__Example_Output.txt

SYSTEM INFORMATION
====================================================
ComputerName    = BIFROST
TCP/IP Hostname = Bifrost
ShutdownTime = Wed Oct 23 02:56:04 2013 (UTC)

Microsoft\Windows NT\CurrentVersion
RegisteredOrganization :
CurrentVersion : 6.3
CurrentBuild : 9600
CurrentBuildNumber : 9600
SystemRoot : C:\WINDOWS
ProductName : Windows 8.1 Pro
InstallDate : Mon Sep 23 19:47:15 2013 (UTC)
RegisteredOwner : dblake@asgard-venture-capital.com


====================================================
TIMEZONE INFORMATION
====================================================
  DaylightName   -> @tzres.dll,-111
  StandardName   -> @tzres.dll,-112
  Bias           -> 300 (5 hours)
  ActiveTimeBias -> 240 (4 hours)
  TimeZoneKeyName-> Eastern Standard Time
====================================================
NETWORKING INFORMATION
====================================================
=-=-=-=-=-=-=-=-=-=-=-=-=-=
IP SETTINGS
=-=-=-=-=-=-=-=-=-=-=-=-=-=

Adapter: {0BC34999-4F58-4304-A651-86E870A12EA4}
LastWrite Time: Mon Sep 23 19:21:39 2013 Z
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   

ControlSet001\Services\Tcpip\Parameters\Interfaces has no subkeys.
Adapter: {46a0fb48-2484-11e3-824c-806e6f6e6963}
LastWrite Time: Mon Sep 23 20:07:54 2013 Z

ControlSet001\Services\Tcpip\Parameters\Interfaces has no subkeys.
Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}
LastWrite Time: Wed Oct 23 02:56:23 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                192.168.1.49        
  DhcpSubnetMask               255.255.255.0       
  DhcpServer                   192.168.1.1         
  Lease                        86400               
  LeaseObtainedTime            Wed Oct 23 02:56:23 2013 Z
  T1                           Wed Oct 23 14:56:23 2013 Z
  T2                           Wed Oct 23 23:56:23 2013 Z
  LeaseTerminatesTime          Thu Oct 24 02:56:23 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              talonne3            
  DhcpNameServer               192.168.1.1         
  DhcpDefaultGateway           192.168.1.1         
  DhcpDomain                   talonne             
  DhcpSubnetMaskOpt            255.255.255.0       
  DhcpInterfaceOptions         
  DhcpGatewayHardware               
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/051627B6F54516675627E6F57457563747
SSID Decoded: Park_Tavern_Guest
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/072776E2165627F6D266275656
SSID Decoded: prg.aero-free
LastWrite Time: Mon Oct 14 06:26:06 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                10.17.14.218        
  DhcpSubnetMask               255.255.0.0         
  DhcpServer                   10.17.0.7           
  Lease                        900                 
  LeaseObtainedTime            Mon Oct 14 06:24:08 2013 Z
  T1                           Mon Oct 14 06:31:38 2013 Z
  T2                           Mon Oct 14 06:37:15 2013 Z
  LeaseTerminatesTime          Mon Oct 14 06:39:08 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              prg.aero-free       
  DhcpInterfaceOptions         
5
Œ‘[R
  DhcpNameServer               193.86.243.66 193.86.243.68
  DhcpDefaultGateway           10.17.0.1           
  DhcpDomain                   prg.aero            
  DhcpSubnetMaskOpt            255.255.0.0         
  DhcpGatewayHardware          

,kõjF      
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/143574142544
SSID Decoded: ASGARD
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/25F616D696E67674E6F6D656
SSID Decoded: RoamingGnome
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/3516D61627B616E646
SSID Decoded: Samarkand
LastWrite Time: Tue Oct  1 14:18:29 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                192.168.1.10        
  DhcpSubnetMask               255.255.255.0       
  DhcpServer                   192.168.1.1         
  Lease                        86400               
  LeaseObtainedTime            Tue Oct  1 14:18:23 2013 Z
  T1                           Wed Oct  2 02:18:23 2013 Z
  T2                           Wed Oct  2 11:18:23 2013 Z
  LeaseTerminatesTime          Wed Oct  2 14:18:23 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              Samarkand           
  DhcpInterfaceOptions         
  DhcpNameServer               192.168.1.1         
  DhcpDefaultGateway           192.168.1.1         
  DhcpDomain                   home                
  DhcpSubnetMaskOpt            255.255.255.0       
  DhcpGatewayHardware          ˬ

&bK^²      
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/361686D27657563747
SSID Decoded: cah-guest
LastWrite Time: Mon Oct 14 06:26:26 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                10.100.65.74        
  DhcpSubnetMask               255.255.255.0       
  DhcpServer                   10.100.65.3         
  Lease                        900                 
  LeaseObtainedTime            Mon Oct 14 06:26:12 2013 Z
  T1                           Mon Oct 14 06:33:42 2013 Z
  T2                           Mon Oct 14 06:39:19 2013 Z
  LeaseTerminatesTime          Mon Oct 14 06:41:12 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              cah-guest           
  DhcpInterfaceOptions        
dA5
Â’[R

„Ž[R
  DhcpNameServer               193.86.243.66 193.86.243.68
  DhcpDefaultGateway           10.100.65.1         
  DhcpDomain                   prg.aero            
  DhcpSubnetMaskOpt            255.255.255.0       
  DhcpGatewayHardware          
dA
Ûÿ p      
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/449637472796364702451636F6
SSID Decoded: District Taco
LastWrite Time: Thu Sep 26 18:15:57 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                192.168.1.102       
  DhcpSubnetMask               255.255.255.0       
  DhcpServer                   192.168.1.1         
  Lease                        86400               
  LeaseObtainedTime            Thu Sep 26 17:51:05 2013 Z
  T1                           Fri Sep 27 05:51:05 2013 Z
  T2                           Fri Sep 27 14:51:05 2013 Z
  LeaseTerminatesTime          Fri Sep 27 17:51:05 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              District Taco       
  DhcpInterfaceOptions    
  DhcpDefaultGateway           192.168.1.1         
  DhcpNameServer               192.168.1.1         
  DhcpSubnetMaskOpt            255.255.255.0       
  DhcpGatewayHardware          ˬ

 ªKow	      
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/87072756373736162756F57457563747
SSID Decoded: xpresscare_Guest
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/A596F6E6
SSID Decoded: Zion
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/C4F4453383
SSID Decoded: LOT38
LastWrite Time: Mon Oct 21 19:34:41 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   
  DhcpIPAddress                192.168.182.95      
  DhcpSubnetMask               255.255.255.0       
  DhcpServer                   192.168.182.1       
  Lease                        600                 
  LeaseObtainedTime            Mon Oct 21 19:24:46 2013 Z
  T1                           Mon Oct 21 19:29:46 2013 Z
  T2                           Mon Oct 21 19:33:31 2013 Z
  LeaseTerminatesTime          Mon Oct 21 19:34:46 2013 Z
  AddressType                  0                   
  IsServerNapAware             0                   
  DhcpConnForceBroadcastFlag   0                   
  DhcpNetworkHint              LOT38               
  DhcpInterfaceOptions         







ցeRÀ¨¶

ցeRÿÿÿ5
ցeR
  DhcpDomain                   key.chillispot.info 
  DhcpNameServer               10.1.10.1 10.1.10.1 
  DhcpDefaultGateway           192.168.182.1       
  DhcpSubnetMaskOpt            255.255.255.0       
  DhcpGatewayHardware          À¨¶
ht)ëZ      
  DhcpGatewayHardwareCount     1                   

Adapter: {5185491C-401D-491E-8C6F-07F6AFFF1A64}/D4363416272716E60275966496
SSID Decoded: McCarran WiFi
LastWrite Time: Mon Sep 23 19:18:06 2013 Z
  EnableDHCP                   1                   
  UseZeroBroadcast             0                   

Adapter: {54747FBB-D5C2-487A-A854-CE0D71AB02B0}
LastWrite Time: Mon Sep 23 19:20:55 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   
  MTU                          0                   

ControlSet001\Services\Tcpip\Parameters\Interfaces has no subkeys.
Adapter: {8718928D-CBEB-45EA-A621-800A9249001D}
LastWrite Time: Thu Aug 22 14:46:19 2013 Z
  UseZeroBroadcast             0                   
  EnableDeadGWDetect           1                   
  EnableDHCP                   1                   
  NameServer                                       
  Domain                                           
  RegistrationEnabled          1                   
  RegisterAdapterName          0                   

ControlSet001\Services\Tcpip\Parameters\Interfaces has no subkeys.
=-=-=-=-=-=-=-=-=-=-=-=-=-=
NETWORK LIST
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
attwifi
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 5 22:37:08 2013
  DateCreated      : Thu Sep 5 22:37:08 2013
  DefaultGatewayMac: 00-90-FB-43-A3-88
  Type             : wireless

Zion
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Fri Sep 13 11:23:24 2013
  DateCreated      : Thu Sep 12 16:28:54 2013
  DefaultGatewayMac: 00-18-0A-22-2B-0C
  Type             : wireless

LOT38
  Key LastWrite    : Mon Oct 21 18:19:12 2013 Z
  DateLastConnected: Mon Oct 21 14:19:12 2013
  DateCreated      : Mon Oct 21 14:19:12 2013
  DefaultGatewayMac: 68-7F-74-29-EB-5A
  Type             : wireless

Cox-CaesarsLV-Rooms
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 12 02:45:19 2013
  DateCreated      : Thu Sep 12 02:45:19 2013
  DefaultGatewayMac: 00-1B-24-E0-29-55
  Type             : wireless

gogoinflight
  Key LastWrite    : Thu Oct  3 11:49:48 2013 Z
  DateLastConnected: Thu Oct 3 07:49:48 2013
  DateCreated      : Thu Oct 3 07:48:58 2013
  DefaultGatewayMac: 00-E0-4B-22-96-D9
  Type             : wireless

CaesarsLV-Convention-Cox
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Sat Sep 21 18:08:28 2013
  DateCreated      : Sat Sep 21 13:01:29 2013
  DefaultGatewayMac: 00-16-36-CA-17-6A
  Type             : wireless

Park_Tavern_Guest
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Fri Sep 6 11:40:45 2013
  DateCreated      : Fri Sep 6 11:40:45 2013
  DefaultGatewayMac: 80-1F-02-79-35-C8
  Type             : wireless

attwifi  2
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Wed Sep 11 19:30:34 2013
  DateCreated      : Wed Sep 11 19:30:34 2013
  DefaultGatewayMac: 00-90-FB-47-79-AA
  Type             : wireless

McCormickSchmicks
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 5 22:36:06 2013
  DateCreated      : Thu Sep 5 22:36:06 2013
  DefaultGatewayMac: 00-90-FB-43-A3-88
  Type             : wireless

Baileys Guest
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 5 22:42:13 2013
  DateCreated      : Thu Sep 5 21:25:34 2013
  DefaultGatewayMac: A0-F3-C1-FF-00-0A
  Type             : wireless

talonne3
  Key LastWrite    : Wed Oct 23 02:56:23 2013 Z
  DateLastConnected: Tue Oct 22 22:56:23 2013
  DateCreated      : Fri Aug 30 23:45:28 2013
  DefaultGatewayMac: 00-7F-28-CF-44-DB
  Type             : wireless

angelo
  Key LastWrite    : Sun Oct 13 10:23:59 2013 Z
  DateLastConnected: Sun Oct 13 06:23:59 2013
  DateCreated      : Sat Oct 5 11:06:30 2013
  DefaultGatewayMac: 00-0C-42-9B-8F-39
  Type             : wireless

RoamingGnome
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Fri Sep 20 19:58:23 2013
  DateCreated      : Thu Sep 19 19:05:13 2013
  DefaultGatewayMac: A6-C3-61-E9-08-00
  Type             : wireless

prg.aero-free
  Key LastWrite    : Mon Oct 14 06:24:12 2013 Z
  DateLastConnected: Mon Oct 14 02:24:12 2013
  DateCreated      : Mon Oct 14 02:24:12 2013
  DefaultGatewayMac: 2C-6B-F5-1C-6A-46
  Type             : wireless

McCarran WiFi
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 12 01:51:58 2013
  DateCreated      : Thu Sep 12 01:51:58 2013
  DefaultGatewayMac: 00-00-5E-00-01-65
  Type             : wireless

Cox-CaesarsLV-Rooms  2
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 12 11:20:07 2013
  DateCreated      : Thu Sep 12 11:20:07 2013
  DefaultGatewayMac: 00-16-36-CA-17-6A
  Type             : wireless

GCOMM
  Key LastWrite    : Mon Oct 14 07:17:57 2013 Z
  DateLastConnected: Mon Oct 14 03:17:57 2013
  DateCreated      : Mon Oct 14 02:26:35 2013
  DefaultGatewayMac: D4-CA-6D-80-C4-B3
  Type             : wireless

ASGARD
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Mon Sep 23 11:44:58 2013
  DateCreated      : Fri Aug 30 12:55:56 2013
  DefaultGatewayMac: 00-15-FF-03-67-E5
  Type             : wireless

cah-guest
  Key LastWrite    : Mon Oct 14 06:26:13 2013 Z
  DateLastConnected: Mon Oct 14 02:26:13 2013
  DateCreated      : Mon Oct 14 02:26:13 2013
  DefaultGatewayMac: 00-10-DB-FF-20-70
  Type             : wireless

hhonors
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Sat Aug 10 14:46:39 2013
  DateCreated      : Sat Aug 10 14:46:39 2013
  DefaultGatewayMac: 00-90-FB-32-8D-D8
  Type             : wireless

xpresscare_Guest
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Mon Sep 23 11:46:58 2013
  DateCreated      : Mon Sep 23 11:46:58 2013
  DefaultGatewayMac: 98-FC-11-5C-63-C4
  Type             : wireless

Zion  2
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Thu Sep 19 16:14:39 2013
  DateCreated      : Thu Sep 19 15:53:02 2013
  DefaultGatewayMac: 00-18-0A-35-B2-B4
  Type             : wireless

Washington Dulles WiFi
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Wed Sep 11 19:31:17 2013
  DateCreated      : Wed Sep 11 19:31:17 2013
  DefaultGatewayMac: 00-00-5E-00-01-3C
  Type             : wireless

Samarkand
  Key LastWrite    : Tue Oct  1 14:15:25 2013 Z
  DateLastConnected: Tue Oct 1 10:15:25 2013
  DateCreated      : Sun Sep 29 14:33:06 2013
  DefaultGatewayMac: 00-26-62-4B-5E-B2
  Type             : wireless

tmobile
  Key LastWrite    : Sat Oct  5 07:13:06 2013 Z
  DateLastConnected: Sat Oct 5 03:13:06 2013
  DateCreated      : Sat Oct 5 03:13:06 2013
  DefaultGatewayMac: 00-00-0C-07-AC-35
  Type             : wireless

District Taco
  Key LastWrite    : Thu Sep 26 17:51:05 2013 Z
  DateLastConnected: Thu Sep 26 13:51:05 2013
  DateCreated      : Tue Sep 10 13:41:03 2013
  DefaultGatewayMac: 20-AA-4B-6F-77-09
  Type             : wireless

Nacho
  Key LastWrite    : Mon Sep 23 19:18:06 2013 Z
  DateLastConnected: Sun Aug 11 23:08:16 2013
  DateCreated      : Sat Aug 10 11:01:16 2013
  DefaultGatewayMac: 00-23-69-58-11-1D
  Type             : wireless


Date                        Domain/IP                     
Mon Sep 23 19:18:06 2013 Z  150.202.1.3                   
Mon Sep 23 19:18:06 2013 Z  coxhn.net                     
Mon Sep 23 19:18:06 2013 Z  fhrg.com                      
Mon Oct 14 07:17:52 2013 Z  gcomm.cz                      
Mon Sep 23 19:18:06 2013 Z  hil-bosbhhh.bos.wayport.net   
Tue Oct  1 14:18:29 2013 Z  home                          
Mon Sep 23 19:18:06 2013 Z  hsd1.ma.comcast.net.          
Mon Oct 21 18:19:12 2013 Z  key.chillispot.info           
Mon Sep 23 19:18:06 2013 Z  landrysmscc.dca.wayport.net   
Mon Sep 23 19:18:06 2013 Z  mccarranwifi.com              
Mon Oct 14 06:26:26 2013 Z  prg.aero                      
Tue Oct  1 14:16:49 2013 Z  talonne                       
Mon Sep 23 19:18:06 2013 Z  washiad2.dulleva.wayport.net  
 
====================================================
FIREWALL DETAILS
====================================================
Windows Firewall Configuration
ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
LastWrite Time Mon Sep 23 19:14:08 2013 (UTC)
	EnableFirewall -> 1
	DisableNotifications -> 0

Windows Firewall Configuration
ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
LastWrite Time Mon Sep 23 19:14:08 2013 (UTC)
	EnableFirewall -> 1
	DisableNotifications -> 0

====================================================
PERSISTENT ROUTES
====================================================
routes v.20100817
(System) Get persistent routes

Select not found.
 
