XT --- Computer Examination Report
Examination Date: 2013-10-06 17:07
OS Information: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601), 64-bit
Internet Explorer: 9.10.9200.16686

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      Mouclass
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      File Association
      IFEO
      IME
      Firewall Rule
      Scan MBR Rootkit

==========================================================================================

Process


==========================================================================================

Process Modules


==========================================================================================

Process Threads


==========================================================================================

Kernel Module


==========================================================================================

Notify Routine


==========================================================================================

Filter


==========================================================================================

DPC Timer


==========================================================================================

Worker Thread


==========================================================================================

Object Hijack

       Nothing

==========================================================================================

Direct IO


==========================================================================================

GDT

       Nothing

==========================================================================================

SSDT

       Nothing

==========================================================================================

Shadow SSDT

       Nothing

==========================================================================================

FSD

       Nothing

==========================================================================================

Keyboard

       Nothing

==========================================================================================

Mouclass

       Nothing

==========================================================================================

Classpnp

       Nothing

==========================================================================================

Atapi

       Nothing

==========================================================================================

Acpi

       Nothing

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Nothing

==========================================================================================

Object Type

       Nothing

==========================================================================================

IDT

       Nothing

==========================================================================================

Message Hook

       Nothing

==========================================================================================

Process Hook

            Nothing

==========================================================================================

KernelCallbackTable

       Nothing

==========================================================================================

Port

       Nothing

==========================================================================================

Tcpip

       Nothing

==========================================================================================

IE Plugin

       Nothing

==========================================================================================

IE Shell

       Nothing

==========================================================================================

Spi

       Nothing

==========================================================================================

Hosts File

       Nothing

==========================================================================================

Startup

       GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - Google Inc. - [Task Scheduler]
       GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - Google Inc. - [Task Scheduler]
       Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - Adobe Systems Incorporated - [Task Scheduler]

==========================================================================================

