML.DLL [7F7BC88C8FB6B52989E0E93084B5E678][1 95744 ]C:\WINDOWS\SYSTEM32\MSIEXEC.EXE [B9B3F6D8B8F1E0029C58B304632A729B][1 32592 ]C:\WINDOWS\SYSTEM32\MSONPMON.DLL [C7E39EA41233E9F5B86C8DA3A9F1E4A8][1 52224 ]C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL [374140237756D58BB842657462A0DF1D][6 11264 ]C:\WINDOWS\SYSTEM32\MSRLE32.DLL [0F152F4E57FDF9E8E8BDFEA583A4926B][6 132608 ]C:\WINDOWS\SYSTEM32\MSV1_0.DLL [6EF2B7676E92B9452AAB164339B69084][6 25600 ]C:\WINDOWS\SYSTEM32\MSVIDC32.DLL [3F0CF84469AD2DC8382312814A223BCE][6 1428992 ]C:\WINDOWS\SYSTEM32\MSVIDCTL.DLL [B4138E99236F0F57D4CF49BAE98A0746][6 245248 ]C:\WINDOWS\SYSTEM32\MSWSOCK.DLL [CE638EFF365DA822A9C70654A40861C7][6 16896 ]C:\WINDOWS\SYSTEM32\MSYUV.DLL [B857BA82860D7FF85AE29B095645563B][6 111104 ]C:\WINDOWS\SYSTEM32\NETDDE.EXE [13E67B55B3ABD7BF3FE7AAE5A0F9A9DE][6 198144 ]C:\WINDOWS\SYSTEM32\NETMAN.DLL [087D74074361C82DAF7611ACC91E030A][0 68928 9B0DDB5D800A0343258D3F47D55 CAD644CE05BB5 ]C:\WINDOWS\SYSTEM32\NLSSRV32.EXE [5E28284F9B5F9097640D58A73D38AD4C][1 69120 ]C:\WINDOWS\SYSTEM32\NOTEPAD.EXE [156F64A3345BD23C600655FB4D10BC08][6 435200 ]C:\WINDOWS\SYSTEM32\NTMSSVC.DLL [5652F6CE1D9E9D8068B9D29BC21B5409][6 84992 ]C:\WINDOWS\SYSTEM32\OLEPRO32.DLL [222DE7F5EDB9DDBE628384A1A8BE59CE][6 15360 ]C:\WINDOWS\SYSTEM32\PJLMON.DLL [0102140028FAD045756796E1C685D695][6 291328 ]C:\WINDOWS\SYSTEM32\QAGENTRT.DLL [574738F61FCA2935F5265DC4E5691314][6 409088 ]C:\WINDOWS\SYSTEM32\QMGR.DLL [AD188BE7BDF94E8DF4CA0A55C00A5073][6 88576 ]C:\WINDOWS\SYSTEM32\RASAUTO.DLL [76A9A3CBEADD68CC57CDA5E1D7448235][6 186368 ]C:\WINDOWS\SYSTEM32\RASMANS.DLL [5B19B557B0C188210A56A6B699D90B8F][6 59904 ]C:\WINDOWS\SYSTEM32\REGSVC.DLL [2589FE6015A316C0F5D5112B4DA7B509][6 399360 ]C:\WINDOWS\SYSTEM32\RPCSS.DLL [471B3F9741D762ABE75E9DEEA4787E47][6 132608 ]C:\WINDOWS\SYSTEM32\RSVP.EXE

[72451FD61DDBB0A1FB071B7C3CDE5594][6 92672 ]C:\WINDOWS\SYSTEM32\RSVPSP.DLL [037B1E7798960E0420003D05BB577EE6][1 33280 ]C:\WINDOWS\SYSTEM32\RUNDLL32.EXE [86D007E7A654B9A71D1D7D856B104353][6 95744 ]C:\WINDOWS\SYSTEM32\SCARDSVR.EXE [A86BB5E61BF3E39B62AB4C7E7085A084][6 181248 ]C:\WINDOWS\SYSTEM32\SCECLI.DLL [C61E8ECFFDBF05FF71D079BBD35396B3][6 144384 ]C:\WINDOWS\SYSTEM32\SCHANNEL.DLL [0A9A7365A1CA4319AA7C1D6CD8E4EAFA][6 192512 ]C:\WINDOWS\SYSTEM32\SCHEDSVC.DLL [63FF9068E5BDA0BC9ECD38FBBB216E24][6 20480 ]C:\WINDOWS\SYSTEM32\SCLGNTFY.DLL [CBE612E2BB6A10E3563336191EDA1250][6 18944 ]C:\WINDOWS\SYSTEM32\SECLOGON.DLL [7FDD5D0684ECA8C1F68B4D99D124DCD0][6 39424 ]C:\WINDOWS\SYSTEM32\SENS.DLL [0E776ED5F7CC9F94299E70461B7B8185][6 108544 ]C:\WINDOWS\SYSTEM32\SERVICES.EXE [3C37BF86641BDA977C3BF8A840F3B7FA][6 141312 ]C:\WINDOWS\SYSTEM32\SESSMGR.EXE [362BC5AF8EAF712832C58CC13AE05750][2 1614848 ]C:\WINDOWS\SYSTEM32\SFCFILES.DLL [26CB10FA893F940AB09713FF46DCDADE][1 1499136 ]C:\WINDOWS\SYSTEM32\SHDOCVW.DLL [0CF50B1F45DAB08430C1DBB79FE2CA5B][1 8461312 ]C:\WINDOWS\SYSTEM32\SHELL32.DLL [1926899BF9FFE2602B63074971700412][6 135168 ]C:\WINDOWS\SYSTEM32\SHSVCS.DLL [0DBB250A89E2E1C9281009AC269F0805][1 86016 ]C:\WINDOWS\SYSTEM32\SL_ANET.ACM [C7ABBC59B43274B1109DF6B24D617051][6 89600 ]C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE [D8E14A61ACC1D4A6CD0D38AEBAC7FA3B][6 57856 ]C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [3805DF0AC4296A34BA4BF93B346CC378][6 171008 ]C:\WINDOWS\SYSTEM32\SRSVC.DLL [F385F4B02C535BFFE1D70CAB80838123][6 96768 ]C:\WINDOWS\SYSTEM32\SRVSVC.DLL [0A5679B3714EDAB99E357057EE88FCA6][6 71680 ]C:\WINDOWS\SYSTEM32\SSDPSRV.DLL [50512FC9B7878E3C2C147BC17326A7DB][1 121856 ]C:\WINDOWS\SYSTEM32\STOBJECT.DLL [27C6D03BCDB8CFEB96B716F3D8BE3E18][6 14336 ]C:\WINDOWS\SYSTEM32\SVCHOST.EXE [C504A9FE17F997F8B1F8561D0A68DE52][1 300544 ]C:\WINDOWS\SYSTEM32\SYSDM.CPL [3CB78C17BB664637787C9A1C98F79C38][6 249856 ]C:\WINDOWS\SYSTEM32\TAPISRV.DLL [AE0382AD9C73D343D85E1A50C80B7C20][6 45568 ]C:\WINDOWS\SYSTEM32\TCPMON.DLL [FF3477C03BE7201C294C35F684B3479F][6 295424 ]C:\WINDOWS\SYSTEM32\TERMSRV.DLL [DB7205804759FF62C34E3EFD8A4CC76A][6 73216 ]C:\WINDOWS\SYSTEM32\TLNTSVR.EXE [55BCA12F7F523D35CA3CB833C725F54E][6 90112 ]C:\WINDOWS\SYSTEM32\TRKWKS.DLL [1A235B74C54F236B7667AB67E8AE3820][6 8192 ]C:\WINDOWS\SYSTEM32\TSBYUV.DLL

[E8CD0D7E169ECCE2D4FD829DAAB786ED][1 8192 ]C:\WINDOWS\SYSTEM32\TSSOFT32.ACM [1EBAFEB9A3FBDC41B8D9C7F0F687AD91][6 185856 ]C:\WINDOWS\SYSTEM32\UPNPHOST.DLL [05365FB38FCA1E98F7A566AAAF5D1815][6 18432 ]C:\WINDOWS\SYSTEM32\UPS.EXE [DD639FAE9C80EBB3B9E632202A9DEB54][1 619520 ]C:\WINDOWS\SYSTEM32\URLMON.DLL [F26385E8BA4549B5186B774EC0E45D86][6 16896 ]C:\WINDOWS\SYSTEM32\USBMON.DLL [B26B135FF1B9F60C9388B4A7D16F600B][1 578560 ]C:\WINDOWS\SYSTEM32\USER32.DLL [A93AEE1928A9D7CE3E16D24EC7380F89][6 26112 ]C:\WINDOWS\SYSTEM32\USERINIT.EXE [7A2CC3719B255E6B5D74396183B7715B][1 218624 ]C:\WINDOWS\SYSTEM32\UXTHEME.DLL [7A9DB3A67C333BF0BD42E42B8596854B][6 289792 ]C:\WINDOWS\SYSTEM32\VSSVC.EXE [54AF4B1D5459500EF0937F6D33B1914F][6 175104 ]C:\WINDOWS\SYSTEM32\W32TIME.DLL [6100A808600F44D999CEBDEF8841C7A3][6 15872 ]C:\WINDOWS\SYSTEM32\W3SSL.DLL [E0673F1106E62A68D2257E376079F821][6 126464 ]C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE [2D0E4ED081963804CCC196A0929275B5][6 144896 ]C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL [CEFCC6A64983EB8119F3A07A0C1EDE30][6 49152 ]C:\WINDOWS\SYSTEM32\WDIGEST.DLL [680B56A8B62D1BCF4A0B2AAAD03D88E4][1 23552 ]C:\WINDOWS\SYSTEM32\WDMAUD.DRV [E535E0A413655208D7180154150881C6][1 276480 ]C:\WINDOWS\SYSTEM32\WEBCHECK.DLL [77A354E28153AD2D5E120A5A8687BC06][6 68096 ]C:\WINDOWS\SYSTEM32\WEBCLNT.DLL [477BB51076B926E1A68840C267540042][6 75776 ]C:\WINDOWS\SYSTEM32\WIASCR.DLL [8BAD69CBAC032D4BBACFCE0306174C30][6 333824 ]C:\WINDOWS\SYSTEM32\WIASERVC.DLL [ED0EF0A136DEC83DF69F04118870003E][1 507904 ]C:\WINDOWS\SYSTEM32\WINLOGON.EXE [D72B9EC3337B247A666F098F3D6B43DE][6 16896 ]C:\WINDOWS\SYSTEM32\WINRNR.DLL [1B67B632786FEF1C1BBAEF46C2F3F2E6][6 132096 ]C:\WINDOWS\SYSTEM32\WKSSVC.DLL [2CC34E8BB667EEF78899546E12649196][6 92672 ]C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL [F92E1076C42FCD6DB3D72D8CFE9816D5][6 13824 ]C:\WINDOWS\SYSTEM32\WSCNTFY.EXE [7C278E6408D1DCE642230C0585A854D5][6 80896 ]C:\WINDOWS\SYSTEM32\WSCSVC.DLL [35321FB577CDC98CE3EB3A3EB9E4610A][6 6656 ]C:\WINDOWS\SYSTEM32\WUAUSERV.DLL [81DC3F549F44B1C1FFF022DEC9ECF30B][6 483840 ]C:\WINDOWS\SYSTEM32\WZCSVC.DLL [295D21F14C335B53CB8154E5B1F892B9][6 129024 ]C:\WINDOWS\SYSTEM32\XMLPROV.DLL [717E9CA09CB53DC2BBB2DAF78D713828][0 183808 A64959D8BE9732F0E8B740A07C5 FF90FD6A24D33 ]C:\WINDOWS\SYSTEM32\XVIDVFW.DLL [C52757F1EA2812847EB65B72A8371794][0 237568 3C654E235479A47F20BC3DD2727 6E4A3BC98F1A7 ]C:\WINDOWS\SYSTEM32\YV12VFW.DLL

[FB6075A20682143ACD4FA54F23EFD08B][0 20248 F84DDB20EE9CA73A89E9AEA903F 709EE4739D366 ]C:\WINDOWS\WINBAIT.EXE === [MBR] [MD5=D0D78552330424127A42FB11AC414640] M8CO0LwAfPtQB1Af/L4bfL8bBlBXueUB86TLvb4HsQQ4bgB8CXUTg8UQ4vTNGIv1g8YQSXQZ OCx09qC1B7QHi/CsPAB0/LsHALQOzRDr8ohOEOhGAHMq/kYQgH4EC3QLgH4EDHQFoLYHddKA RgIGg0YIBoNWCgDoIQBzBaC2B+u8gT7+fVWqdAuAfhAAdMigtwfrqYv8HleL9cu/BQCKVgC0 CM0TciOKwSQ/mIreivxD9+OL0YbWsQbS7kL34jlWCncjcgU5RghzHLgBArsAfItOAotWAM0T c1FPdE4y5IpWAM0T6+SKVgBgu6pVtEHNE3I2gftVqnUw9sEBdCthYGoAagD/dgr/dghqAGgA fGoBahC0Qov0zRNhYXMOT3QLMuSKVgDNE+vWYfnDSW52YWxpZCBwYXJ0aXRpb24gdGFibGUA RXJyb3IgbG9hZGluZyBvcGVyYXRpbmcgc3lzdGVtAE1pc3Npbmcgb3BlcmF0aW5nIHN5c3Rl bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAsRGM= ===