====================================================
LOCAL USER AND GROUP INFORMATION
====================================================

User Information
-------------------------
Username        : Administrator [500]
Full Name       : 
User Comment    : Built-in account for administering the computer/domain
Account Type    : Default Admin User
Account Created : Mon Sep 23 19:24:36 2013 Z
Name            :  
Last Login Date : Sun Jun  2 03:57:44 2013 Z
Pwd Reset Date  : Thu Jul 26 07:27:03 2012 Z
Pwd Fail Date   : Never
Login Count     : 13
  --> Password does not expire
  --> Account Disabled
  --> Normal user account

Username        : Guest [501]
Full Name       : 
User Comment    : Built-in account for guest access to the computer/domain
Account Type    : Default Guest Acct
Account Created : Mon Sep 23 19:24:36 2013 Z
Name            :  
Last Login Date : Never
Pwd Reset Date  : Never
Pwd Fail Date   : Never
Login Count     : 0
  --> Password does not expire
  --> Account Disabled
  --> Password not required
  --> Normal user account

Username        : Donald [1001]
Full Name       : Donald Blake
User Comment    : 
Account Type    : Default Admin User
Account Created : Sat Aug 10 03:03:12 2013 Z
Name            : Donald Blake
InternetName    : dblake@asgard-venture-capital.com
Last Login Date : Tue Oct 22 16:38:07 2013 Z
Pwd Reset Date  : Sat Aug 10 03:03:23 2013 Z
Pwd Fail Date   : Never
Login Count     : 0
  --> Password does not expire
  --> Normal user account

Username        : HomeGroupUser$ [1003]
Full Name       : HomeGroupUser$
User Comment    : Built-in account for homegroup access to the computer
Account Type    : Custom Limited Acct
Account Created : Tue Oct  1 18:51:20 2013 Z
Name            :  
Last Login Date : Tue Oct 22 09:05:46 2013 Z
Pwd Reset Date  : Tue Oct  1 18:51:20 2013 Z
Pwd Fail Date   : Never
Login Count     : 0
  --> Password does not expire
  --> Normal user account

-------------------------
Group Membership Information
-------------------------
Group Name    : Event Log Readers [0]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Members of this group can read event logs from local machine
Users         : None

Group Name    : Guests [1]
LastWrite     : Sun Jun  2 03:18:03 2013 Z
Group Comment : Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Users :
  S-1-5-21-718126207-1171771683-1750804747-501

Group Name    : Network Configuration Operators [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Members in this group can have some administrative privileges to manage configuration of networking features
Users         : None

Group Name    : Performance Log Users [0]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
Users         : None

Group Name    : Hyper-V Administrators [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Members of this group have complete and unrestricted access to all features of Hyper-V.
Users         : None

Group Name    : IIS_IUSRS [1]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Built-in group used by Internet Information Services.
Users :
  S-1-5-17

Group Name    : Backup Operators [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
Users         : None

Group Name    : Users [2]
LastWrite     : Sat Aug 10 03:03:27 2013 Z
Group Comment : Users are prevented from making accidental or intentional system-wide changes and can run most applications
Users :
  S-1-5-4
  S-1-5-11

Group Name    : Access Control Assistance Operators [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Members of this group can remotely query authorization attributes and permissions for resources on this computer.
Users         : None

Group Name    : Distributed COM Users [0]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Members are allowed to launch, activate and use Distributed COM objects on this machine.
Users         : None

Group Name    : Administrators [2]
LastWrite     : Sat Aug 10 03:03:12 2013 Z
Group Comment : Administrators have complete and unrestricted access to the computer/domain
Users :
  S-1-5-21-718126207-1171771683-1750804747-1001
  S-1-5-21-718126207-1171771683-1750804747-500

Group Name    : Power Users [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Power Users are included for backwards compatibility and possess limited administrative powers
Users         : None

Group Name    : Cryptographic Operators [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Members are authorized to perform cryptographic operations.
Users         : None

Group Name    : Remote Management Users [0]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
Users         : None

Group Name    : Replicator [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Supports file replication in a domain
Users         : None

Group Name    : Performance Monitor Users [0]
LastWrite     : Thu Jul 26 07:19:51 2012 Z
Group Comment : Members of this group can access performance counter data locally and remotely
Users         : None

Group Name    : Remote Desktop Users [0]
LastWrite     : Mon Aug 12 03:08:08 2013 Z
Group Comment : Members in this group are granted the right to logon remotely
Users         : None

Analysis Tips:
 - For well-known SIDs, see http://support.microsoft.com/kb/243330
     - S-1-5-4  = Interactive
     - S-1-5-11 = Authenticated Users
 - Correlate the user SIDs to the output of the ProfileList plugin

====================================================
AUTORUNS
====================================================
Key: Microsoft\Windows\CurrentVersion\Run
Last write time: 10/19/2013 2:06:22 AM +00:00
Number of Values: 13
Number of Subkeys: 0


------------ Value #0 ------------
Name: DptfPolicyLpmServiceHelper (RegSz)
Data: C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe (Slack: 00-00-00-00-00-00)
------------ Value #1 ------------
Name: RtsFT (RegSz)
Data: RTFTrack.exe (Slack: 00-00)
------------ Value #2 ------------
Name: SynLenovoGestureMgr (RegExpandSz)
Data: "%ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m (Slack: 00-00-00-00)
------------ Value #3 ------------
Name: cAudioFilterAgent (RegSz)
Data: C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Slack: 00-00-00-00)
------------ Value #4 ------------
Name: ForteConfig (RegSz)
Data: C:\Program Files\Conexant\ForteConfig\fmapp.exe (Slack: 00-00-00-00)
------------ Value #5 ------------
Name: SmartAudio (RegSz)
Data: C:\Program Files\CONEXANT\SAII\SACpl.exe /t (Slack: 00-00-00-00)
------------ Value #6 ------------
Name: BtServer (RegSz)
Data: "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" (Slack: 00-00-00-00)
------------ Value #7 ------------
Name: Lenovo Transition (RegSz)
Data: C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe -HIDE (Slack: 00-00-00-00)
------------ Value #8 ------------
Name: yogaserver (RegSz)
Data: C:\ProgramData\YogaSmartSwicth\yogaserver.exe 
------------ Value #9 ------------
Name: SynTPEnh (RegExpandSz)
Data: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe (Slack: 00-00-00-00)
------------ Value #10 ------------
Name: IgfxTray (RegSz)
Data: "C:\WINDOWS\system32\igfxtray.exe" (Slack: 00-00-30-00-2E-00)
------------ Value #11 ------------
Name: HotKeysCmds (RegSz)
Data: "C:\WINDOWS\system32\hkcmd.exe" (Slack: 74-00-30-00)
------------ Value #12 ------------
Name: Persistence (RegSz)
Data: "C:\WINDOWS\system32\igfxpers.exe" (Slack: 69-00-6E-00-66-00)

Key: Microsoft\Windows\CurrentVersion\RunOnce
Last write time: 10/23/2013 10:11:26 AM +00:00
Number of Values: 0
Number of Subkeys: 0
Key: Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Last write time: 9/23/2013 7:14:06 PM +00:00
Number of Values: 0
Number of Subkeys: 0
Key: Classes\PROTOCOLS\Filter\application/octet-stream
Last write time: 9/23/2013 7:14:10 PM +00:00
Number of Values: 1
Number of Subkeys: 0


------------ Value #0 ------------
Name: CLSID (RegSz)
Data: {1E66F26B-79EE-11D2-8710-00C04F79ED0D} (Slack: 00-00-00-00-00-00)
Key: Classes\PROTOCOLS\Filter\application/x-complus
Last write time: 9/23/2013 7:14:10 PM +00:00
Number of Values: 1
Number of Subkeys: 0


------------ Value #0 ------------
Name: CLSID (RegSz)
Data: {1E66F26B-79EE-11D2-8710-00C04F79ED0D} (Slack: 00-00-00-00-00-00)
Key: Classes\PROTOCOLS\Filter\application/x-msdownload
Last write time: 9/23/2013 7:14:10 PM +00:00
Number of Values: 1
Number of Subkeys: 0


------------ Value #0 ------------
Name: CLSID (RegSz)
Data: {1E66F26B-79EE-11D2-8710-00C04F79ED0D} (Slack: 00-00-00-00-00-00)
 
====================================================
WINLOGON
====================================================
Microsoft\Windows NT\CurrentVersion\Winlogon
LastWrite Time Wed Oct 23 02:56:17 2013 (UTC)
  LegalNoticeText = 
  LegalNoticeCaption = 
  ForceUnlockLogon = 0
  ReportBootOk = 1
  AutoRestartShell = 1
  PowerdownAfterShutdown = 0
  ShutdownWithoutLogon = 0
  PasswordExpiryWarning = 5
  WinStationsDisabled = 0
  scremoveoption = 0
  EnableFirstLogonAnimation = 1
  AutoAdminLogon = 0
  DisableCad = 1
  DebugServerCommand = no
  CachedLogonsCount = 10
  ShutdownFlags = 39
  Background = 0 0 0
  Shell = explorer.exe
  Userinit = C:\Windows\system32\userinit.exe,
  PreCreateKnownFolders = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
  VMApplet = SystemPropertiesPerformance.exe /pagefile
  LastUsedUsername = MicrosoftAccount\dblake@asgard-venture-capital.com
  DefaultUserName = MicrosoftAccount\dblake@asgard-venture-capital.com
  AutoLogonSID = S-1-11-96-3623454863-58364-18864-2661722203-1597581903-3241140313-1528907555-2380831335-2281093177-363464117

Notify subkey contents:
  igfxcui - Sat Oct 19 02:06:22 2013
  DLLName: igfxdev.dll


Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
LastWrite Time Mon Sep 23 19:14:11 2013 (UTC)
  DefaultDomainName = 
  DefaultUserName = 
  Userinit = userinit.exe
  Shell = explorer.exe
  PreCreateKnownFolders = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
  VMApplet = SystemPropertiesPerformance.exe /pagefile

Notify subkey not found.

Analysis Tips: The UserInit and Shell values are executed when a user logs on.
The UserInit value should contain a reference to userinit.exe; the Shell value
should contain just 'explorer.exe'. Check TaskMan & System values, if found.
 
====================================================
USB MASS STORAGE DEVICE HISTORY
====================================================
USBStor
ControlSet001\Enum\USB

ROOT_HUB20 [Mon Sep 23 19:14:28 2013]
  S/N: 4&14c1c731&0 [Wed Oct 23 02:56:15 2013]
  Device Parameters LastWrite: [Tue Oct  1 14:15:07 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 5&1a59d89a&1
  S/N: 4&2be5801c&0 [Wed Oct 23 02:56:15 2013]
  Device Parameters LastWrite: [Tue Oct  1 14:15:07 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 5&294335c8&1

ROOT_HUB30 [Mon Sep 23 19:13:49 2013]
  S/N: 4&d858888&0&0 [Wed Oct 23 02:56:15 2013]
  Device Parameters LastWrite: [Tue Oct  1 14:15:07 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 5&262ed807&0

VID_03EB&PID_8814 [Mon Sep 23 19:14:29 2013]
  S/N: 6&b2dbb92&0&4 [Wed Oct 23 02:56:18 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:36 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 7&8bb8b58&0

VID_03EB&PID_8814&MI_00 [Mon Sep 23 19:14:29 2013]
  S/N: 7&8bb8b58&0&0000 [Wed Oct 23 02:56:19 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:36 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 8&24551890&0

VID_03EB&PID_8814&MI_01 [Mon Sep 23 19:14:29 2013]
  S/N: 7&8bb8b58&0&0001 [Wed Oct 23 02:56:19 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:36 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 8&378534ce&0

VID_0421&PID_0661 [Sat Oct 19 19:40:14 2013]
  S/N: 0000001173C819470000000000000000 [Mon Oct 21 20:40:23 2013]
  Device Parameters LastWrite: [Sat Oct 19 19:40:14 2013]
  Properties LastWrite       : [Sat Oct 19 19:40:15 2013]
    ParentIdPrefix: 6&6d096df&0

VID_0421&PID_0661&MI_00 [Sat Oct 19 19:40:14 2013]
  S/N: 6&6d096df&0&0000 [Mon Oct 21 20:40:25 2013]
  Device Parameters LastWrite: [Sat Oct 19 19:40:18 2013]
  Properties LastWrite       : [Sat Oct 19 19:40:18 2013]
    FriendlyName    : Donald's Windows Phone

VID_0421&PID_0661&MI_01 [Sat Oct 19 19:40:14 2013]
  S/N: 6&6d096df&0&0001 [Sat Oct 19 19:40:14 2013]
  Device Parameters LastWrite: [Sat Oct 19 19:40:14 2013]
  Properties LastWrite       : [Sat Oct 19 19:40:15 2013]
    FriendlyName    : RM-860|Nokia Lumia 928

VID_0421&PID_0661&MI_02 [Sat Oct 19 19:40:14 2013]
  S/N: 6&6d096df&0&0002 [Sat Oct 19 19:40:14 2013]
  Device Parameters LastWrite: [Sat Oct 19 19:40:14 2013]
  Properties LastWrite       : [Sat Oct 19 19:40:15 2013]
    FriendlyName    : RM-860|Nokia Lumia 928

VID_0421&PID_066E [Mon Oct 21 17:31:47 2013]
  S/N: 5&262ed807&0&4 [Mon Oct 21 17:31:47 2013]
  Device Parameters LastWrite: [Mon Oct 21 17:31:47 2013]
  Properties LastWrite       : [Mon Oct 21 17:31:48 2013]
    FriendlyName    : NOKIA BOOTMGR

VID_045E&PID_062A [Mon Oct 21 17:31:54 2013]
  S/N: 5&262ed807&0&4 [Mon Oct 21 17:31:54 2013]
  Device Parameters LastWrite: [Mon Oct 21 17:31:56 2013]
  Properties LastWrite       : [Mon Oct 21 17:31:55 2013]
    ParentIdPrefix: 6&1f067bf6&0

VID_04F2&PID_B35E [Mon Sep 23 19:14:30 2013]
  S/N: 0x0001 [Wed Oct 23 02:56:18 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:36 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 7&38823332&1

VID_04F2&PID_B35E&MI_00 [Mon Sep 23 19:14:31 2013]
  S/N: 7&38823332&1&0000 [Wed Oct 23 02:56:19 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:46 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    FriendlyName    : @oem17.inf,%rtsuvc.FriendlyName%;Lenovo EasyCamera

VID_058F&PID_6366 [Sun Oct 13 09:03:24 2013]
  S/N: 058F63666438 [Sun Oct 13 09:03:25 2013]
  Device Parameters LastWrite: [Sun Oct 13 09:03:24 2013]
  Properties LastWrite       : [Sun Oct 13 09:03:25 2013]

VID_05AC&PID_129A [Fri Oct 18 01:34:33 2013]
  S/N: b15b3ded774bb82bbb8f3a592105338c6e0bd485 [Fri Oct 18 02:09:11 2013]
  Device Parameters LastWrite: [Fri Oct 18 02:09:11 2013]
  Properties LastWrite       : [Fri Oct 18 01:34:36 2013]
    FriendlyName    : @oem74.inf,%iPhone.DeviceDesc%;Apple Mobile Device USB Driver

VID_05AC&PID_12A4 [Thu Oct 17 16:44:13 2013]
  S/N: c5a218ca97fb7bd4f1ac881aa801d594a6fefb9c [Thu Oct 17 16:44:20 2013]
  Device Parameters LastWrite: [Thu Oct 17 16:44:21 2013]
  Properties LastWrite       : [Thu Oct 17 16:44:18 2013]
    FriendlyName    : Apple iPad

VID_090C&PID_1000 [Mon Oct 21 18:46:16 2013]
  S/N: AA04012700011123 [Mon Oct 21 20:11:48 2013]
  Device Parameters LastWrite: [Mon Oct 21 18:46:16 2013]
  Properties LastWrite       : [Mon Oct 21 18:46:17 2013]
  S/N: AA04012700013494 [Fri Oct 18 18:32:25 2013]
  Device Parameters LastWrite: [Fri Oct 18 18:32:25 2013]
  Properties LastWrite       : [Thu Oct 17 19:28:34 2013]

VID_0BDA&PID_0129 [Mon Sep 23 19:14:29 2013]
  S/N: 20100201396000000 [Wed Oct 23 02:56:19 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:23:09 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]

VID_0BDA&PID_1724 [Mon Sep 23 19:14:30 2013]
  S/N: 00e04c000001 [Wed Oct 23 02:56:16 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:36 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 7&1308b7d4&1

VID_0BDA&PID_1724&MI_00 [Mon Sep 23 19:14:30 2013]
  S/N: 7&1308b7d4&1&0000 [Wed Oct 23 02:56:18 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:38 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 8&36e5acd6&0

VID_0BDA&PID_1724&MI_02 [Mon Sep 23 19:14:30 2013]
  S/N: 7&1308b7d4&1&0002 [Mon Sep 23 19:21:35 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:44 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    FriendlyName    : Realtek RTL8723A Wireless LAN 802.11n USB 2.0 Network Adapter
    ParentIdPrefix: 8&a364398&0

VID_1058&PID_0702 [Fri Oct 18 18:32:18 2013]
  S/N: 575848323038333634303334 [Fri Oct 18 18:33:44 2013]
  Device Parameters LastWrite: [Fri Oct 18 18:32:18 2013]
  Properties LastWrite       : [Fri Oct 18 18:32:19 2013]

VID_1058&PID_0704 [Wed Oct 23 03:09:13 2013]
  S/N: 57442D5758453830385A3735373133 [Wed Oct 23 03:09:13 2013]
  Device Parameters LastWrite: [Wed Oct 23 04:57:01 2013]
  Properties LastWrite       : [Wed Oct 23 03:09:14 2013]

VID_1221&PID_3234 [Thu Oct 17 21:06:15 2013]
  S/N: 1000000000001C37 [Mon Oct 21 18:45:56 2013]
  Device Parameters LastWrite: [Thu Oct 17 21:06:15 2013]
  Properties LastWrite       : [Thu Oct 17 21:06:16 2013]

VID_1307&PID_0116 [Tue Oct 22 21:41:53 2013]
  S/N: 00000022928277 [Wed Oct 23 02:56:28 2013]
  Device Parameters LastWrite: [Tue Oct 22 21:41:53 2013]
  Properties LastWrite       : [Tue Oct 22 21:41:54 2013]

VID_152E&PID_2507 [Mon Sep 23 19:14:29 2013]
  S/N: P01100109005530 [Mon Sep 23 19:21:27 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:29 2013]
  Properties LastWrite       : [Mon Sep 23 19:14:29 2013]

VID_1EC9&PID_A081 [Fri Oct 18 18:33:24 2013]
  S/N: MBA34212080313074295 [Fri Oct 18 18:43:56 2013]
  Device Parameters LastWrite: [Fri Oct 18 18:43:56 2013]
  Properties LastWrite       : [Fri Oct 18 18:33:25 2013]

VID_2047&PID_0855 [Mon Sep 23 19:14:30 2013]
  S/N: 0F73806F2E001600 [Wed Oct 23 03:58:22 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:32 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 7&397bac5&1

VID_8087&PID_0024 [Mon Sep 23 19:14:30 2013]
  S/N: 5&1a59d89a&1&1 [Wed Oct 23 02:56:16 2013]
  Device Parameters LastWrite: [Tue Oct  1 14:15:07 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]
    ParentIdPrefix: 6&b2dbb92&0
  S/N: 5&294335c8&1&1 [Wed Oct 23 02:56:16 2013]
  Device Parameters LastWrite: [Tue Oct  1 14:15:07 2013]
  Properties LastWrite       : [Mon Sep 23 19:47:16 2013]

VID_058F&PID_6366
LastWrite: Sun Oct 13 09:03:24 2013
  SN       : 058F63666438
  LastWrite: Sun Oct 13 09:03:25 2013