Service

       AdobeARMservice - Started - Automatic - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -  - 
       AdobeFlashPlayerUpdateSvc - Stopped - Manual - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -  - 
       AeLookupSvc - Started - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       ALG - Stopped - Manual - C:\Windows\System32\alg.exe - C:\Windows\System32\alg.exe -  - 
       AppIDSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       Appinfo - Stopped - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       AppleChargerSrv - Stopped - Manual - system32\AppleChargerSrv.exe - system32\AppleChargerSrv.exe -  - 
       aspnet_state - Stopped - Manual - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -  - 
       AudioEndpointBuilder - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       AudioSrv - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       AxInstSV - Stopped - Manual - C:\Windows\system32\svchost.exe -k AxInstSVGroup - C:\Windows\system32\svchost.exe -  - 
       BDESVC - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       BFE - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - C:\Windows\system32\svchost.exe -  - 
       BITS - Started - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       Browser - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       bthserv - Stopped - Manual - C:\Windows\system32\svchost.exe -k bthsvcs - C:\Windows\system32\svchost.exe -  - 
       CertPropSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       clr_optimization_v2.0.50727_32 - Stopped - Disabled - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -  - 
       clr_optimization_v2.0.50727_64 - Stopped - Disabled - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -  - 
       clr_optimization_v4.0.30319_32 - Stopped - Automatic - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -  - 
       clr_optimization_v4.0.30319_64 - Stopped - Automatic - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -  - 
       COMSysApp - Stopped - Manual - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - C:\Windows\system32\dllhost.exe -  - 
       CryptSvc - Started - Automatic - C:\Windows\system32\svchost.exe -k NetworkService - C:\Windows\system32\svchost.exe -  - 
       DcomLaunch - Started - Automatic - C:\Windows\system32\svchost.exe -k DcomLaunch - C:\Windows\system32\svchost.exe -  - 
       defragsvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k defragsvc - C:\Windows\system32\svchost.exe -  - 
       Dhcp - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       Dnscache - Started - Automatic - C:\Windows\system32\svchost.exe -k NetworkService - C:\Windows\system32\svchost.exe -  - 
       dot3svc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       DPS - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork - C:\Windows\System32\svchost.exe -  - 
       EapHost - Started - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       EFS - Stopped - Manual - C:\Windows\System32\lsass.exe - C:\Windows\System32\lsass.exe -  - 
       ehRecvr - Stopped - Manual - C:\Windows\ehome\ehrecvr.exe - C:\Windows\ehome\ehrecvr.exe -  - 
       ehSched - Stopped - Manual - C:\Windows\ehome\ehsched.exe - C:\Windows\ehome\ehsched.exe -  - 
       eventlog - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       EventSystem - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       Fax - Stopped - Manual - C:\Windows\system32\fxssvc.exe - C:\Windows\system32\fxssvc.exe -  - 
       fdPHost - Started - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       FDResPub - Started - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       FontCache - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       FontCache3.0.0.0 - Stopped - Manual - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -  - 
       Freemake Improver - Started - Automatic - "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -  - 
       fsssvc - Stopped - Manual - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -  - 
       gpsvc - Started - Automatic - C:\Windows\system32\svchost.exe -k GPSvcGroup - C:\Windows\system32\svchost.exe -  - 
       gupdate - Stopped - Automatic - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -  - 
       gupdatem - Stopped - Manual - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -  - 
       gusvc - Stopped - Manual - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -  - 
       Hamachi2Svc - Started - Automatic - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -  - 
       hidserv - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       hkmsvc - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       HomeGroupListener - Started - Manual - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       HomeGroupProvider - Started - Manual - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       IAStorDataMgrSvc - Started - Automatic - "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -  - 
       idsvc - Stopped - Manual - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" - C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -  - 
       IKEEXT - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       Intel(R) Capability Licensing Service Interface - Started - Automatic - "C:\Program Files\Intel\iCLS Client\HeciServer.exe" - C:\Program Files\Intel\iCLS Client\HeciServer.exe -  - 
       IPBusEnum - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       iphlpsvc - Started - Automatic - C:\Windows\System32\svchost.exe -k NetSvcs - C:\Windows\System32\svchost.exe -  - 
       jhi_service - Started - Automatic - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -  - 
       KeyIso - Started - Manual - C:\Windows\system32\lsass.exe - C:\Windows\system32\lsass.exe -  - 
       KtmRm - Stopped - Manual - C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation - C:\Windows\System32\svchost.exe -  - 
       LanmanServer - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       LanmanWorkstation - Started - Automatic - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       lltdsvc - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalService - C:\Windows\System32\svchost.exe -  - 
       lmhosts - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       LMS - Started - Automatic - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -  - 