VID_090C&PID_1000
LastWrite: Mon Oct 21 18:46:16 2013
  SN       : AA04012700011123
  LastWrite: Mon Oct 21 20:11:48 2013

VID_090C&PID_1000
LastWrite: Mon Oct 21 18:46:16 2013
  SN       : AA04012700013494
  LastWrite: Fri Oct 18 18:32:25 2013

VID_1058&PID_0702
LastWrite: Fri Oct 18 18:32:18 2013
  SN       : 575848323038333634303334
  LastWrite: Fri Oct 18 18:33:44 2013

VID_1058&PID_0704
LastWrite: Wed Oct 23 03:09:13 2013
  SN       : 57442D5758453830385A3735373133
  LastWrite: Wed Oct 23 03:09:13 2013

VID_1221&PID_3234
LastWrite: Thu Oct 17 21:06:15 2013
  SN       : 1000000000001C37
  LastWrite: Mon Oct 21 18:45:56 2013

VID_1307&PID_0116
LastWrite: Tue Oct 22 21:41:53 2013
  SN       : 00000022928277
  LastWrite: Wed Oct 23 02:56:28 2013

VID_152E&PID_2507
LastWrite: Mon Sep 23 19:14:29 2013
  SN       : P01100109005530
  LastWrite: Mon Sep 23 19:21:27 2013

VID_1EC9&PID_A081
LastWrite: Fri Oct 18 18:33:24 2013
  SN       : MBA34212080313074295
  LastWrite: Fri Oct 18 18:43:56 2013

USBStor
ControlSet001\Enum\USBStor

CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GP08NU40&Rev_1.00 [Mon Sep 23 19:14:29 2013]
  S/N: P01100109005530&0 [Mon Sep 23 19:14:29 2013]
  Device Parameters LastWrite: [Mon Sep 23 19:14:29 2013]
  Properties LastWrite       : [Mon Sep 23 19:14:29 2013]
    FriendlyName    : HL-DT-ST DVDRAM GP08NU40 USB Device

Disk&Ven_Flash&Prod_Drive_SM_USB20&Rev_1100 [Thu Oct 17 19:28:33 2013]
  S/N: AA04012700013494&0 [Thu Oct 17 19:28:33 2013]
  Device Parameters LastWrite: [Thu Oct 17 19:28:33 2013]
  Properties LastWrite       : [Thu Oct 17 19:28:34 2013]
    FriendlyName    : Flash Drive SM_USB20 USB Device

Disk&Ven_FRESPONS&Prod_TACTICAL_Subject&Rev_0.00 [Tue Oct 22 21:41:53 2013]
  S/N: 00000022928277&0 [Tue Oct 22 21:41:53 2013]
  Device Parameters LastWrite: [Tue Oct 22 21:41:53 2013]
  Properties LastWrite       : [Tue Oct 22 21:41:54 2013]
    FriendlyName    : FRESPONS TACTICAL_Subject USB Device

Disk&Ven_MBIL_SSM&Prod_Moser_Baer_Disk&Rev_8.07 [Fri Oct 18 18:33:24 2013]
  S/N: MBA34212080313074295&0 [Fri Oct 18 18:33:24 2013]
  Device Parameters LastWrite: [Fri Oct 18 18:33:24 2013]
  Properties LastWrite       : [Fri Oct 18 18:33:25 2013]
    FriendlyName    : MBIL SSM Moser Baer Disk USB Device

Disk&Ven_Multiple&Prod_Card__Reader&Rev_1.00 [Sun Oct 13 09:03:25 2013]
  S/N: 058F63666438&0 [Sun Oct 13 09:03:25 2013]
  Device Parameters LastWrite: [Sun Oct 13 09:03:25 2013]
  Properties LastWrite       : [Sun Oct 13 09:03:25 2013]
    FriendlyName    : Multiple Card  Reader USB Device

Disk&Ven_SMI&Prod_USB_DISK&Rev_1100 [Mon Oct 21 18:46:16 2013]
  S/N: AA04012700011123&0 [Mon Oct 21 18:46:16 2013]
  Device Parameters LastWrite: [Mon Oct 21 18:46:16 2013]
  Properties LastWrite       : [Mon Oct 21 18:46:17 2013]
    FriendlyName    : SMI USB DISK USB Device

Disk&Ven_USB2.0&Prod_Flash_Disk&Rev_2.10 [Thu Oct 17 21:06:15 2013]
  S/N: 1000000000001C37&0 [Thu Oct 17 21:06:15 2013]
  Device Parameters LastWrite: [Thu Oct 17 21:06:15 2013]
  Properties LastWrite       : [Thu Oct 17 21:06:16 2013]
    FriendlyName    : USB2.0 Flash Disk USB Device

Disk&Ven_WD&Prod_1600BEV_External&Rev_1.04 [Fri Oct 18 18:32:18 2013]
  S/N: 575848323038333634303334&0 [Fri Oct 18 18:32:18 2013]
  Device Parameters LastWrite: [Fri Oct 18 18:32:18 2013]
  Properties LastWrite       : [Fri Oct 18 18:32:19 2013]
    FriendlyName    : WD 1600BEV External USB Device

Disk&Ven_WD&Prod_2500BMV_External&Rev_1.75 [Wed Oct 23 03:09:13 2013]
  S/N: 57442D5758453830385A3735373133&0 [Wed Oct 23 03:09:13 2013]
  Device Parameters LastWrite: [Wed Oct 23 03:09:13 2013]
  Properties LastWrite       : [Wed Oct 23 03:09:14 2013]
    FriendlyName    : WD 2500BMV External USB Device

====================================================
SERVICES STARTING AT BOOT (START KEY = 2)
====================================================
ControlSet001\Services
Lists services/drivers in Services key by LastWrite times

Wed Oct 23 10:56:23 2013Z
  Name      = BITS
  Display   = @%SystemRoot%\system32\qmgr.dll,-1000
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

Wed Oct 23 03:17:21 2013Z
  Name      = WSDPrintDevice
  Display   = @WSDPrint.Inf,%WSDPrintDevice.SVCDESC%
  ImagePath = WSD Print Support
  Type      = \SystemRoot\System32\drivers\WSDPrint.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = WSDScan
  Display   = @sti.inf,%WSDScan.SvcDesc%
  ImagePath = WSD Scan Support
  Type      = \SystemRoot\system32\DRIVERS\WSDScan.sys
  Start     = Kernel driver
  Group     = Manual;Base

Wed Oct 23 02:58:22 2013Z
  Name      = mfeapfk
  Display   = McAfee Inc. mfeapfk
  ImagePath = system32\drivers\mfeapfk.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

Wed Oct 23 02:56:58 2013Z
  Name      = MSPQM
  Display   = @ksfilter.inf,%MSPQM.DeviceDesc%
  ImagePath = Microsoft Streaming Quality Manager Proxy
  Type      = \SystemRoot\system32\drivers\MSPQM.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Wed Oct 23 02:56:29 2013Z
  Name      = WpdUpFltr
  Display   = @%systemroot%\System32\drivers\WpdUpFltr.sys,-100
  ImagePath = System32\drivers\WpdUpFltr.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = PnP Filter

  Name      = WUDFWpdFs
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

Wed Oct 23 02:56:28 2013Z
  Name      = USBSTOR
  Display   = @usbstor.inf,%USBSTOR.SvcDesc%
  ImagePath = USB Mass Storage Driver
  Type      = \SystemRoot\System32\drivers\USBSTOR.SYS
  Start     = Kernel driver
  Group     = Manual;

Wed Oct 23 02:56:23 2013Z
  Name      = tunnel
  Display   = @nettun.inf,%TUNNEL.Service.DisplayName%
  ImagePath = Microsoft Tunnel Miniport Adapter Driver
  Type      = \SystemRoot\system32\DRIVERS\tunnel.sys
  Start     = Kernel driver
  Group     = Manual;NDIS

Wed Oct 23 02:56:21 2013Z
  Name      = BthEnum
  Display   = @bth.inf,%BthEnum.SVCDESC%
  ImagePath = Bluetooth Enumerator Service
  Type      = \SystemRoot\System32\drivers\BthEnum.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = BthLEEnum
  Display   = @bthleenum.inf,%BthLEEnum.SVCDESC%
  ImagePath = Bluetooth Low Energy Driver
  Type      = \SystemRoot\system32\DRIVERS\BthLEEnum.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = BthPan
  Display   = @bthpan.inf,%BthPan.DisplayName%
  ImagePath = Bluetooth Device (Personal Area Network)
  Type      = \SystemRoot\system32\DRIVERS\bthpan.sys
  Start     = Kernel driver
  Group     = Manual;NDIS

  Name      = RFCOMM
  Display   = @tdibth.inf,%RFCOMM.DisplayName%
  ImagePath = Bluetooth Device (RFCOMM Protocol TDI)
  Type      = \SystemRoot\System32\drivers\rfcomm.sys
  Start     = Kernel driver
  Group     = Manual;PNP_TDI

Wed Oct 23 02:56:20 2013Z
  Name      = SensorsServiceDriver
  Display   = @sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%
  ImagePath = UMDF Reflector service for SensorsServiceDriver
  Type      = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = TabletInputService
  Display   = @%SystemRoot%\system32\TabSvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = PlugPlay

  Name      = vwifimp
  Display   = @%SystemRoot%\System32\drivers\vwifimp.sys,-261
  ImagePath = \SystemRoot\system32\DRIVERS\vwifimp.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = NDIS

Wed Oct 23 02:56:18 2013Z
  Name      = RSUSBVSTOR
  Display   = @oem63.inf,%RSUSBVSTOR.SvcDesc%
  ImagePath = RtsUVStor.Sys Realtek USB Card Reader
  Type      = \SystemRoot\System32\Drivers\RtsUVStor.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = rtsuvc
  Display   = @oem17.inf,%rtsuvc.DeviceDesc%
  ImagePath = Lenovo EasyCamera
  Type      = \SystemRoot\system32\DRIVERS\rtsuvc.sys
  Start     = Kernel driver
  Group     = Manual;

Wed Oct 23 02:56:17 2013Z
  Name      = RtlWlanu
  Display   = @netrtwlanu.inf,%RtlWlanu.DeviceDesc.DispName%
  ImagePath = Realtek Wireless LAN 802.11n USB 2.0 Network Adapter
  Type      = \SystemRoot\system32\DRIVERS\rtwlanu.sys
  Start     = Kernel driver
  Group     = Manual;NDIS

  Name      = vwifibus
  Display   = @%SystemRoot%\System32\drivers\vwifibus.sys,-257
  ImagePath = \SystemRoot\System32\drivers\vwifibus.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

Wed Oct 23 02:56:16 2013Z
  Name      = BasicDisplay
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\BasicDisplay.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = Video

  Name      = BTHUSB
  Display   = @bth.inf,%BTHUSB.SvcDesc%
  ImagePath = Bluetooth Radio USB Driver
  Type      = \SystemRoot\System32\Drivers\BTHUSB.sys
  Start     = Kernel driver
  Group     = Manual;PNP Filter

  Name      = HidUsb
  Display   = @input.inf,%HID.SvcDesc%
  ImagePath = Microsoft HID Class Driver
  Type      = \SystemRoot\System32\drivers\hidusb.sys
  Start     = Kernel driver
  Group     = Manual;extended base

  Name      = mfeavfk
  Display   = McAfee Inc. mfeavfk
  ImagePath = system32\drivers\mfeavfk.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = mfefirek
  Display   = McAfee Inc. mfefirek
  ImagePath = system32\drivers\mfefirek.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = monitor
  Display   = @monitor.inf,%Monitor.SVCDESC%
  ImagePath = Microsoft Monitor Class Function Driver Service
  Type      = \SystemRoot\System32\drivers\monitor.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = RtkBtFilter
  Display   = @oem47.inf,%BtFilt.SvcDesc%
  ImagePath = Realtek Bluetooth Filter Driver
  Type      = \SystemRoot\system32\DRIVERS\RtkBtfilter.sys
  Start     = Kernel driver
  Group     = Manual;PNP Filter

  Name      = SensorsHIDClassDriver
  Display   = @sensorshidclassdriver.inf,%WudfSensorsHIDClassDriverDisplayName%
  ImagePath = UMDF Reflector service for SensorsHIDClassDriver
  Type      = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = usbccgp
  Display   = @usb.inf,%GenericParent.SvcDesc%
  ImagePath = Microsoft USB Generic Parent Driver
  Type      = \SystemRoot\System32\drivers\usbccgp.sys
  Start     = Kernel driver
  Group     = Manual;Base

Wed Oct 23 02:56:15 2013Z
  Name      = CnxtHdAudService
  Display   = @oem44.inf,%UAAFunctionDriverForHdAudio.SvcDesc%
  ImagePath = Conexant UAA Function Driver for High Definition Audio Service
  Type      = \SystemRoot\system32\drivers\CHDRT64.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = IntcDAud
  Display   = @oem35.inf,%IntcDAud.SvcDesc%
  ImagePath = Intel(R) Display Audio
  Type      = \SystemRoot\system32\DRIVERS\IntcDAud.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = ksthunk
  Display   = Kernel Streaming Thunks
  ImagePath = \SystemRoot\system32\drivers\ksthunk.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = PNP Filter

  Name      = usbhub
  Display   = @usbport.inf,%ROOTHUB.SvcDesc%
  ImagePath = Microsoft USB Standard Hub Driver
  Type      = \SystemRoot\System32\drivers\usbhub.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = USBHUB3
  Display   = @usbhub3.inf,%UsbHub3.SVCDESC%
  ImagePath = SuperSpeed Hub
  Type      = \SystemRoot\System32\drivers\UsbHub3.sys
  Start     = Kernel driver
  Group     = Manual;Base

Wed Oct 23 02:56:12 2013Z
  Name      = mssmbios
  Display   = @mssmbios.inf,%mssmbios_svcdesc%
  ImagePath = Microsoft System Management BIOS Driver
  Type      = \SystemRoot\System32\drivers\mssmbios.sys
  Start     = Kernel driver
  Group     = System Start;

Wed Oct 23 02:56:11 2013Z
  Name      = ACPI
  Display   = @acpi.inf,%ACPI.SvcDesc%
  ImagePath = Microsoft ACPI Driver
  Type      = System32\drivers\ACPI.sys
  Start     = Kernel driver
  Group     = Boot Start;Core

  Name      = acpials
  Display   = @sensorsalsdriver.inf,%kbfiltr.SvcDesc%
  ImagePath = ALS Sensor Filter
  Type      = \SystemRoot\system32\DRIVERS\acpials.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = BasicRender
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\BasicRender.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = Video

  Name      = CmBatt
  Display   = @cmbatt.inf,%CmBatt.SvcDesc%
  ImagePath = Microsoft ACPI Control Method Battery Driver
  Type      = \SystemRoot\System32\drivers\CmBatt.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = CompositeBus
  Display   = @CompositeBus.inf,%CompositeBus.SVCDESC%
  ImagePath = Composite Bus Enumerator Driver
  Type      = \SystemRoot\System32\drivers\CompositeBus.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = disk
  Display   = @disk.inf,%disk_ServiceDesc%
  ImagePath = Disk Driver
  Type      = System32\drivers\disk.sys
  Start     = Kernel driver
  Group     = Boot Start;

  Name      = DptfDevPch
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\DptfDevPch.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = DptfDevProc
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\DptfDevProc.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = DptfManager
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\DptfManager.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = EhStorClass
  Display   = @%SystemRoot%\system32\drivers\EhStorClass.sys,-100
  ImagePath = System32\drivers\EhStorClass.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Class

  Name      = fvevol
  Display   = @%SystemRoot%\system32\drivers\fvevol.sys,-100
  ImagePath = System32\DRIVERS\fvevol.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = PnP Filter

  Name      = HDAudBus
  Display   = @hdaudbus.inf,%HDAudBus.SVCDESC%
  ImagePath = Microsoft UAA Bus Driver for High Definition Audio
  Type      = \SystemRoot\System32\drivers\HDAudBus.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = i8042prt
  Display   = @msmouse.inf,%i8042prt.SvcDesc%
  ImagePath = PS/2 Keyboard and Mouse Port Driver
  Type      = \SystemRoot\System32\drivers\i8042prt.sys
  Start     = Kernel driver
  Group     = Manual;Keyboard Port

  Name      = iaStorA
  Display   = 
  ImagePath = System32\drivers\iaStorA.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI miniport

  Name      = igfx
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\igdkmd64.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Video

  Name      = intelppm
  Display   = @cpu.inf,%IntelPPM.SvcDesc%
  ImagePath = Intel Processor Driver
  Type      = \SystemRoot\System32\drivers\intelppm.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = iwdbus
  Display   = @oem77.inf,%iwdbus.SVCDESC%
  ImagePath = IWD Bus Enumerator
  Type      = \SystemRoot\System32\drivers\iwdbus.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = kbdclass
  Display   = @keyboard.inf,%kbdclass.SvcDesc%
  ImagePath = Keyboard Class Driver
  Type      = \SystemRoot\System32\drivers\kbdclass.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = kdnic
  Display   = @kdnic.inf,%KdNic.Service.DispName%
  ImagePath = Microsoft Kernel Debug Network Miniport (NDIS 6.20)
  Type      = \SystemRoot\system32\DRIVERS\kdnic.sys
  Start     = Kernel driver
  Group     = Manual;NDIS

  Name      = MEIx64
  Display   = @oem51.inf,%HECI_SvcDesc%
  ImagePath = Intel(R) Management Engine Interface 
  Type      = \SystemRoot\System32\drivers\HECIx64.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = mouclass
  Display   = @msmouse.inf,%mouclass.SvcDesc%
  ImagePath = Mouse Class Driver
  Type      = \SystemRoot\System32\drivers\mouclass.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = msgpiowin32
  Display   = @msgpiowin32.inf,%GPIO.SvcDesc%
  ImagePath = Common Driver for Buttons, DockMode and Laptop/Slate Indicator
  Type      = \SystemRoot\System32\drivers\msgpiowin32.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = msisadrv
  Display   = 
  ImagePath = System32\drivers\msisadrv.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Boot Bus Extender

  Name      = NdisVirtualBus
  Display   = @%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200
  ImagePath = \SystemRoot\System32\drivers\NdisVirtualBus.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = partmgr
  Display   = @%SystemRoot%\system32\drivers\partmgr.sys,-100
  ImagePath = System32\drivers\partmgr.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Boot Bus Extender

  Name      = pci
  Display   = @machine.inf,%pci_svcdesc%
  ImagePath = PCI Bus Driver
  Type      = System32\drivers\pci.sys
  Start     = Kernel driver
  Group     = Boot Start;Boot Bus Extender

  Name      = rdpbus
  Display   = @rdpbus.inf,%rdpbus_svcdesc%
  ImagePath = Remote Desktop Device Redirector Bus Driver
  Type      = \SystemRoot\System32\drivers\rdpbus.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = rdyboost
  Display   = ReadyBoost
  ImagePath = System32\drivers\rdyboost.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = PnP Filter

  Name      = SensorsAlsDriver
  Display   = @sensorsalsdriver.inf,%WudfSensorsAlsDriverDisplayName%
  ImagePath = UMDF Reflector service for SensorsAlsDriver
  Type      = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = SmbDrvI
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = spaceport
  Display   = @spaceport.inf,%Spaceport_ServiceDesc%
  ImagePath = Storage Spaces Driver
  Type      = System32\drivers\spaceport.sys
  Start     = Kernel driver
  Group     = Boot Start;System Bus Extender

  Name      = swenum
  Display   = @swenum.inf,%SWENUM.SVCDESC%
  ImagePath = Software Bus Driver
  Type      = \SystemRoot\System32\drivers\swenum.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = SynTP
  Display   = @oem42.inf,%SynTP.SvcDesc%
  ImagePath = Synaptics TouchPad Driver
  Type      = \SystemRoot\system32\DRIVERS\SynTP.sys
  Start     = Kernel driver
  Group     = Manual;Pointer Port

  Name      = umbus
  Display   = @umbus.inf,%umbus.SVCDESC%
  ImagePath = UMBus Enumerator Driver
  Type      = \SystemRoot\System32\drivers\umbus.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = usbehci
  Display   = @usbport.inf,%EHCIMP.SvcDesc%
  ImagePath = Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
  Type      = \SystemRoot\System32\drivers\usbehci.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = USBXHCI
  Display   = @usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%
  ImagePath = USB xHCI Compliant Host Controller
  Type      = \SystemRoot\System32\drivers\USBXHCI.SYS
  Start     = Kernel driver
  Group     = Manual;

  Name      = vdrvroot
  Display   = @vdrvroot.inf,%vdrvroot_svcdesc%
  ImagePath = Microsoft Virtual Drive Enumerator
  Type      = System32\drivers\vdrvroot.sys
  Start     = Kernel driver
  Group     = Boot Start;Boot Bus Extender

  Name      = volmgr
  Display   = @volmgr.inf,%volmgr_svcdesc%
  ImagePath = Volume Manager Driver
  Type      = System32\drivers\volmgr.sys
  Start     = Kernel driver
  Group     = Boot Start;System Bus Extender

  Name      = volsnap
  Display   = @volume.inf,%VolumeClassName%
  ImagePath = Storage volumes
  Type      = System32\drivers\volsnap.sys
  Start     = Kernel driver
  Group     = Boot Start;

  Name      = Wdf01000
  Display   = @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
  ImagePath = system32\drivers\Wdf01000.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = WdfLoadGroup

  Name      = WmiAcpi
  Display   = @wmiacpi.inf,%WMIMAP.SvcDesc%
  ImagePath = Microsoft Windows Management Interface for ACPI
  Type      = \SystemRoot\System32\drivers\wmiacpi.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Tue Oct 22 21:42:41 2013Z
  Name      = Mnemosyne
  Display   = Mnemosyne
  ImagePath = \??\E:\TACTICAL Subject\sys\Mnemosyne_x64.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

Tue Oct 22 16:23:28 2013Z
  Name      = terminpt
  Display   = @termmou.inf,%TermInpt.SVCDESC%
  ImagePath = Microsoft Remote Desktop Input Driver
  Type      = \SystemRoot\System32\drivers\terminpt.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Mon Oct 21 18:50:09 2013Z
  Name      = BDESVC
  Display   = @%SystemRoot%\system32\bdesvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

Mon Oct 21 18:30:23 2013Z
  Name      = WUDFSensorLP
  Display   = @locationprovider.inf,%WudfLocationProviderDisplayName%
  ImagePath = UMDF Reflector service for LocationProvider
  Type      = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Start     = Kernel driver
  Group     = Manual;Base

Sun Oct 20 22:24:31 2013Z
  Name      = WdBoot
  Display   = @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390
  ImagePath = system32\drivers\WdBoot.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Early-Launch

Sun Oct 20 22:24:30 2013Z
  Name      = WdFilter
  Display   = @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330
  ImagePath = system32\drivers\WdFilter.sys
  Type      = File system driver
  Start     = Boot Start
  Group     = FSFilter Anti-Virus

  Name      = WinDefend
  Display   = @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310
  ImagePath = "%ProgramFiles%\Windows Defender\MsMpEng.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Sat Oct 19 19:40:15 2013Z
  Name      = WinUsb
  Display   = @winusb.inf,%WINUSB_SvcDesc%
  ImagePath = WinUsb Driver
  Type      = \SystemRoot\system32\DRIVERS\WinUsb.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = WUDFWpdMtp
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\WUDFRd.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

Sat Oct 19 10:57:46 2013Z
  Name      = UmPass
  Display   = @umpass.inf,%UmPass.SVCDESC%
  ImagePath = Microsoft UMPass Driver
  Type      = \SystemRoot\System32\drivers\umpass.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Sat Oct 19 03:04:30 2013Z
  Name      = cphs
  Display   = Intel(R) Content Protection HECI Service
  ImagePath = %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

Sat Oct 19 02:42:16 2013Z
  Name      = TrustedInstaller
  Display   = @%SystemRoot%\servicing\TrustedInstaller.exe,-100
  ImagePath = %SystemRoot%\servicing\TrustedInstaller.exe
  Type      = Own_Process
  Start     = Manual
  Group     = ProfSvc_Group

Sat Oct 19 02:06:32 2013Z
  Name      = drmkaud
  Display   = @wdmaudio.inf,%drmkaud.SvcDesc%
  ImagePath = Microsoft Trusted Audio Drivers
  Type      = \SystemRoot\system32\drivers\drmkaud.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = MSTEE
  Display   = @ksfilter.inf,%MSTEE.DeviceDesc%
  ImagePath = Microsoft Streaming Tee/Sink-to-Sink Converter
  Type      = \SystemRoot\system32\drivers\MSTEE.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Sat Oct 19 02:06:31 2013Z
  Name      = intaud_WaveExtensible
  Display   = @oem76.inf,%INTAUD_WEX.SvcDesc%
  ImagePath = Intel WiDi Audio Device
  Type      = \SystemRoot\system32\drivers\intelaud.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = MSKSSRV
  Display   = @ksfilter.inf,%MSKSSRV.DeviceDesc%
  ImagePath = Microsoft Streaming Service Proxy
  Type      = \SystemRoot\system32\drivers\MSKSSRV.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = MSPCLOCK
  Display   = @ksfilter.inf,%MSPCLOCK.DeviceDesc%
  ImagePath = Microsoft Streaming Clock Proxy
  Type      = \SystemRoot\system32\drivers\MSPCLOCK.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

Sat Oct 19 01:50:48 2013Z
  Name      = intelpep
  Display   = @intelpep.inf,%INTELPEP.SVCDESC%
  ImagePath = Intel(R) Power Engine Plug-in Driver
  Type      = System32\drivers\intelpep.sys
  Start     = Kernel driver
  Group     = Boot Start;

  Name      = sdbus
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\sdbus.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = System Bus Extender

Fri Oct 18 02:09:09 2013Z
  Name      = USBAAPL64
  Display   = @oem74.inf,%USBAAPL64.SvcDesc%
  ImagePath = Apple Mobile USB Driver
  Type      = \SystemRoot\System32\Drivers\usbaapl64.sys
  Start     = Kernel driver
  Group     = Manual;Base

Sun Oct 13 10:31:35 2013Z
  Name      = ICCS
  Display   = Intel(R) Integrated Clock Controller Service - Intel(R) ICCS
  ImagePath = "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
  Type      = Own_Process
  Start     = Manual
  Group     = 

Sun Oct 13 08:48:01 2013Z
  Name      = EFS
  Display   = @%SystemRoot%\system32\efssvc.dll,-100
  ImagePath = %SystemRoot%\System32\lsass.exe
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

Sat Oct  5 20:35:54 2013Z
  Name      = iPod Service
  Display   = iPod Service
  ImagePath = "C:\Program Files\iPod\bin\iPodService.exe"
  Type      = Own_Process
  Start     = Manual
  Group     = 

Tue Oct  1 18:51:40 2013Z
  Name      = WMPNetworkSvc
  Display   = @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
  ImagePath = "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Tue Oct  1 18:51:20 2013Z
  Name      = HomeGroupListener
  Display   = @%SystemRoot%\System32\ListSvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

Tue Oct  1 18:48:13 2013Z
  Name      = fhsvc
  Display   = @%systemroot%\system32\fhsvc.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 20:49:29 2013Z
  Name      = EventLog
  Display   = @%SystemRoot%\system32\wevtsvc.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = Event Log

Mon Sep 23 20:24:05 2013Z
  Name      = OfficeSvc
  Display   = Microsoft Office Service
  ImagePath = C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 20:23:20 2013Z
  Name      = ose
  Display   = Office  Source Engine
  ImagePath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
  Type      = Own_Process
  Start     = Manual
  Group     = 

Mon Sep 23 20:11:52 2013Z
  Name      = ose64
  Display   = Office 64 Source Engine
  ImagePath = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
  Type      = Own_Process
  Start     = Manual
  Group     = 

Mon Sep 23 19:51:20 2013Z
  Name      = ialm
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

Mon Sep 23 19:48:38 2013Z
  Name      = CSC
  Display   = @%systemroot%\system32\cscsvc.dll,-202
  ImagePath = system32\drivers\csc.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = network

  Name      = CscService
  Display   = @%systemroot%\system32\cscsvc.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = ProfSvc_Group

Mon Sep 23 19:24:27 2013Z
  Name      = stisvc
  Display   = @%SystemRoot%\system32\wiaservc.dll,-9
  ImagePath = %SystemRoot%\system32\svchost.exe -k imgsvc
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 19:24:26 2013Z
  Name      = Netlogon
  Display   = @%SystemRoot%\System32\netlogon.dll,-102
  ImagePath = %systemroot%\system32\lsass.exe
  Type      = Share_Process
  Start     = Manual
  Group     = MS_WindowsRemoteValidation

  Name      = wuauserv
  Display   = @%systemroot%\system32\wuaueng.dll,-105
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

Mon Sep 23 19:24:08 2013Z
  Name      = LanmanWorkstation
  Display   = @%systemroot%\system32\wkssvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Auto Start
  Group     = NetworkProvider

  Name      = PeerDistSvc
  Display   = @%SystemRoot%\system32\peerdistsvc.dll,-9000
  ImagePath = %SystemRoot%\System32\svchost.exe -k PeerDist
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Schedule
  Display   = @%SystemRoot%\system32\schedsvc.dll,-100
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = SchedulerGroup

  Name      = VSS
  Display   = @%systemroot%\system32\vssvc.exe,-102
  ImagePath = %systemroot%\system32\vssvc.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = WdNisSvc
  Display   = @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320
  ImagePath = "%ProgramFiles%\Windows Defender\NisSrv.exe"
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = wscsvc
  Display   = @%SystemRoot%\System32\wscsvc.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = WSearch
  Display   = @%systemroot%\system32\SearchIndexer.exe,-103
  ImagePath = %systemroot%\system32\SearchIndexer.exe /Embedding
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 19:23:56 2013Z
  Name      = MSDTC
  Display   = @comres.dll,-2797
  ImagePath = %SystemRoot%\System32\msdtc.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

Mon Sep 23 19:23:41 2013Z
  Name      = Intel Storage Counters
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = MSDTC Bridge 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = MSDTC Bridge 4.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = ServiceModelEndpoint 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = ServiceModelOperation 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = ServiceModelService 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = SMSvcHost 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = SMSvcHost 4.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = Windows Workflow Foundation 3.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = Windows Workflow Foundation 4.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

Mon Sep 23 19:21:39 2013Z
  Name      = {0BC34999-4F58-4304-A651-86E870A12EA4}
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

Mon Sep 23 19:21:35 2013Z
  Name      = Ndisuio
  Display   = @ndisuio.inf,%NDISUIO_Desc%
  ImagePath = NDIS Usermode I/O Protocol
  Type      = \SystemRoot\system32\DRIVERS\ndisuio.sys
  Start     = Kernel driver
  Group     = Manual;NDIS

Mon Sep 23 19:21:27 2013Z
  Name      = cdrom
  Display   = @cdrom.inf,%cdrom_ServiceDesc%
  ImagePath = CD-ROM Driver
  Type      = \SystemRoot\System32\drivers\cdrom.sys
  Start     = Kernel driver
  Group     = System Start;SCSI CDROM Class

  Name      = GEARAspiWDM
  Display   = GEAR ASPI Filter Driver
  ImagePath = \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = PnP Filter

Mon Sep 23 19:20:56 2013Z
  Name      = ACPIVPC
  Display   = Lenovo Virtual Power Controller Driver
  ImagePath = \SystemRoot\System32\drivers\AcpiVpc.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = AdobeARMservice
  Display   = Adobe Acrobat Update Service
  ImagePath = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = AdobeFlashPlayerUpdateSvc
  Display   = Adobe Flash Player Update Service
  ImagePath = C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = Apple Mobile Device
  Display   = Apple Mobile Device
  ImagePath = "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = Bonjour Service
  Display   = Bonjour Service
  ImagePath = "C:\Program Files\Bonjour\mDNSResponder.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = BTDevManager
  Display   = BTDevManager
  ImagePath = C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = cfwids
  Display   = McAfee Inc. cfwids
  ImagePath = system32\drivers\cfwids.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = CxAudMsg
  Display   = Conexant Audio Message Service
  ImagePath = C:\windows\system32\CxAudMsg64.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = gupdate
  Display   = Google Update Service (gupdate)
  ImagePath = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = gupdatem
  Display   = Google Update Service (gupdatem)
  ImagePath = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = IAStorDataMgrSvc
  Display   = Intel(R) Rapid Storage Technology
  ImagePath = "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = Intel(R) Capability Licensing Service Interface
  Display   = Intel(R) Capability Licensing Service Interface
  ImagePath = "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = jhi_service
  Display   = Intel(R) Dynamic Application Loader Host Interface Service
  ImagePath = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = LMS
  Display   = Intel(R) Management and Security Application Local Management Service
  ImagePath = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = McShield
  Display   = McAfee McShield
  ImagePath = "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = mfeelamk
  Display   = McAfee Inc. mfeelamk
  ImagePath = system32\drivers\mfeelamk.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Early-Launch

  Name      = mfefire
  Display   = McAfee Firewall Core Service
  ImagePath = "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = mfehidk
  Display   = McAfee Inc. mfehidk
  ImagePath = system32\drivers\mfehidk.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = FSFilter Anti-Virus

  Name      = mferkdet
  Display   = McAfee Inc. mferkdet
  ImagePath = system32\drivers\mferkdet.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = mfevtp
  Display   = McAfee Validation Trust Protection Service
  ImagePath = "C:\windows\system32\mfevtps.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = mfewfpk
  Display   = McAfee Inc. mfewfpk
  ImagePath = system32\drivers\mfewfpk.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = NDIS

  Name      = MozillaMaintenance
  Display   = Mozilla Maintenance Service
  ImagePath = "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = Skype C2C Service
  Display   = Skype C2C Service
  ImagePath = "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = SkypeUpdate
  Display   = Skype Updater
  ImagePath = "C:\Program Files (x86)\Skype\Updater\Updater.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = UNS
  Display   = Intel(R) Management and Security Application User Notification Service
  ImagePath = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = wsvd
  Display   = wsvd
  ImagePath = \SystemRoot\system32\DRIVERS\wsvd.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = ymc
  Display   = ymc
  ImagePath = C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 19:20:48 2013Z
  Name      = DeviceAssociationService
  Display   = @%SystemRoot%\system32\das.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

Mon Sep 23 19:16:14 2013Z
  Name      = PrintNotify
  Display   = @C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll,-1
  ImagePath = %SystemRoot%\system32\svchost.exe -k print
  Type      = 0x0
  Start     = Manual
  Group     = 

Mon Sep 23 19:14:46 2013Z
  Name      = {54747FBB-D5C2-487A-A854-CE0D71AB02B0}
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

Mon Sep 23 19:14:45 2013Z
  Name      = vwififlt
  Display   = @%SystemRoot%\System32\drivers\vwififlt.sys,-259
  ImagePath = \SystemRoot\system32\DRIVERS\vwififlt.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = NDIS

Mon Sep 23 19:14:44 2013Z
  Name      = NativeWifiP
  Display   = @%SystemRoot%\System32\drivers\nwifi.sys,-101
  ImagePath = \SystemRoot\system32\DRIVERS\nwifi.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = NDIS

  Name      = WlanSvc
  Display   = @%SystemRoot%\System32\wlansvc.dll,-257
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = TDI

  Name      = {5185491C-401D-491E-8C6F-07F6AFFF1A64}
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

Mon Sep 23 19:14:38 2013Z
  Name      = BTHPORT
  Display   = @bth.inf,%BTHPORT.SvcDesc%
  ImagePath = Bluetooth Port Driver
  Type      = \SystemRoot\System32\Drivers\BTHport.sys
  Start     = Kernel driver
  Group     = Manual;PNP Filter

  Name      = HidBth
  Display   = @hidbth.inf,%HIDBTH.SvcDesc%
  ImagePath = Microsoft Bluetooth HID Miniport
  Type      = \SystemRoot\System32\drivers\hidbth.sys
  Start     = Kernel driver
  Group     = Manual;extended base

Mon Sep 23 19:14:30 2013Z
  Name      = AudioEndpointBuilder
  Display   = @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = AudioGroup

Mon Sep 23 19:14:28 2013Z
  Name      = DptfParticipantProcessorService
  Display   = @oem43.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%
  ImagePath = Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application
  Type      = %SystemRoot%\system32\DptfParticipantProcessorService.exe
  Start     = Own_Process
  Group     = Auto Start;

Mon Sep 23 19:14:18 2013Z
  Name      = DptfPolicyConfigTDPService
  Display   = @oem43.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%
  ImagePath = Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application
  Type      = %SystemRoot%\system32\DptfPolicyConfigTDPService.exe
  Start     = Own_Process
  Group     = Auto Start;