       MBAMScheduler - Started - Automatic - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -  - 
       MBAMService - Started - Automatic - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -  - 
       Mcx2Svc - Stopped - Disabled - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       MDM - Started - Automatic - "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -  - 
       Microsoft Office Groove Audit Service - Stopped - Manual - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -  - 
       MMCSS - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       MpsSvc - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - C:\Windows\system32\svchost.exe -  - 
       MSDTC - Stopped - Manual - C:\Windows\System32\msdtc.exe - C:\Windows\System32\msdtc.exe -  - 
       MSiSCSI - Stopped - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       msiserver - Started - Manual - C:\Windows\system32\msiexec.exe /V - C:\Windows\system32\msiexec.exe -  - 
       MsMpSvc - Started - Automatic - "c:\Program Files\Microsoft Security Client\MsMpEng.exe" - c:\Program Files\Microsoft Security Client\MsMpEng.exe -  - 
       napagent - Stopped - Manual - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       Netlogon - Stopped - Manual - C:\Windows\system32\lsass.exe - C:\Windows\system32\lsass.exe -  - 
       Netman - Started - Manual - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       NetMsmqActivator - Stopped - Disabled - "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe -  - 
       NetPipeActivator - Stopped - Disabled - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe -  - 
       netprofm - Started - Manual - C:\Windows\System32\svchost.exe -k LocalService - C:\Windows\System32\svchost.exe -  - 
       NetTcpActivator - Stopped - Disabled - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe -  - 
       NetTcpPortSharing - Stopped - Disabled - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe -  - 
       NisSrv - Started - Manual - "c:\Program Files\Microsoft Security Client\NisSrv.exe" - c:\Program Files\Microsoft Security Client\NisSrv.exe -  - 
       NlaSvc - Started - Automatic - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       nsi - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       NvStreamSvc - Started - Automatic - "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -  - 
       nvsvc - Started - Automatic - "C:\Windows\system32\nvvsvc.exe" - C:\Windows\system32\nvvsvc.exe -  - 
       nvUpdatusService - Started - Automatic - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -  - 
       odserv - Stopped - Manual - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -  - 
       ose - Stopped - Manual - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -  - 
       p2pimsvc - Started - Manual - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - C:\Windows\System32\svchost.exe -  - 
       p2psvc - Started - Manual - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - C:\Windows\System32\svchost.exe -  - 
       PcaSvc - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       PerfHost - Stopped - Manual - C:\Windows\SysWOW64\perfhost.exe - C:\Windows\SysWOW64\perfhost.exe -  - 
       pla - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork - C:\Windows\System32\svchost.exe -  - 
       PlugPlay - Started - Automatic - C:\Windows\system32\svchost.exe -k DcomLaunch - C:\Windows\system32\svchost.exe -  - 
       PNRPAutoReg - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - C:\Windows\System32\svchost.exe -  - 
       PNRPsvc - Started - Manual - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - C:\Windows\System32\svchost.exe -  - 
       PolicyAgent - Started - Manual - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       Power - Started - Automatic - C:\Windows\system32\svchost.exe -k DcomLaunch - C:\Windows\system32\svchost.exe -  - 
       ProfSvc - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       ProtectedStorage - Stopped - Manual - C:\Windows\system32\lsass.exe - C:\Windows\system32\lsass.exe -  - 
       QWAVE - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       RasAuto - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       RasMan - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       RemoteAccess - Stopped - Disabled - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       RemoteRegistry - Stopped - Manual - C:\Windows\system32\svchost.exe -k regsvc - C:\Windows\system32\svchost.exe -  - 
       RpcEptMapper - Started - Automatic - C:\Windows\system32\svchost.exe -k RPCSS - C:\Windows\system32\svchost.exe -  - 
       RpcLocator - Stopped - Manual - C:\Windows\system32\locator.exe - C:\Windows\system32\locator.exe -  - 
       RpcSs - Started - Automatic - C:\Windows\system32\svchost.exe -k rpcss - C:\Windows\system32\svchost.exe -  - 
       SamSs - Started - Automatic - C:\Windows\system32\lsass.exe - C:\Windows\system32\lsass.exe -  - 
       SCardSvr - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       Schedule - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       SCPolicySvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       SDRSVC - Stopped - Manual - C:\Windows\system32\svchost.exe -k SDRSVC - C:\Windows\system32\svchost.exe -  - 
       seclogon - Stopped - Manual - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       SENS - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       SensrSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       SessionEnv - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       SharedAccess - Stopped - Disabled - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       ShellHWDetection - Started - Automatic - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       Skype C2C Service - Started - Automatic - "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -  - 
       SkypeUpdate - Stopped - Automatic - "C:\Program Files (x86)\Skype\Updater\Updater.exe" - C:\Program Files (x86)\Skype\Updater\Updater.exe -  - 
       SNMPTRAP - Stopped - Manual - C:\Windows\System32\snmptrap.exe - C:\Windows\System32\snmptrap.exe -  - 
       Spooler - Started - Automatic - C:\Windows\System32\spoolsv.exe - C:\Windows\System32\spoolsv.exe -  - 
       sppsvc - Stopped - Automatic - C:\Windows\system32\sppsvc.exe - C:\Windows\system32\sppsvc.exe -  - 