  Name      = DptfPolicyLpmService
  Display   = @oem43.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%
  ImagePath = Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application
  Type      = %SystemRoot%\system32\DptfPolicyLpmService.exe
  Start     = Own_Process
  Group     = Auto Start;

Mon Sep 23 19:14:11 2013Z
  Name      = Browser
  Display   = @%systemroot%\system32\browser.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = NetworkProvider

Mon Sep 23 19:14:08 2013Z
  Name      = .NET CLR Data
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NET CLR Networking
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NET CLR Networking 4.0.0.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NET Data Provider for Oracle
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NET Data Provider for SqlServer
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NET Memory Cache 4.0
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = .NETFramework
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = 1394ohci
  Display   = @1394.inf,%PCI\CC_0C0010.DeviceDesc%
  ImagePath = 1394 OHCI Compliant Host Controller
  Type      = \SystemRoot\System32\drivers\1394ohci.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = 3ware
  Display   = 
  ImagePath = System32\drivers\3ware.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI miniport

  Name      = acpiex
  Display   = Microsoft ACPIEx Driver
  ImagePath = System32\Drivers\acpiex.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Boot Bus Extender

  Name      = acpipagr
  Display   = @acpipagr.inf,%SvcDesc%
  ImagePath = ACPI Processor Aggregator Driver
  Type      = \SystemRoot\System32\drivers\acpipagr.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = AcpiPmi
  Display   = @acpipmi.inf,%AcpiPmi.SvcDesc%
  ImagePath = ACPI Power Meter Driver
  Type      = \SystemRoot\System32\drivers\acpipmi.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = acpitime
  Display   = @acpitime.inf,%AcpiTime.SvcDesc%
  ImagePath = ACPI Wake Alarm Driver
  Type      = \SystemRoot\System32\drivers\acpitime.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = ADP80XX
  Display   = 
  ImagePath = System32\drivers\ADP80XX.SYS
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = adsi
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = AeLookupSvc
  Display   = @%SystemRoot%\system32\aelupsvc.dll,-1
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = AFD
  Display   = @%systemroot%\system32\drivers\afd.sys,-1000
  ImagePath = \SystemRoot\system32\drivers\afd.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = PNP_TDI

  Name      = agp440
  Display   = @machine.inf,%agp440_svcdesc%
  ImagePath = Intel AGP Bus Filter
  Type      = System32\drivers\agp440.sys
  Start     = Kernel driver
  Group     = Boot Start;PnP Filter

  Name      = ahcache
  Display   = @%systemroot%\system32\drivers\ahcache.sys,-102
  ImagePath = system32\DRIVERS\ahcache.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = 

  Name      = ALG
  Display   = @%SystemRoot%\system32\Alg.exe,-112
  ImagePath = %SystemRoot%\System32\alg.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = AmdK8
  Display   = @cpu.inf,%AmdK8.SvcDesc%
  ImagePath = AMD K8 Processor Driver
  Type      = \SystemRoot\System32\drivers\amdk8.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = AmdPPM
  Display   = @cpu.inf,%AmdPPM.SvcDesc%
  ImagePath = AMD Processor Driver
  Type      = \SystemRoot\System32\drivers\amdppm.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = amdsata
  Display   = 
  ImagePath = System32\drivers\amdsata.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI miniport

  Name      = amdsbs
  Display   = 
  ImagePath = System32\drivers\amdsbs.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI miniport

  Name      = amdxata
  Display   = 
  ImagePath = System32\drivers\amdxata.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI miniport

  Name      = AppID
  Display   = @%systemroot%\system32\appidsvc.dll,-102
  ImagePath = \SystemRoot\system32\drivers\appid.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = AppIDSvc
  Display   = @%systemroot%\system32\appidsvc.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = ProfSvc_Group

  Name      = Appinfo
  Display   = @%systemroot%\system32\appinfo.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = AppMgmt
  Display   = @appmgmts.dll,-3250
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = AppReadiness
  Display   = @%SystemRoot%\System32\AppReadiness.dll,-1000
  ImagePath = %SystemRoot%\System32\svchost.exe -k AppReadiness
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = AppXSvc
  Display   = @%SystemRoot%\system32\appxdeploymentserver.dll,-1
  ImagePath = %systemroot%\system32\svchost.exe -k wsappx
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = arcsas
  Display   = @arcsas.inf,%arcsas_ServiceName%
  ImagePath = Adaptec SAS/SATA-II RAID Storport's Miniport Driver
  Type      = System32\drivers\arcsas.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI miniport

  Name      = atapi
  Display   = @mshdc.inf,%idechannel.DeviceDesc%
  ImagePath = IDE Channel
  Type      = System32\drivers\atapi.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Miniport

  Name      = Audiosrv
  Display   = @%SystemRoot%\system32\audiosrv.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = AudioGroup

  Name      = AxInstSV
  Display   = @%SystemRoot%\system32\AxInstSV.dll,-103
  ImagePath = %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = b06bdrv
  Display   = @netbvbda.inf,%vbd_srv_desc%
  ImagePath = Broadcom NetXtreme II VBD
  Type      = System32\drivers\bxvbda.sys
  Start     = Kernel driver
  Group     = Boot Start;System Bus Extender

  Name      = BattC
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = bcmfn2
  Display   = @bcmfn2.inf,%bcmfn2.SVCDESC%
  ImagePath = bcmfn2 Service
  Type      = \SystemRoot\System32\drivers\bcmfn2.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = Beep
  Display   = Beep
  ImagePath = 
  Type      = Kernel driver
  Start     = System Start
  Group     = Base

  Name      = BFE
  Display   = @%SystemRoot%\system32\bfe.dll,-1001
  ImagePath = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Auto Start
  Group     = NetworkProvider

  Name      = bowser
  Display   = @%systemroot%\system32\browser.dll,-102
  ImagePath = system32\DRIVERS\bowser.sys
  Type      = File system driver
  Start     = Manual
  Group     = Network

  Name      = BrokerInfrastructure
  Display   = @%windir%\system32\bisrv.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Auto Start
  Group     = COM Infrastructure

  Name      = BthAvrcpTg
  Display   = @bthaudhid.inf,%BthAvrcpTg_SvcDesc%
  ImagePath = Bluetooth Audio/Video Remote Control HID
  Type      = \SystemRoot\System32\drivers\BthAvrcpTg.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = BthHFEnum
  Display   = @bthhfenum.inf,%BthHFEnum.SVCDESC%
  ImagePath = Bluetooth Hands-Free Audio and Call Control HID Enumerator
  Type      = \SystemRoot\System32\drivers\bthhfenum.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = bthhfhid
  Display   = @bthaudhid.inf,%BthAudioHFHid.SVCDESC%
  ImagePath = Bluetooth Hands-Free Call Control HID
  Type      = \SystemRoot\System32\drivers\BthHFHid.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = BTHMODEM
  Display   = @bthspp.inf,%BthSerial.DisplayName%
  ImagePath = Bluetooth Serial Communications Driver
  Type      = \SystemRoot\System32\drivers\bthmodem.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = bthserv
  Display   = @%SystemRoot%\System32\bthserv.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = cdfs
  Display   = CD/DVD File System Reader
  ImagePath = system32\DRIVERS\cdfs.sys
  Type      = File system driver
  Start     = Disabled
  Group     = Boot File System

  Name      = CertPropSvc
  Display   = @%SystemRoot%\System32\certprop.dll,-11
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = circlass
  Display   = @circlass.inf,%circlass.SVCDESC%
  ImagePath = Consumer IR Devices
  Type      = \SystemRoot\System32\drivers\circlass.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = CLFS
  Display   = @%SystemRoot%\system32\drivers\clfs.sys,-100
  ImagePath = System32\drivers\CLFS.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Filter

  Name      = clr_optimization_v2.0.50727_32
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = clr_optimization_v2.0.50727_64
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = clr_optimization_v4.0.30319_32
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = clr_optimization_v4.0.30319_64
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = CNG
  Display   = 
  ImagePath = System32\Drivers\cng.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Core

  Name      = CngHwAssist
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = COMSysApp
  Display   = @comres.dll,-947
  ImagePath = %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = condrv
  Display   = Console Driver
  ImagePath = System32\drivers\condrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = crypt32
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = CryptSvc
  Display   = @%SystemRoot%\system32\cryptsvc.dll,-1001
  ImagePath = %SystemRoot%\system32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = dam
  Display   = @%SystemRoot%\system32\drivers\dam.sys,-100
  ImagePath = system32\drivers\dam.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = 

  Name      = DCLocator
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = DcomLaunch
  Display   = @combase.dll,-5012
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Auto Start
  Group     = COM Infrastructure

  Name      = defragsvc
  Display   = @%SystemRoot%\system32\defragsvc.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k defragsvc
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = DeviceInstall
  Display   = @%SystemRoot%\system32\umpnpmgr.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Manual
  Group     = PlugPlay

  Name      = Dfsc
  Display   = @%systemroot%\system32\wkssvc.dll,-1008
  ImagePath = System32\Drivers\dfsc.sys
  Type      = File system driver
  Start     = System Start
  Group     = Network

  Name      = Dhcp
  Display   = @%SystemRoot%\system32\dhcpcore.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = TDI

  Name      = dmvsc
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\dmvsc.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = Dnscache
  Display   = @%SystemRoot%\System32\dnsapi.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Auto Start
  Group     = TDI

  Name      = dot3svc
  Display   = @%systemroot%\system32\dot3svc.dll,-1102
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = TDI

  Name      = DPS
  Display   = @%systemroot%\system32\dps.dll,-500
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = DsmSvc
  Display   = @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = DXGKrnl
  Display   = LDDM Graphics Subsystem
  ImagePath = \SystemRoot\System32\drivers\dxgkrnl.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Video Init

  Name      = Eaphost
  Display   = @%systemroot%\system32\eapsvc.dll,-1
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = ebdrv
  Display   = @netevbda.inf,%vbd_srv_desc%
  ImagePath = Broadcom NetXtreme II 10 GigE VBD
  Type      = System32\drivers\evbda.sys
  Start     = Kernel driver
  Group     = Boot Start;System Bus Extender

  Name      = EhStorTcgDrv
  Display   = @ehstortcgdrv.inf,%EhStorTcgDrv.Desc%
  ImagePath = Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols
  Type      = System32\drivers\EhStorTcgDrv.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Class

  Name      = ErrDev
  Display   = @errdev.inf,%ERRDEV.SvcDesc%
  ImagePath = Microsoft Hardware Error Device Driver
  Type      = \SystemRoot\System32\drivers\errdev.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = ESENT
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = EventSystem
  Display   = @comres.dll,-2450
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = exfat
  Display   = exFAT File System Driver
  ImagePath = 
  Type      = File system driver
  Start     = Manual
  Group     = Boot File System

  Name      = fastfat
  Display   = FAT12/16/32 File System Driver
  ImagePath = 
  Type      = File system driver
  Start     = Manual
  Group     = Boot File System

  Name      = Fax
  Display   = @%systemroot%\system32\fxsresm.dll,-118
  ImagePath = %systemroot%\system32\fxssvc.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = fdc
  Display   = @fdc.inf,%fdc_ServiceDesc%
  ImagePath = Floppy Disk Controller Driver
  Type      = \SystemRoot\System32\drivers\fdc.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = fdPHost
  Display   = @%systemroot%\system32\fdPHost.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = FDResPub
  Display   = @%systemroot%\system32\fdrespub.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = FileInfo
  Display   = @%SystemRoot%\system32\drivers\fileinfo.sys,-100
  ImagePath = System32\drivers\fileinfo.sys
  Type      = File system driver
  Start     = Boot Start
  Group     = FSFilter Bottom

  Name      = Filetrace
  Display   = @%SystemRoot%\system32\drivers\filetrace.sys,-10001
  ImagePath = system32\drivers\filetrace.sys
  Type      = File system driver
  Start     = Manual
  Group     = FSFilter Activity Monitor

  Name      = flpydisk
  Display   = @flpydisk.inf,%floppy_ServiceDesc%
  ImagePath = Floppy Disk Driver
  Type      = \SystemRoot\System32\drivers\flpydisk.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = FltMgr
  Display   = @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
  ImagePath = system32\drivers\fltmgr.sys
  Type      = File system driver
  Start     = Boot Start
  Group     = FSFilter Infrastructure

  Name      = FontCache
  Display   = @%systemroot%\system32\FntCache.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Auto Start
  Group     = AudioGroup

  Name      = FontCache3.0.0.0
  Display   = @%SystemRoot%\system32\PresentationHost.exe,-3309
  ImagePath = %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = FsDepends
  Display   = @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
  ImagePath = System32\drivers\FsDepends.sys
  Type      = File system driver
  Start     = Manual
  Group     = FSFilter Top

  Name      = Fs_Rec
  Display   = 
  ImagePath = 
  Type      = 0x0
  Start     = Boot Start
  Group     = File System

  Name      = FxPPM
  Display   = @cpu.inf,%FxPPM.SvcDesc%
  ImagePath = Power Framework Processor Driver
  Type      = \SystemRoot\System32\drivers\fxppm.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = gagp30kx
  Display   = @machine.inf,%gagp30kx_svcdesc%
  ImagePath = Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
  Type      = System32\drivers\gagp30kx.sys
  Start     = Kernel driver
  Group     = Boot Start;PnP Filter

  Name      = gencounter
  Display   = @wgencounter.inf,%GenCounter.SVCDESC%
  ImagePath = Microsoft Hyper-V Generation Counter
  Type      = \SystemRoot\System32\drivers\vmgencounter.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = GPIOClx0101
  Display   = Microsoft GPIO Class Extension Driver
  ImagePath = System32\Drivers\msgpioclx.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = System Bus Extender

  Name      = gpsvc
  Display   = @gpapi.dll,-112
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = ProfSvc_Group

  Name      = HidBatt
  Display   = @hidbatt.inf,%HidBatt.SvcDesc%
  ImagePath = HID UPS Battery Driver
  Type      = \SystemRoot\System32\drivers\HidBatt.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = hidi2c
  Display   = @hidi2c.inf,%hidi2c.SVCDESC%
  ImagePath = Microsoft I2C HID Miniport Driver
  Type      = \SystemRoot\System32\drivers\hidi2c.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = HidIr
  Display   = @hidir.inf,%HIDIR.SvcDesc%
  ImagePath = Microsoft Infrared HID Driver
  Type      = \SystemRoot\System32\drivers\hidir.sys
  Start     = Kernel driver
  Group     = Manual;extended base

  Name      = hidserv
  Display   = @%SystemRoot%\System32\hidserv.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = hkmsvc
  Display   = @%SystemRoot%\system32\kmsvc.dll,-6
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = HomeGroupProvider
  Display   = @%SystemRoot%\System32\provsvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = HpSAMD
  Display   = 
  ImagePath = System32\drivers\HpSAMD.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = HTTP
  Display   = @%SystemRoot%\system32\drivers\http.sys,-1
  ImagePath = system32\drivers\HTTP.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = hwpolicy
  Display   = @%systemroot%\system32\drivers\hwpolicy.sys,-101
  ImagePath = System32\drivers\hwpolicy.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = 

  Name      = hyperkbd
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\hyperkbd.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = HyperVideo
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\HyperVideo.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Video

  Name      = iaLPSSi_GPIO
  Display   = @ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%
  ImagePath = Intel(R) Serial IO GPIO Controller Driver
  Type      = \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = iaLPSSi_I2C
  Display   = @ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%
  ImagePath = Intel(R) Serial IO I2C Controller Driver
  Type      = \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = iaStorAV
  Display   = @iastorav.inf,%iaStorAV.DeviceDesc%
  ImagePath = Intel(R) SATA RAID Controller Windows
  Type      = System32\drivers\iaStorAV.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI miniport

  Name      = iaStorV
  Display   = @iastorv.inf,%*PNP0600.DeviceDesc%
  ImagePath = Intel RAID Controller Windows 7
  Type      = System32\drivers\iaStorV.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Miniport

  Name      = IEEtwCollectorService
  Display   = @%SystemRoot%\system32\ieetwcollectorres.dll,-1000
  ImagePath = %SystemRoot%\system32\IEEtwCollector.exe /V
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = IKEEXT
  Display   = @%SystemRoot%\system32\ikeext.dll,-501
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = inetaccs
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = intelide
  Display   = 
  ImagePath = System32\drivers\intelide.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = IpFilterDriver
  Display   = @%systemroot%\system32\rascfg.dll,-32013
  ImagePath = system32\DRIVERS\ipfltdrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = iphlpsvc
  Display   = @%SystemRoot%\system32\iphlpsvc.dll,-500
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetSvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = IPMIDRV
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\IPMIDrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = IPNAT
  Display   = IP Network Address Translator
  ImagePath = System32\drivers\ipnat.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = IRENUM
  Display   = @%SystemRoot%\system32\drivers\irenum.sys,-100
  ImagePath = system32\drivers\irenum.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = isapnp
  Display   = 
  ImagePath = System32\drivers\isapnp.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Boot Bus Extender

  Name      = iScsiPrt
  Display   = @iscsi.inf,%iScsiPortName%
  ImagePath = iScsiPort Driver
  Type      = \SystemRoot\System32\drivers\msiscsi.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = kbdhid
  Display   = @keyboard.inf,%KBDHID.SvcDesc%
  ImagePath = Keyboard HID Driver
  Type      = \SystemRoot\System32\drivers\kbdhid.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = kbldfltr
  Display   = 
  ImagePath = system32\drivers\kbldfltr.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = KeyIso
  Display   = @keyiso.dll,-100
  ImagePath = %SystemRoot%\system32\lsass.exe
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = KSecDD
  Display   = 
  ImagePath = System32\Drivers\ksecdd.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Base

  Name      = KSecPkg
  Display   = 
  ImagePath = System32\Drivers\ksecpkg.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Cryptography

  Name      = KtmRm
  Display   = @comres.dll,-2946
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = LanmanServer
  Display   = @%systemroot%\system32\srvsvc.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = ldap
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = lfsvc
  Display   = @%SystemRoot%\System32\GeofenceMonitorService.dll,-1
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = lltdio
  Display   = @%SystemRoot%\system32\lltdres.dll,-6
  ImagePath = \SystemRoot\system32\DRIVERS\lltdio.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = NDIS

  Name      = lltdsvc
  Display   = @%SystemRoot%\system32\lltdres.dll,-1
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = lmhosts
  Display   = @%SystemRoot%\system32\lmhsvc.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = TDI

  Name      = Lsa
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = LSI_SAS
  Display   = 
  ImagePath = System32\drivers\lsi_sas.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = LSI_SAS2
  Display   = 
  ImagePath = System32\drivers\lsi_sas2.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = LSI_SAS3
  Display   = 
  ImagePath = System32\drivers\lsi_sas3.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = LSI_SSS
  Display   = 
  ImagePath = System32\drivers\lsi_sss.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = LSM
  Display   = @%windir%\system32\lsm.dll,-1001
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Auto Start
  Group     = COM Infrastructure

  Name      = luafv
  Display   = @%systemroot%\system32\drivers\luafv.sys,-100
  ImagePath = \SystemRoot\system32\drivers\luafv.sys
  Type      = File system driver
  Start     = Auto Start
  Group     = FSFilter Virtualization

  Name      = megasas
  Display   = 
  ImagePath = System32\drivers\megasas.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = megasr
  Display   = 
  ImagePath = System32\drivers\megasr.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = MMCSS
  Display   = @%systemroot%\system32\mmcss.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = Modem
  Display   = 
  ImagePath = system32\drivers\modem.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended base

  Name      = mouhid
  Display   = @msmouse.inf,%MOUHID.SvcDesc%
  ImagePath = Mouse HID Driver
  Type      = \SystemRoot\System32\drivers\mouhid.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = mountmgr
  Display   = @%SystemRoot%\system32\drivers\mountmgr.sys,-100
  ImagePath = System32\drivers\mountmgr.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = mpsdrv
  Display   = @%SystemRoot%\system32\FirewallAPI.dll,-23092
  ImagePath = System32\drivers\mpsdrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = network

  Name      = MpsSvc
  Display   = @%SystemRoot%\system32\FirewallAPI.dll,-23090
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Auto Start
  Group     = NetworkProvider

  Name      = MRxDAV
  Display   = @%systemroot%\system32\webclnt.dll,-104
  ImagePath = \SystemRoot\system32\drivers\mrxdav.sys
  Type      = File system driver
  Start     = Manual
  Group     = 

  Name      = mrxsmb
  Display   = @%systemroot%\system32\wkssvc.dll,-1002
  ImagePath = system32\DRIVERS\mrxsmb.sys
  Type      = File system driver
  Start     = Manual
  Group     = Network

  Name      = mrxsmb10
  Display   = @%systemroot%\system32\wkssvc.dll,-1004
  ImagePath = system32\DRIVERS\mrxsmb10.sys
  Type      = File system driver
  Start     = Auto Start
  Group     = Network

  Name      = mrxsmb20
  Display   = @%systemroot%\system32\wkssvc.dll,-1006
  ImagePath = system32\DRIVERS\mrxsmb20.sys
  Type      = File system driver
  Start     = Manual
  Group     = Network

  Name      = MsBridge
  Display   = @%SystemRoot%\system32\bridgeres.dll,-1
  ImagePath = \SystemRoot\system32\DRIVERS\bridge.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = NDIS

  Name      = Msfs
  Display   = 
  ImagePath = 
  Type      = File system driver
  Start     = System Start
  Group     = File system

  Name      = mshidkmdf
  Display   = @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
  ImagePath = \SystemRoot\System32\drivers\mshidkmdf.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = mshidumdf
  Display   = @%SystemRoot%\system32\drivers\mshidumdf.sys,-100
  ImagePath = \SystemRoot\System32\drivers\mshidumdf.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = MSiSCSI
  Display   = @%SystemRoot%\system32\iscsidsc.dll,-5000
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = iSCSI

  Name      = msiserver
  Display   = @%SystemRoot%\system32\msimsg.dll,-27
  ImagePath = %systemroot%\system32\msiexec.exe /V
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = MsKeyboardFilter
  Display   = @%SystemRoot%\system32\KeyboardFilterSvc.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Disabled
  Group     = 

  Name      = MsLldp
  Display   = @C:\Windows\system32\DRIVERS\mslldp.sys,-200
  ImagePath = \SystemRoot\system32\DRIVERS\mslldp.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = NDIS

  Name      = MsRPC
  Display   = 
  ImagePath = 
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = MSSCNTRS
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = MTConfig
  Display   = @mtconfig.inf,%MTConfig.SVCDESC%
  ImagePath = Microsoft Input Configuration Driver
  Type      = \SystemRoot\System32\drivers\MTConfig.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = Mup
  Display   = @%systemroot%\system32\drivers\mup.sys,-101
  ImagePath = System32\Drivers\mup.sys
  Type      = File system driver
  Start     = Boot Start
  Group     = Network

  Name      = mvumis
  Display   = 
  ImagePath = System32\drivers\mvumis.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = napagent
  Display   = @%SystemRoot%\system32\qagentrt.dll,-6
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = NcaSvc
  Display   = @%SystemRoot%\system32\ncasvc.dll,-3009
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetSvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = NcbService
  Display   = @%SystemRoot%\system32\ncbservice.dll,-500
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = NcdAutoSetup
  Display   = @%SystemRoot%\system32\NcdAutoSetup.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = NDIS
  Display   = @%SystemRoot%\system32\drivers\ndis.sys,-200
  ImagePath = system32\drivers\ndis.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = NDIS Wrapper

  Name      = NdisCap
  Display   = @%SystemRoot%\System32\drivers\ndiscap.sys,-5000
  ImagePath = \SystemRoot\system32\DRIVERS\ndiscap.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = NDIS

  Name      = NdisImPlatform
  Display   = @%SystemRoot%\System32\drivers\ndisimplatform.sys,-501
  ImagePath = \SystemRoot\system32\DRIVERS\NdisImPlatform.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = NdisTapi
  Display   = @%systemroot%\system32\rascfg.dll,-32001
  ImagePath = \SystemRoot\system32\DRIVERS\ndistapi.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = NdisWan
  Display   = @%systemroot%\system32\rascfg.dll,-32002
  ImagePath = \SystemRoot\system32\DRIVERS\ndiswan.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = NdisWanLegacy
  Display   = @%systemroot%\system32\rascfg.dll,-32014
  ImagePath = \SystemRoot\system32\DRIVERS\ndiswan.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = NDProxy
  Display   = NDIS Proxy
  ImagePath = 
  Type      = Kernel driver
  Start     = Manual
  Group     = PNP_TDI

  Name      = Ndu
  Display   = @%SystemRoot%\system32\drivers\Ndu.sys,-10001
  ImagePath = system32\drivers\Ndu.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = 

  Name      = NetBIOS
  Display   = @netnb.inf,%NetBIOS_Desc%
  ImagePath = NetBIOS Interface
  Type      = system32\DRIVERS\netbios.sys
  Start     = File system driver
  Group     = System Start;NetBIOSGroup

  Name      = NetBT
  Display   = @%SystemRoot%\system32\drivers\netbt.sys,-2
  ImagePath = System32\DRIVERS\netbt.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = PNP_TDI

  Name      = Netman
  Display   = @%SystemRoot%\system32\netman.dll,-109
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = netprofm
  Display   = @%SystemRoot%\system32\netprofmsvc.dll,-202
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = NetTcpPortSharing
  Display   = @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
  ImagePath = %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
  Type      = Share_Process
  Start     = Disabled
  Group     = 

  Name      = netvsc
  Display   = 
  ImagePath = \SystemRoot\system32\DRIVERS\netvsc63.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = NlaSvc
  Display   = @%SystemRoot%\System32\nlasvc.dll,-1
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = Npfs
  Display   = 
  ImagePath = 
  Type      = File system driver
  Start     = System Start
  Group     = File system

  Name      = npsvctrig
  Display   = @npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%
  ImagePath = Named pipe service trigger provider
  Type      = \SystemRoot\System32\drivers\npsvctrig.sys
  Start     = Kernel driver
  Group     = System Start;

  Name      = nsi
  Display   = @%SystemRoot%\system32\nsisvc.dll,-200
  ImagePath = %systemroot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = nsiproxy
  Display   = @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
  ImagePath = system32\drivers\nsiproxy.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = 

  Name      = NTDS
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = Ntfs
  Display   = 
  ImagePath = 
  Type      = File system driver
  Start     = Manual
  Group     = Boot File System

  Name      = Null
  Display   = 
  ImagePath = 
  Type      = Kernel driver
  Start     = System Start
  Group     = Base

  Name      = nvraid
  Display   = 
  ImagePath = System32\drivers\nvraid.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = nvstor
  Display   = 
  ImagePath = System32\drivers\nvstor.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = nv_agp
  Display   = @machine.inf,%agpnvidia_svcdesc%
  ImagePath = NVIDIA nForce AGP Bus Filter
  Type      = System32\drivers\nv_agp.sys
  Start     = Kernel driver
  Group     = Boot Start;PnP Filter

  Name      = p2pimsvc
  Display   = @%SystemRoot%\system32\pnrpsvc.dll,-8004
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = p2psvc
  Display   = @%SystemRoot%\system32\p2psvc.dll,-8006
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Parport
  Display   = @msports.inf,%Parport.SVCDESC%
  ImagePath = Parallel port driver
  Type      = \SystemRoot\System32\drivers\parport.sys
  Start     = Kernel driver
  Group     = Manual;Parallel arbitrator

  Name      = PcaSvc
  Display   = @%SystemRoot%\system32\pcasvc.dll,-1
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = pciide
  Display   = 
  ImagePath = System32\drivers\pciide.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = pcmcia
  Display   = 
  ImagePath = System32\drivers\pcmcia.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = pcw
  Display   = Performance Counters for Windows Driver
  ImagePath = System32\drivers\pcw.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Base

  Name      = pdc
  Display   = @%SystemRoot%\system32\drivers\pdc.sys,-100
  ImagePath = system32\drivers\pdc.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Boot Bus Extender

  Name      = PEAUTH
  Display   = PEAUTH
  ImagePath = system32\drivers\peauth.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = 

  Name      = PerfDisk
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = PerfHost
  Display   = @%systemroot%\sysWow64\perfhost.exe,-2
  ImagePath = %SystemRoot%\SysWow64\perfhost.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = PerfNet
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = PerfOS
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = PerfProc
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = pla
  Display   = @%systemroot%\system32\pla.dll,-500
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = PlugPlay
  Display   = @%SystemRoot%\system32\umpnpmgr.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Manual
  Group     = PlugPlay

  Name      = PNRPAutoReg
  Display   = @%SystemRoot%\system32\pnrpauto.dll,-8002
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = PNRPsvc
  Display   = @%SystemRoot%\system32\pnrpsvc.dll,-8000
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = PolicyAgent
  Display   = @%SystemRoot%\System32\polstore.dll,-5010
  ImagePath = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = PortProxy
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = Power
  Display   = @%SystemRoot%\system32\umpo.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Auto Start
  Group     = Plugplay

  Name      = Processor
  Display   = @cpu.inf,%Processor.SvcDesc%
  ImagePath = Processor Driver
  Type      = \SystemRoot\System32\drivers\processr.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = ProfSvc
  Display   = @%systemroot%\system32\profsvc.dll,-300
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = profsvc_group

  Name      = Psched
  Display   = @%SystemRoot%\System32\drivers\pacer.sys,-101
  ImagePath = \SystemRoot\system32\DRIVERS\pacer.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = NDIS

  Name      = QWAVE
  Display   = @%SystemRoot%\system32\qwave.dll,-1
  ImagePath = %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = QWAVEdrv
  Display   = @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
  ImagePath = \SystemRoot\system32\drivers\qwavedrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = RasAcd
  Display   = Remote Access Auto Connection Driver
  ImagePath = System32\DRIVERS\rasacd.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Streams Drivers

  Name      = RasAuto
  Display   = @%Systemroot%\system32\rasauto.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = RasMan
  Display   = @%Systemroot%\system32\rasmans.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = RasPppoe
  Display   = @%systemroot%\system32\rascfg.dll,-32007
  ImagePath = \SystemRoot\system32\DRIVERS\raspppoe.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = rdbss
  Display   = @%systemroot%\system32\wkssvc.dll,-1000
  ImagePath = system32\DRIVERS\rdbss.sys
  Type      = File system driver
  Start     = System Start
  Group     = Network

  Name      = RDMANDK
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = RDPDR
  Display   = @%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100
  ImagePath = System32\drivers\rdpdr.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = RDPNP
  Display   = @%systemroot%\system32\drprov.dll,-100
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = RDPUDD
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = RdpVideoMiniport
  Display   = Remote Desktop Video Miniport Driver
  ImagePath = System32\drivers\rdpvideominiport.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = ReFS
  Display   = 
  ImagePath = 
  Type      = File system driver
  Start     = Manual
  Group     = Boot File System

  Name      = RegFilter
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = RemoteAccess
  Display   = @%Systemroot%\system32\mprdim.dll,-200
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Disabled
  Group     = 

  Name      = RemoteRegistry
  Display   = @regsvc.dll,-1
  ImagePath = %SystemRoot%\system32\svchost.exe -k localService
  Type      = Share_Process
  Start     = Disabled
  Group     = 

  Name      = RpcEptMapper
  Display   = @%windir%\system32\RpcEpMap.dll,-1001
  ImagePath = %SystemRoot%\system32\svchost.exe -k RPCSS
  Type      = Share_Process
  Start     = Auto Start
  Group     = COM Infrastructure

  Name      = RpcLocator
  Display   = @%systemroot%\system32\Locator.exe,-2
  ImagePath = %SystemRoot%\system32\locator.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = RpcSs
  Display   = @combase.dll,-5010
  ImagePath = %SystemRoot%\system32\svchost.exe -k rpcss
  Type      = Share_Process
  Start     = Auto Start
  Group     = COM Infrastructure

  Name      = rspndr
  Display   = @%SystemRoot%\system32\lltdres.dll,-5
  ImagePath = \SystemRoot\system32\DRIVERS\rspndr.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = NDIS

  Name      = s3cap
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\vms3cap.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Video

  Name      = SamSs
  Display   = @%SystemRoot%\system32\samsrv.dll,-1
  ImagePath = %SystemRoot%\system32\lsass.exe
  Type      = Share_Process
  Start     = Auto Start
  Group     = MS_WindowsLocalValidation

  Name      = sbp2port
  Display   = @sbp2.inf,%sbp2_ServiceDesc%
  ImagePath = SBP-2 Transport/Protocol Bus Driver
  Type      = System32\drivers\sbp2port.sys
  Start     = Kernel driver
  Group     = Boot Start;

  Name      = SCardSvr
  Display   = @%SystemRoot%\System32\SCardSvr.dll,-1
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Disabled
  Group     = SmartCardGroup

  Name      = ScDeviceEnum
  Display   = @%SystemRoot%\System32\ScDeviceEnum.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = scfilter
  Display   = @%SystemRoot%\System32\drivers\scfilter.sys,-11
  ImagePath = System32\DRIVERS\scfilter.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = PnP Filter

  Name      = SCPolicySvc
  Display   = @%SystemRoot%\System32\certprop.dll,-13
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = sdstor
  Display   = @sdstor.inf,%sdstor_ServiceDesc%
  ImagePath = SD Storage Port Driver
  Type      = \SystemRoot\System32\drivers\sdstor.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = secdrv
  Display   = Security Driver
  ImagePath = 
  Type      = Kernel driver
  Start     = Auto Start
  Group     = 

  Name      = seclogon
  Display   = @%SystemRoot%\system32\seclogon.dll,-7001
  ImagePath = %windir%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = SENS
  Display   = @%SystemRoot%\system32\Sens.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = ProfSvc_Group

  Name      = SensrSvc
  Display   = @%SystemRoot%\System32\sensrsvc.dll,-1000
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = SerCx
  Display   = Serial UART Support Library
  ImagePath = system32\drivers\SerCx.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = SerCx2
  Display   = Serial UART Support Library
  ImagePath = system32\drivers\SerCx2.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = Serenum
  Display   = @msports.inf,%Serenum.SVCDESC%
  ImagePath = Serenum Filter Driver
  Type      = \SystemRoot\System32\drivers\serenum.sys
  Start     = Kernel driver
  Group     = Manual;PNP Filter

  Name      = Serial
  Display   = @msports.inf,%Serial.SVCDESC%
  ImagePath = Serial port driver
  Type      = \SystemRoot\System32\drivers\serial.sys
  Start     = Kernel driver
  Group     = Manual;Extended base

  Name      = sermouse
  Display   = @msmouse.inf,%sermouse.SvcDesc%
  ImagePath = Serial Mouse Driver
  Type      = \SystemRoot\System32\drivers\sermouse.sys
  Start     = Kernel driver
  Group     = Manual;Pointer Port

  Name      = SessionEnv
  Display   = @%SystemRoot%\System32\SessEnv.dll,-1026
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = sfloppy
  Display   = @flpydisk.inf,%sfloppy_devdesc%
  ImagePath = High-Capacity Floppy Disk Drive
  Type      = \SystemRoot\System32\drivers\sfloppy.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = SharedAccess
  Display   = @%SystemRoot%\system32\ipnathlp.dll,-106
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Disabled
  Group     = 

  Name      = ShellHWDetection
  Display   = @%SystemRoot%\System32\shsvcs.dll,-12288
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = ShellSvcGroup

  Name      = SiSRaid2
  Display   = 
  ImagePath = System32\drivers\SiSRaid2.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = SiSRaid4
  Display   = 
  ImagePath = System32\drivers\sisraid4.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = smphost
  Display   = @%SystemRoot%\System32\smphost.dll,-102
  ImagePath = %SystemRoot%\System32\svchost.exe -k smphost
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = SNMPTRAP
  Display   = @%SystemRoot%\system32\snmptrap.exe,-3
  ImagePath = %SystemRoot%\System32\snmptrap.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = SpbCx
  Display   = Simple Peripheral Bus Support Library
  ImagePath = system32\drivers\SpbCx.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = Spooler
  Display   = @%systemroot%\system32\spoolsv.exe,-1
  ImagePath = %SystemRoot%\System32\spoolsv.exe
  Type      = 0x0
  Start     = Auto Start
  Group     = SpoolerGroup

  Name      = sppsvc
  Display   = @%SystemRoot%\system32\sppsvc.exe,-101
  ImagePath = %SystemRoot%\system32\sppsvc.exe
  Type      = Own_Process
  Start     = Auto Start
  Group     = 

  Name      = srv
  Display   = @%systemroot%\system32\srvsvc.dll,-102
  ImagePath = System32\DRIVERS\srv.sys
  Type      = File system driver
  Start     = Auto Start
  Group     = Network