       sppuinotify - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       SSDPSRV - Started - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       SstpSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       Steam Client Service - Stopped - Manual - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService - C:\Program Files (x86)\Common Files\Steam\SteamService.exe -  - 
       Stereo Service - Started - Automatic - "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -  - 
       stisvc - Started - Automatic - C:\Windows\system32\svchost.exe -k imgsvc - C:\Windows\system32\svchost.exe -  - 
       swprv - Stopped - Manual - C:\Windows\System32\svchost.exe -k swprv - C:\Windows\System32\svchost.exe -  - 
       SysMain - Started - Automatic - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       TabletInputService - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       TapiSrv - Stopped - Manual - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       TBS - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\System32\svchost.exe -  - 
       TermService - Stopped - Manual - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       Themes - Started - Automatic - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       THREADORDER - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       TrkWks - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       TrustedInstaller - Stopped - Manual - C:\Windows\servicing\TrustedInstaller.exe - C:\Windows\servicing\TrustedInstaller.exe -  - 
       UI0Detect - Stopped - Manual - C:\Windows\system32\UI0Detect.exe - C:\Windows\system32\UI0Detect.exe -  - 
       UNS - Started - Automatic - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -  - 
       upnphost - Started - Manual - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\system32\svchost.exe -  - 
       UxSms - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       VaultSvc - Stopped - Manual - C:\Windows\system32\lsass.exe - C:\Windows\system32\lsass.exe -  - 
       vds - Stopped - Manual - C:\Windows\System32\vds.exe - C:\Windows\System32\vds.exe -  - 
       VIAKaraokeService - Started - Automatic - C:\Windows\system32\viakaraokesrv.exe - C:\Windows\system32\viakaraokesrv.exe -  - 
       VSS - Stopped - Manual - C:\Windows\system32\vssvc.exe - C:\Windows\system32\vssvc.exe -  - 
       W32Time - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       WatAdminSvc - Stopped - Manual - C:\Windows\system32\Wat\WatAdminSvc.exe - C:\Windows\system32\Wat\WatAdminSvc.exe -  - 
       wbengine - Stopped - Manual - "C:\Windows\system32\wbengine.exe" - C:\Windows\system32\wbengine.exe -  - 
       WbioSrvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k WbioSvcGroup - C:\Windows\system32\svchost.exe -  - 
       wcncsvc - Started - Manual - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation - C:\Windows\System32\svchost.exe -  - 
       WcsPlugInService - Stopped - Manual - C:\Windows\system32\svchost.exe -k wcssvc - C:\Windows\system32\svchost.exe -  - 
       WdiServiceHost - Started - Manual - C:\Windows\System32\svchost.exe -k LocalService - C:\Windows\System32\svchost.exe -  - 
       WdiSystemHost - Stopped - Manual - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       WebClient - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       Wecsvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k NetworkService - C:\Windows\system32\svchost.exe -  - 
       wercplsupport - Stopped - Manual - C:\Windows\System32\svchost.exe -k netsvcs - C:\Windows\System32\svchost.exe -  - 
       WerSvc - Stopped - Manual - C:\Windows\System32\svchost.exe -k WerSvcGroup - C:\Windows\System32\svchost.exe -  - 
       WinDefend - Stopped - Manual - C:\Windows\System32\svchost.exe -k secsvcs - C:\Windows\System32\svchost.exe -  - 
       WinHttpAutoProxySvc - Started - Manual - C:\Windows\system32\svchost.exe -k LocalService - C:\Windows\system32\svchost.exe -  - 
       Winmgmt - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       WinRM - Stopped - Manual - C:\Windows\System32\svchost.exe -k NetworkService - C:\Windows\System32\svchost.exe -  - 
       Wlansvc - Started - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       wlidsvc - Started - Automatic - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -  - 
       wmiApSrv - Stopped - Manual - C:\Windows\system32\wbem\WmiApSrv.exe - C:\Windows\system32\wbem\WmiApSrv.exe -  - 
       WMPNetworkSvc - Started - Automatic - "C:\Program Files\Windows Media Player\wmpnetwk.exe" - C:\Program Files\Windows Media Player\wmpnetwk.exe -  - 
       WPCSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       WPDBusEnum - Started - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       wscsvc - Started - Automatic - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - C:\Windows\System32\svchost.exe -  - 
       WSearch - Started - Automatic - C:\Windows\system32\SearchIndexer.exe /Embedding - C:\Windows\system32\SearchIndexer.exe -  - 
       wuauserv - Started - Automatic - C:\Windows\system32\svchost.exe -k netsvcs - C:\Windows\system32\svchost.exe -  - 
       wudfsvc - Started - Manual - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted - C:\Windows\system32\svchost.exe -  - 
       WwanSvc - Stopped - Manual - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - C:\Windows\system32\svchost.exe -  - 
       TeamViewer8 - Started - Automatic - "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -  - 
       ekrn - Started - Automatic - "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -  - 

==========================================================================================

File Association

       Nothing

==========================================================================================

IFEO

       Nothing

==========================================================================================

IME

       Nothing

==========================================================================================

Firewall Rule

       Nothing

==========================================================================================

Scan MBR Rootkit

       Nothing

==========================================================================================