  Name      = srv2
  Display   = @%systemroot%\system32\srvsvc.dll,-104
  ImagePath = System32\DRIVERS\srv2.sys
  Type      = File system driver
  Start     = Manual
  Group     = Network

  Name      = srvnet
  Display   = 
  ImagePath = System32\DRIVERS\srvnet.sys
  Type      = File system driver
  Start     = Manual
  Group     = Network

  Name      = SSDPSRV
  Display   = @%systemroot%\system32\ssdpsrv.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = SstpSvc
  Display   = @%SystemRoot%\system32\sstpsvc.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = stexstor
  Display   = 
  ImagePath = System32\drivers\stexstor.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = storahci
  Display   = @mshdc.inf,%storahci_ServiceDescription%
  ImagePath = Microsoft Standard SATA AHCI Driver
  Type      = System32\drivers\storahci.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Miniport

  Name      = storflt
  Display   = @%SystemRoot%\system32\vmstorfltres.dll,-1000
  ImagePath = system32\DRIVERS\vmstorfl.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Extended Base

  Name      = stornvme
  Display   = @stornvme.inf,%StorNVMe_ServiceDesc%
  ImagePath = Microsoft Standard NVM Express Driver
  Type      = System32\drivers\stornvme.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Miniport

  Name      = StorSvc
  Display   = @%SystemRoot%\System32\StorSvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = storvsc
  Display   = 
  ImagePath = System32\drivers\storvsc.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = Base

  Name      = storvsp
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\storvsp.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = svsvc
  Display   = @%SystemRoot%\system32\svsvc.dll,-101
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = swprv
  Display   = @%SystemRoot%\System32\swprv.dll,-103
  ImagePath = %SystemRoot%\System32\svchost.exe -k swprv
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = SysMain
  Display   = @%SystemRoot%\system32\sysmain.dll,-1000
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = SystemEventsBroker
  Display   = @%windir%\system32\SystemEventsBrokerServer.dll,-1001
  ImagePath = %SystemRoot%\system32\svchost.exe -k DcomLaunch
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = TapiSrv
  Display   = @%SystemRoot%\system32\tapisrv.dll,-10100
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Tcpip
  Display   = @%SystemRoot%\system32\tcpipcfg.dll,-50003
  ImagePath = System32\drivers\tcpip.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = PNP_TDI

  Name      = TCPIP6
  Display   = @netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%
  ImagePath = Microsoft IPv6 Protocol Driver
  Type      = \SystemRoot\system32\DRIVERS\tcpip.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = TCPIP6TUNNEL
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = tcpipreg
  Display   = TCP/IP Registry Compatibility
  ImagePath = System32\drivers\tcpipreg.sys
  Type      = Kernel driver
  Start     = Auto Start
  Group     = 

  Name      = TCPIPTUNNEL
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = tdx
  Display   = @%SystemRoot%\system32\tcpipcfg.dll,-50004
  ImagePath = \SystemRoot\system32\DRIVERS\tdx.sys
  Type      = Kernel driver
  Start     = System Start
  Group     = PNP_TDI

  Name      = TermService
  Display   = @%SystemRoot%\System32\termsrv.dll,-268
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Themes
  Display   = @%SystemRoot%\System32\themeservice.dll,-8192
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = ProfSvc_Group

  Name      = THREADORDER
  Display   = @%systemroot%\system32\mmcss.dll,-102
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = TimeBroker
  Display   = @%windir%\system32\TimeBrokerServer.dll,-1001
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = TPM
  Display   = @tpm.inf,%TPM%
  ImagePath = TPM
  Type      = \SystemRoot\system32\drivers\tpm.sys
  Start     = Kernel driver
  Group     = Manual;Boot Bus Extender

  Name      = TrkWks
  Display   = @%SystemRoot%\system32\trkwks.dll,-1
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = TSDDD
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = TsUsbFlt
  Display   = 
  ImagePath = system32\drivers\tsusbflt.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = base

  Name      = TsUsbGD
  Display   = @tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%
  ImagePath = Remote Desktop Generic USB Device
  Type      = \SystemRoot\System32\drivers\TsUsbGD.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = uagp35
  Display   = @machine.inf,%uagp35_svcdesc%
  ImagePath = Microsoft AGPv3.5 Filter
  Type      = System32\drivers\uagp35.sys
  Start     = Kernel driver
  Group     = Boot Start;PnP Filter

  Name      = UASPStor
  Display   = @uaspstor.inf,%UASPortName%
  ImagePath = USB Attached SCSI (UAS) Driver
  Type      = \SystemRoot\System32\drivers\uaspstor.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = UCX01000
  Display   = USB Controller Extension
  ImagePath = \SystemRoot\System32\drivers\ucx01000.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Base

  Name      = udfs
  Display   = udfs
  ImagePath = system32\DRIVERS\udfs.sys
  Type      = File system driver
  Start     = Disabled
  Group     = Boot File System

  Name      = UEFI
  Display   = @uefi.inf,%UEFI.SvcDesc%
  ImagePath = Microsoft UEFI Driver
  Type      = \SystemRoot\System32\drivers\UEFI.sys
  Start     = Kernel driver
  Group     = Manual;

  Name      = UGatherer
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = UGTHRSVC
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = UI0Detect
  Display   = @%SystemRoot%\system32\ui0detect.exe,-101
  ImagePath = %SystemRoot%\system32\UI0Detect.exe
  Type      = 0x0
  Start     = Manual
  Group     = 

  Name      = uliagpkx
  Display   = @machine.inf,%uliagpkx_svcdesc%
  ImagePath = Uli AGP Bus Filter
  Type      = System32\drivers\uliagpkx.sys
  Start     = Kernel driver
  Group     = Boot Start;PnP Filter

  Name      = UmRdpService
  Display   = @%SystemRoot%\system32\umrdp.dll,-1000
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = upnphost
  Display   = @%systemroot%\system32\upnphost.dll,-213
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = usbcir
  Display   = @usbcir.inf,%usbcir.SVCDESC%
  ImagePath = eHome Infrared Receiver (USBCIR)
  Type      = \SystemRoot\System32\drivers\usbcir.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = usbohci
  Display   = @usbport.inf,%OHCIMP.SvcDesc%
  ImagePath = Microsoft USB Open Host Controller Miniport Driver
  Type      = \SystemRoot\System32\drivers\usbohci.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = usbprint
  Display   = @usbprint.inf,%USBPRINT.SvcDesc%
  ImagePath = Microsoft USB PRINTER Class
  Type      = \SystemRoot\System32\drivers\usbprint.sys
  Start     = Kernel driver
  Group     = Manual;extended base

  Name      = usbuhci
  Display   = @usbport.inf,%UHCIMP.SvcDesc%
  ImagePath = Microsoft USB Universal Host Controller Miniport Driver
  Type      = \SystemRoot\System32\drivers\usbuhci.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = VaultSvc
  Display   = @%SystemRoot%\system32\vaultsvc.dll,-1003
  ImagePath = %SystemRoot%\system32\lsass.exe
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vds
  Display   = @%SystemRoot%\system32\vds.exe,-100
  ImagePath = %SystemRoot%\System32\vds.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = VerifierExt
  Display   = @%SystemRoot%\system32\drivers\VerifierExt.sys,-1000
  ImagePath = system32\drivers\VerifierExt.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = WdfLoadGroup

  Name      = vhdmp
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\vhdmp.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = SCSI miniport

  Name      = viaide
  Display   = 
  ImagePath = System32\drivers\viaide.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = Vid
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\Vid.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = vmbus
  Display   = @%SystemRoot%\system32\vmbusres.dll,-1000
  ImagePath = System32\drivers\vmbus.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = VMBusHID
  Display   = 
  ImagePath = \SystemRoot\System32\drivers\VMBusHID.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = vmbusr
  Display   = @%SystemRoot%\system32\drivers\vmbusr.sys,-1001
  ImagePath = \SystemRoot\System32\drivers\vmbusr.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = Extended Base

  Name      = vmicguestinterface
  Display   = @%systemroot%\system32\vmicres.dll,-801
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmicheartbeat
  Display   = @%systemroot%\system32\vmicres.dll,-101
  ImagePath = %systemroot%\system32\svchost.exe -k ICService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmickvpexchange
  Display   = @%systemroot%\system32\vmicres.dll,-201
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmicrdv
  Display   = @%systemroot%\system32\vmicres.dll,-601
  ImagePath = %systemroot%\system32\svchost.exe -k ICService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmicshutdown
  Display   = @%systemroot%\system32\vmicres.dll,-301
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmictimesync
  Display   = @%systemroot%\system32\vmicres.dll,-401
  ImagePath = %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = vmicvss
  Display   = @%systemroot%\system32\vmicres.dll,-501
  ImagePath = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = volmgrx
  Display   = @%SystemRoot%\system32\drivers\volmgrx.sys,-100
  ImagePath = System32\drivers\volmgrx.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = System Bus Extender

  Name      = vpci
  Display   = @wvpci.inf,%vpci.SVCDESC%
  ImagePath = Microsoft Hyper-V Virtual PCI Bus
  Type      = \SystemRoot\System32\drivers\vpci.sys
  Start     = Kernel driver
  Group     = Manual;System Bus Extender

  Name      = vpcivsp
  Display   = @wvpcivsp.inf,%vpcivsp.SVCDESC%
  ImagePath = Microsoft Hyper-V PCI Server
  Type      = \SystemRoot\System32\drivers\vpcivsp.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = vsmraid
  Display   = 
  ImagePath = System32\drivers\vsmraid.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = SCSI Miniport

  Name      = VSTXRAID
  Display   = @vstxraid.inf,%Driver.DeviceDesc%
  ImagePath = VIA StorX Storage RAID Controller Windows Driver
  Type      = System32\drivers\vstxraid.sys
  Start     = Kernel driver
  Group     = Boot Start;SCSI Miniport

  Name      = W32Time
  Display   = @%SystemRoot%\system32\w32time.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WacomPen
  Display   = @hiddigi.inf,%WacomPen.SVCDESC%
  ImagePath = Wacom Serial Pen HID Driver
  Type      = \SystemRoot\System32\drivers\wacompen.sys
  Start     = Kernel driver
  Group     = Manual;Extended Base

  Name      = wbengine
  Display   = @%systemroot%\system32\wbengine.exe,-104
  ImagePath = "%systemroot%\system32\wbengine.exe"
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = WbioSrvc
  Display   = @%systemroot%\system32\wbiosrvc.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
  Type      = Share_Process
  Start     = Manual
  Group     = SmartCardGroup

  Name      = Wcmsvc
  Display   = @%SystemRoot%\System32\wcmsvc.dll,-4097
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Auto Start
  Group     = TDI

  Name      = wcncsvc
  Display   = @%SystemRoot%\system32\wcncsvc.dll,-3
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WcsPlugInService
  Display   = @%SystemRoot%\system32\WcsPlugInService.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k wcssvc
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WdiServiceHost
  Display   = @%systemroot%\system32\wdi.dll,-502
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WdiSystemHost
  Display   = @%systemroot%\system32\wdi.dll,-500
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WdNisDrv
  Display   = @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370
  ImagePath = system32\Drivers\WdNisDrv.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = 

  Name      = WebClient
  Display   = @%systemroot%\system32\webclnt.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = NetworkProvider

  Name      = Wecsvc
  Display   = @%SystemRoot%\system32\wecsvc.dll,-200
  ImagePath = %SystemRoot%\system32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WEPHOSTSVC
  Display   = @%systemroot%\system32\wephostsvc.dll,-100
  ImagePath = %systemroot%\system32\svchost.exe -k WepHostSvcGroup
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = wercplsupport
  Display   = @%SystemRoot%\System32\wercplsupport.dll,-101
  ImagePath = %SystemRoot%\System32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WerSvc
  Display   = @%SystemRoot%\System32\wersvc.dll,-100
  ImagePath = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = WFPLWFS
  Display   = @%SystemRoot%\System32\drivers\wfplwfs.sys,-6000
  ImagePath = system32\DRIVERS\wfplwfs.sys
  Type      = Kernel driver
  Start     = Boot Start
  Group     = NDIS

  Name      = WiaRpc
  Display   = @%SystemRoot%\system32\wiarpc.dll,-2
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WIMMount
  Display   = WIMMount
  ImagePath = system32\drivers\wimmount.sys
  Type      = File system driver
  Start     = Manual
  Group     = FSFilter Infrastructure

  Name      = WinHttpAutoProxySvc
  Display   = @%SystemRoot%\system32\winhttp.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Winmgmt
  Display   = @%Systemroot%\system32\wbem\wmisvc.dll,-205
  ImagePath = %systemroot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Auto Start
  Group     = 

  Name      = WinRM
  Display   = @%Systemroot%\system32\wsmsvc.dll,-101
  ImagePath = %SystemRoot%\System32\svchost.exe -k NetworkService
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = Winsock
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = WinSock2
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = wlidsvc
  Display   = @%SystemRoot%\system32\wlidsvc.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k netsvcs
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WmiApRpl
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = wmiApSrv
  Display   = @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
  ImagePath = %systemroot%\system32\wbem\WmiApSrv.exe
  Type      = Own_Process
  Start     = Manual
  Group     = 

  Name      = workerdd
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = workfolderssvc
  Display   = @%systemroot%\system32\workfolderssvc.dll,-102
  ImagePath = %SystemRoot%\System32\svchost.exe -k LocalService
  Type      = Share_Process
  Start     = Manual
  Group     = LocalService

  Name      = wpcfltr
  Display   = Family Safety Filter Driver
  ImagePath = system32\DRIVERS\wpcfltr.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = NDIS

  Name      = WPCSvc
  Display   = @%SystemRoot%\system32\wpcsvc.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WPDBusEnum
  Display   = @%SystemRoot%\system32\wpdbusenum.dll,-100
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = ws2ifsl
  Display   = @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
  ImagePath = \SystemRoot\system32\drivers\ws2ifsl.sys
  Type      = Kernel driver
  Start     = Disabled
  Group     = PNP_TDI

  Name      = WSearchIdxPi
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = WSService
  Display   = @%SystemRoot%\system32\WSService.dll,-103
  ImagePath = %SystemRoot%\System32\svchost.exe -k wsappx
  Type      = Share_Process
  Start     = Manual
  Group     = 

  Name      = WudfPf
  Display   = @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
  ImagePath = system32\drivers\WudfPf.sys
  Type      = Kernel driver
  Start     = Manual
  Group     = base

  Name      = WUDFRd
  Display   = @hidbthle.inf,%WudfRdDisplayName%
  ImagePath = Windows Driver Foundation - User-mode Driver Framework Reflector
  Type      = \SystemRoot\System32\drivers\WUDFRd.sys
  Start     = Kernel driver
  Group     = Manual;Base

  Name      = wudfsvc
  Display   = @%SystemRoot%\system32\wudfsvc.dll,-1000
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
  Type      = Share_Process
  Start     = Manual
  Group     = PlugPlay

  Name      = WwanSvc
  Display   = @%SystemRoot%\System32\wwansvc.dll,-257
  ImagePath = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
  Type      = Share_Process
  Start     = Manual
  Group     = TDI

  Name      = xmlprov
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

  Name      = {8718928D-CBEB-45EA-A621-800A9249001D}
  Display   = 
  ImagePath = 
  Type      = 
  Start     = 
  Group     = 

=-=-=-=-=-=-=-=-=-=-=-=-=-=
LIST OF DRIVERS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Microsoft\Windows NT\CurrentVersion\Drivers32 not found.

Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 not found.

====================================================
INSTALLED EXES (APP_PATHS KEY)
====================================================
App Paths
Microsoft\Windows\CurrentVersion\App Paths

Fri Oct 18 00:28:34 2013 (UTC)
  7zFM.exe - C:\Program Files\7-Zip\7zFM.exe
Sat Oct  5 20:35:53 2013 (UTC)
  iTunes.exe - C:\Program Files (x86)\iTunes\iTunes.exe
Thu Sep 26 17:51:52 2013 (UTC)
  PictureViewer.exe - C:\Program Files (x86)\QuickTime\PictureViewer.exe
  QuickTimePlayer.exe - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
Mon Sep 23 20:32:42 2013 (UTC)
  excel.exe - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
  GROOVE.EXE - C:\Program Files\Microsoft Office 15\Root\Office15\GROOVE.EXE
  infopath.exe - C:\Program Files\Microsoft Office 15\Root\Office15\INFOPATH.EXE
  Lync.exe - C:\Program Files\Microsoft Office 15\Root\Office15\Lync.exe
  MSACCESS.EXE - C:\Program Files\Microsoft Office 15\Root\Office15\MSACCESS.EXE
  MsoHtmEd.exe - 
  msoxmled.exe - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE
  MSPUB.EXE - C:\Program Files\Microsoft Office 15\Root\Office15\MSPUB.EXE
  OneNote.exe - C:\Program Files\Microsoft Office 15\Root\Office15\ONENOTE.EXE
  OUTLOOK.EXE - C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE
  powerpnt.exe - C:\Program Files\Microsoft Office 15\Root\Office15\POWERPNT.EXE
  Winword.exe - C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
Mon Sep 23 20:23:20 2013 (UTC)
  vstoee.dll - 
Mon Sep 23 19:19:54 2013 (UTC)
  AbsoluteInstallManager.exe - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteInstallManager.exe
  AcroRd32.exe - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
  chrome.exe - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  firefox.exe - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  PowerRecover - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
  SmartAudio.exe - 
Mon Sep 23 19:14:38 2013 (UTC)
  fsquirt.exe - 
Mon Sep 23 19:14:11 2013 (UTC)
  cmmgr32.exe - 
  dfshim.dll - 
  IEDIAG.EXE - C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
  IEDIAGCMD.EXE - C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
  IEXPLORE.EXE - C:\Program Files\Internet Explorer\IEXPLORE.EXE
  install.exe - 
  migwiz.exe - 
  mplayer2.exe - %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
  pbrush.exe - %SystemRoot%\System32\mspaint.exe
  PowerShell.exe - %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
  setup.exe - 
  table30.exe - 
  wab.exe - %ProgramFiles%\Windows Mail\wab.exe
  wabmig.exe - %ProgramFiles%\Windows Mail\wabmig.exe
  wmplayer.exe - %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
  WORDPAD.EXE - "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
  WRITE.EXE - "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
Thu Aug 22 19:11:29 2013 (UTC)
  Journal.exe - %ProgramFiles%\Windows Journal\Journal.exe
  mip.exe - %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe
  SnippingTool.exe - %SystemRoot%\system32\SnippingTool.exe
  TabTip.exe - %CommonProgramFiles%\microsoft shared\ink\TabTip.exe
Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths not found.
 
====================================================
INSTALLED APPLICATIONS (UNINSTALL KEY)
====================================================
Uninstall
Microsoft\Windows\CurrentVersion\Uninstall

Mon Jul  4 15:16:40 2016 (UTC)
  AccessData FTK Imager v.3.4.2.6

Sat Jun 25 02:32:36 2016 (UTC)
  Microsoft Silverlight v.5.1.50428.0

Sat Jun 25 00:56:25 2016 (UTC)
  Microsoft Office 64-bit Components 2013 v.15.0.4569.1506

Sat Jun 25 00:48:48 2016 (UTC)
  Microsoft Office Shared 64-bit MUI (English) 2013 v.15.0.4569.1506
  Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 v.15.0.4569.1506

Thu Jun 16 22:11:04 2016 (UTC)
  MPlayer2

Thu May 26 22:41:31 2016 (UTC)
  Microsoft .NET Framework 4.6.1 v.4.6.01055

Wed May 25 09:38:54 2016 (UTC)
  Microsoft .NET Framework 4.6.1 v.4.6.01055

Mon May 16 18:57:19 2016 (UTC)
  VMware Tools v.10.0.6.3595377

Tue Jan 12 13:52:50 2016 (UTC)
  Python 3.5.1 (Anaconda3 2.4.1 64-bit) v.2.4.1

Fri Dec 11 00:19:52 2015 (UTC)
  7-Zip 15.12 (x64) v.15.12

Wed Nov 25 18:36:43 2015 (UTC)
  Microsoft Baseline Security Analyzer 2.3 v.2.3.2211

Fri Nov 20 03:14:43 2015 (UTC)
  NXPowerLite Desktop 7 v.7.0.0

Wed Jul  1 11:29:52 2015 (UTC)
  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) v.10.0.50903
  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) v.10.0.50908

Wed Jul  1 11:29:40 2015 (UTC)
  Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 v.10.0.40219

Mon Jun  1 21:19:16 2015 (UTC)
  InstallRoot v.4.1

Mon Sep  8 02:04:03 2014 (UTC)
  DXM_Runtime

Mon Sep  8 00:08:16 2014 (UTC)
  WinRAR 4.11 (64-bit) v.4.11.0

Sun Sep  7 23:15:54 2014 (UTC)
  Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 v.9.0.30729.6161

Tue Jul 14 04:53:26 2009 (UTC)
  AddressBook
  Connection Manager
  DirectDrawEx
  Fontcore
  IE40
  IE4Data
  IE5BAKEX
  IEData
  MobileOptionPack
  SchedulingAgent
  WIC

Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Sat Jul  2 11:54:53 2016 (UTC)
  Redline v.1.14.600

Mon Jun 27 03:03:12 2016 (UTC)
  Bulk Extractor 1.5.1 v.1.5.1

Sun Jun 26 14:53:29 2016 (UTC)
  Adobe Acrobat 9.3.0 - CPSID_52073

Sun Jun 26 14:52:49 2016 (UTC)
  Adobe Acrobat 9 Pro - English, Français, Deutsch v.9.3.0

Sun Jun 26 14:52:30 2016 (UTC)
  Adobe Acrobat 9 Pro - English, Français, Deutsch v.9.3.0

Sat Jun 25 03:23:13 2016 (UTC)
  AccessData Registry Viewer v.1.8.3.0

Sat Jun 25 00:56:47 2016 (UTC)
  Update for Microsoft OneDrive for Business (KB3115163) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039795) 32-Bit Edition
  Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3023068) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3115151) 32-Bit Edition
  Update for Microsoft Excel 2013 (KB3115162) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3114488) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3039794) 32-Bit Edition
  Update for Microsoft InfoPath 2013 (KB3114946) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3101487) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3114835) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition
  Security Update for Microsoft Word 2013 (KB3115173) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3114825) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085486) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039701) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition
  {90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8862C65D-25F6-4712-89CE-3B0E922EA0BB}
  Update for Microsoft Office 2013 (KB3039778) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3115167) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085570) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054785) 32-Bit Edition
  Definition Update for Microsoft Office 2013 (KB3115159) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
  Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085587) 32-Bit Edition
  Security Update for Microsoft Publisher 2013 (KB3085561) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3055007) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3114499) 32-Bit Edition
  Update for Skype for Business 2015 (KB3115033) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039756) 32-Bit Edition
  Update for Microsoft Outlook 2013 (KB3115158) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3023049) 32-Bit Edition
  Update for Microsoft OneNote 2013 (KB3114725) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039800) 32-Bit Edition
  Update for Microsoft PowerPoint 2013 (KB3115015) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3039746) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition
  Update for Microsoft Access 2013 (KB3114735) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition

Sat Jun 25 00:56:46 2016 (UTC)
  Microsoft Office Professional Plus 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3115154) 32-Bit Edition
  Update for Microsoft InfoPath 2013 (KB3114818) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054941) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054805) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition
  Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition

Sat Jun 25 00:56:25 2016 (UTC)
  Update for Microsoft Project 2013 (KB3115164) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition
  Update for Microsoft OneDrive for Business (KB3115163) 32-Bit Edition
  Update for Microsoft InfoPath 2013 (KB3114946) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3114835) 32-Bit Edition
  Update for Skype for Business 2015 (KB3115033) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039756) 32-Bit Edition
  Update for Microsoft OneNote 2013 (KB3114725) 32-Bit Edition

Sat Jun 25 00:55:07 2016 (UTC)
  Microsoft Outlook MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition
  Security Update for Microsoft Word 2013 (KB3115173) 32-Bit Edition
  Update for Microsoft Outlook 2013 (KB3115158) 32-Bit Edition

Sat Jun 25 00:55:00 2016 (UTC)
  Microsoft Lync MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Security Update for Microsoft Word 2013 (KB3115173) 32-Bit Edition
  Update for Skype for Business 2015 (KB3039776) 32-Bit Edition
  Update for Skype for Business 2015 (KB3115033) 32-Bit Edition

Sat Jun 25 00:54:45 2016 (UTC)
  Microsoft Word MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Excel 2013 (KB3115162) 32-Bit Edition
  Security Update for Microsoft Word 2013 (KB3115173) 32-Bit Edition

Sat Jun 25 00:52:57 2016 (UTC)
  Microsoft Excel MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3023068) 32-Bit Edition
  Update for Microsoft Excel 2013 (KB3115162) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085570) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3054819) 32-Bit Edition

Sat Jun 25 00:51:24 2016 (UTC)
  Microsoft DCF MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3023068) 32-Bit Edition

Sat Jun 25 00:50:02 2016 (UTC)
  Microsoft Office Shared MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3115154) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Security Update for Microsoft Office 2013 (KB3085572) 32-Bit Edition
  Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
  Update for Microsoft Excel 2013 (KB3115162) 32-Bit Edition
  Update for Microsoft InfoPath 2013 (KB3114946) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3115167) 32-Bit Edition
  Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition

Sat Jun 25 00:49:39 2016 (UTC)
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Excel 2013 (KB3115162) 32-Bit Edition
  Update for Microsoft PowerPoint 2013 (KB3115015) 32-Bit Edition

Sat Jun 25 00:49:38 2016 (UTC)
  Microsoft PowerPoint MUI (English) 2013 v.15.0.4569.1506

Sat Jun 25 00:48:48 2016 (UTC)
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft OneDrive for Business (KB3115163) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:47 2016 (UTC)
  Microsoft Office Proofing Tools 2013 - English v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085577) 32-Bit Edition
  Outils de vérification linguistique 2013 de Microsoft Office - Français v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085577) 32-Bit Edition
  Microsoft Office Proofing Tools 2013 - Español v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Office 2013 (KB3085577) 32-Bit Edition

Sat Jun 25 00:48:41 2016 (UTC)
  Microsoft Publisher MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Security Update for Microsoft Publisher 2013 (KB3085561) 32-Bit Edition

Sat Jun 25 00:48:40 2016 (UTC)
  Microsoft Office Proofing (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:38 2016 (UTC)
  Microsoft Office OSM UX MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:37 2016 (UTC)
  Microsoft OneNote MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft OneNote 2013 (KB3114725) 32-Bit Edition
  Microsoft Office OSM MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:36 2016 (UTC)
  Microsoft Office Shared Setup Metadata MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:35 2016 (UTC)
  Microsoft InfoPath MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft InfoPath 2013 (KB3114946) 32-Bit Edition

Sat Jun 25 00:48:34 2016 (UTC)
  Microsoft Groove MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft OneDrive for Business (KB3115163) 32-Bit Edition

Sat Jun 25 00:48:33 2016 (UTC)
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition

Sat Jun 25 00:48:32 2016 (UTC)
  Microsoft Access Setup Metadata MUI (English) 2013 v.15.0.4569.1506

Sat Jun 25 00:48:31 2016 (UTC)
  Microsoft Access MUI (English) 2013 v.15.0.4569.1506
  Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition
  Update for Microsoft Access 2013 (KB3114735) 32-Bit Edition

Fri Jun 24 22:21:05 2016 (UTC)
  Java Auto Updater v.2.8.91.15

Fri Jun 24 22:19:31 2016 (UTC)
  Java 8 Update 91 v.8.0.910.15

Tue Jun 21 01:55:05 2016 (UTC)
  Adobe Flash Player 22 NPAPI v.22.0.0.192

Tue Jun 21 01:48:01 2016 (UTC)
  Microsoft Office Professional Plus 2013 v.15.0.4569.1506

Tue Jun 21 00:54:12 2016 (UTC)
  Adobe Flash Player 22 ActiveX v.22.0.0.192

Mon Jun 20 22:10:09 2016 (UTC)
  Google Chrome v.51.0.2704.103

Thu Jun 16 22:11:59 2016 (UTC)
  ApproveIt Desktop v.6.50.25.1000

Fri Jun  3 00:04:44 2016 (UTC)
  Adobe Acrobat Reader DC v.15.016.20045

Thu May 26 22:41:30 2016 (UTC)
  Security Update for Microsoft .NET Framework 4.6.1 (KB3143693) v.1

Thu May 26 22:40:16 2016 (UTC)
  Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2) v.2

Thu May 26 22:39:44 2016 (UTC)
  Security Update for Microsoft .NET Framework 4.6.1 (KB3127233) v.1

Thu May 26 22:38:01 2016 (UTC)
  Security Update for Microsoft .NET Framework 4.6.1 (KB3122661) v.1

Thu May 26 22:36:08 2016 (UTC)
  Security Update for Microsoft .NET Framework 4.6.1 (KB3142037) v.1

Tue May 24 23:33:15 2016 (UTC)
  Mozilla Firefox 46.0.1 (x86 en-US) v.46.0.1

Tue May 24 23:33:14 2016 (UTC)
  Mozilla Maintenance Service v.46.0.1.5966

Mon May 16 14:47:55 2016 (UTC)
  Adobe Refresh Manager v.1.8.0

Mon May 16 13:08:06 2016 (UTC)
  Google Update Helper v.1.3.30.3

Mon Apr 18 00:10:27 2016 (UTC)
  VMware Client Integration Plug-in 5.5.0 v.5.5.0.3129732

Thu Apr 14 16:58:16 2016 (UTC)
  ImgBurn v.2.5.8.0

Tue Jan 12 17:52:15 2016 (UTC)
  Notepad++ v.6.8.8

Tue Dec 22 23:25:55 2015 (UTC)
  TeamViewer 11 v.11.0.53254

Fri Nov 13 03:24:00 2015 (UTC)
  WinSCP 5.7.6 v.5.7.6

Tue Oct 20 02:00:09 2015 (UTC)
  Microsoft S/MIME v.14.3.123.2

Tue Sep 29 15:42:21 2015 (UTC)
  Cisco AnyConnect Secure Mobility Client v.4.1.04011

Tue Sep 29 15:42:05 2015 (UTC)
  Cisco AnyConnect Secure Mobility Client  v.4.1.04011

Sun Sep 13 15:27:09 2015 (UTC)
  Adobe AIR v.3.7.0.2090
  Adobe AIR v.3.7.0.2090

Sun Sep 13 15:26:39 2015 (UTC)
  WinPcap 4.1.3 v.4.1.0.2980

Sun Sep 13 15:26:16 2015 (UTC)
  InstallShield Uninstall Information

Wed Jul  1 11:37:52 2015 (UTC)
  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 v.9.0.30729.6161

Wed Jul  1 11:29:40 2015 (UTC)
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
  {1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

Wed Jul  1 11:29:37 2015 (UTC)
  Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 v.10.0.40219
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
  {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

Mon Jun 29 15:35:10 2015 (UTC)
  Mandiant IOCe v.2.1.100

Mon Jun  8 21:45:06 2015 (UTC)
  PureEdge Viewer 6.5

Sat Jun  6 23:52:44 2015 (UTC)
  Microsoft Visual C++ 2005 Redistributable v.8.0.61001

Mon May 25 18:52:36 2015 (UTC)
  Device Pack v.1.5.4

Mon May 25 18:52:02 2015 (UTC)
  D-Link D-ViewCam v.3.6.0

Mon Sep 15 22:47:11 2014 (UTC)
  Python 2.7 pywin32-216

Mon Sep 15 22:34:26 2014 (UTC)
  Python 2.7.2 v.2.7.2150

Mon Sep  8 01:14:02 2014 (UTC)
  Google Update Helper v.1.3.24.15

Sun Sep  7 23:15:16 2014 (UTC)
  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 v.9.0.30729.4148

Tue Jul 14 04:53:25 2009 (UTC)
  AddressBook
  Connection Manager
  DirectDrawEx
  Fontcore
  IE40
  IE4Data
  IE5BAKEX
  IEData
  MobileOptionPack
  SchedulingAgent
  WIC

=-=-=-=-=-=-=-=-=-=-=-=-=-=
Donald USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\Donald\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x367000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Root key name: CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}

Key: Software\Microsoft\Windows\CurrentVersion\Run
Last write time: 10/17/2013 7:07:51 PM +00:00
Number of Values: 6
Number of Subkeys: 0


------------ Value #0 ------------
Name: SkyDrive (RegSz)
Data: "C:\Users\Donald\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background (Slack: 00-00-00-00)
------------ Value #1 ------------
Name: Skype (RegSz)
Data: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun 
------------ Value #2 ------------
Name: 507A54D54B6AE28E27BB97617CD03511856714C4._service_run (RegSz)
Data: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service (Slack: 00-00)
------------ Value #3 ------------
Name: iCloudServices (RegSz)
Data: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Slack: 43-ED-E3-33-40-00)
------------ Value #4 ------------
Name: ApplePhotoStreams (RegSz)
Data: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe 
------------ Value #5 ------------
Name: AppleIEDAV (RegSz)
Data: C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Slack: 00-00-00-00-00-00)

Search took 0.577 seconds
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\Donald\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x367000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Root key name: CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}

Key: Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Last write time: 10/22/2013 4:49:02 PM +00:00
Number of Values: 5
Number of Subkeys: 0


------------ Value #0 ------------
Name: a (RegSz)
Data: calc\1 (Slack: EA-56-80-BD-DD-3B)
------------ Value #1 ------------
Name: MRUList (RegSz)
Data: dcba (Slack: 6E-64)
------------ Value #2 ------------
Name: b (RegSz)
Data: auditpol\1 (Slack: 6F-70-65-72-74-69)
------------ Value #3 ------------
Name: c (RegSz)
Data: regedit\1 
------------ Value #4 ------------
Name: d (RegSz)
Data: cmd\1 

Search took 0.566 seconds
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Default User USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\Default User\NTUSER.DAT'

'e:\[root]\users\Default User\NTUSER.DAT' does not exist. Skipping
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\Default User\NTUSER.DAT'

'e:\[root]\users\Default User\NTUSER.DAT' does not exist. Skipping
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
All Users USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\All Users\NTUSER.DAT'

'e:\[root]\users\All Users\NTUSER.DAT' does not exist. Skipping
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\All Users\NTUSER.DAT'

'e:\[root]\users\All Users\NTUSER.DAT' does not exist. Skipping
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Public USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\Public\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x2000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Key 'software\microsoft\windows\currentversion\run' not found.

Search took 0.086 seconds
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\Public\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x2000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Key 'software\microsoft\windows\currentversion\explorer\runmru' not found.

Search took 0.078 seconds
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Default USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\Default\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x23000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Key 'software\microsoft\windows\currentversion\run' not found.

Search took 0.100 seconds
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\Default\NTUSER.DAT'

Header length is smaller than the size of the file.
Found hbin with size 0 at absolute offset 0x23000
Initial processing complete. Building tree...
Found root node! Getting subkeys...
Hive processing complete!
Flushing record lists...

Key 'software\microsoft\windows\currentversion\explorer\runmru' not found.

Search took 0.097 seconds
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Default.migrated USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\Default.migrated\NTUSER.DAT'

'e:\[root]\users\Default.migrated\NTUSER.DAT' does not exist. Skipping
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\Default.migrated\NTUSER.DAT'

'e:\[root]\users\Default.migrated\NTUSER.DAT' does not exist. Skipping
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
$I30 USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\$I30\NTUSER.DAT'

'e:\[root]\users\$I30\NTUSER.DAT' does not exist. Skipping
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\$I30\NTUSER.DAT'

'e:\[root]\users\$I30\NTUSER.DAT' does not exist. Skipping
 
=-=-=-=-=-=-=-=-=-=-=-=-=-=
desktop.ini USER DETAILS
=-=-=-=-=-=-=-=-=-=-=-=-=-=
====================================================
AUTORUNS
====================================================
Processing hive 'e:\[root]\users\desktop.ini\NTUSER.DAT'

'e:\[root]\users\desktop.ini\NTUSER.DAT' does not exist. Skipping
 
====================================================
MRU KEYS
====================================================
Processing hive 'e:\[root]\users\desktop.ini\NTUSER.DAT'

'e:\[root]\users\desktop.ini\NTUSER.DAT' does not exist. Skipping
 
====================================================
OTHER MALWARE LOCATIONS
====================================================
malware v.20151013
(All) Checks for malware-related keys/values

Classes\Network\SharingHandler
  LastWrite Time : Mon Sep 23 19:14:09 2013 (UTC)
  (Default) value: ntshrui.dll
If the (Default) value is not ntshrui.dll, there may be an infection.

malware v.20151013
(All) Checks for malware-related keys/values