API tools faq
paste
Advertisement
Guest User

ZGMCPP0K1HM3KLCFA

a guest
Jul 2nd, 2017
1,845
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 208.04 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Sysinternals Autoruns v13.71 - Autostart program viewer
  3. Copyright (C) 2002-2017 Mark Russinovich
  4. Sysinternals - www.sysinternals.com
  5.  
  6. Time,Entry Location,Entry,Enabled,Category,Profile,Description,Signer,Company,Image Path,Version,Launch String
  7. 2017-07-02 10:29 AM,HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute,,,"Boot Execute",System-wide,,,,,,
  8. 2014-02-22 8:17 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute","autocheck autochk /q /v *",enabled,"Boot Execute",System-wide,"Auto Check Utility","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\autochk.exe",6.3.9600.17031,"autocheck autochk /q /v *"
  9. 2017-07-01 4:27 PM,HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension,,,"Boot Execute",System-wide,,,,,,
  10. 2014-10-28 9:28 PM,"HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension","%systemroot%\system32\scext.dll",enabled,"Boot Execute",System-wide,"Service Control Manager Extension DLL for non-minwin","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\scext.dll",6.3.9600.17415,"%systemroot%\system32\scext.dll"
  11. 2013-08-22 11:46 AM,HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default),,,"Hijacks",System-wide,,,,,,
  12. 2015-11-08 4:24 PM,"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)","C:\Program Files\Internet Explorer\iexplore.exe",enabled,"Hijacks",System-wide,"Internet Explorer","(Verified) Microsoft Corporation","Microsoft Corporation","c:\program files\internet explorer\iexplore.exe",11.0.9600.18123,""
  13. 2017-07-02 4:39 PM,HKLM\System\CurrentControlSet\Services,,,"Services",System-wide,,,,,,
  14. 2017-06-14 7:49 PM,"HKLM\System\CurrentControlSet\Services","AdobeFlashPlayerUpdateSvc",enabled,"Services",System-wide,"This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.","(Verified) Adobe Systems Incorporated","Adobe Systems Incorporated","c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe",26.0.0.131,"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
  15. 2014-10-28 10:42 PM,"HKLM\System\CurrentControlSet\Services","AeLookupSvc",enabled,"Services",System-wide,"Processes application compatibility cache requests for applications as they are launched","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\aelupsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\aelupsvc.dll"
  16. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","ALG",enabled,"Services",System-wide,"Provides support for 3rd party protocol plug-ins for Internet Connection Sharing","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\alg.exe",6.3.9600.17415,"%SystemRoot%\System32\alg.exe"
  17. 2015-08-01 10:22 AM,"HKLM\System\CurrentControlSet\Services","AppIDSvc",enabled,"Services",System-wide,"Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appidsvc.dll",6.3.9600.18002,"%SystemRoot%\System32\appidsvc.dll"
  18. 2016-01-31 2:07 PM,"HKLM\System\CurrentControlSet\Services","Appinfo",enabled,"Services",System-wide,"Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appinfo.dll",6.3.9600.18224,"%SystemRoot%\System32\appinfo.dll"
  19. 2014-10-28 10:30 PM,"HKLM\System\CurrentControlSet\Services","AppMgmt",enabled,"Services",System-wide,"Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appmgmts.dll",6.3.9600.17415,"%SystemRoot%\System32\appmgmts.dll"
  20. 2014-10-28 8:48 PM,"HKLM\System\CurrentControlSet\Services","AppReadiness",enabled,"Services",System-wide,"Gets apps ready for use the first time a user signs in to this PC and when adding new apps.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appreadiness.dll",6.3.9600.17415,"%SystemRoot%\system32\AppReadiness.dll"
  21. 2016-02-08 12:53 PM,"HKLM\System\CurrentControlSet\Services","AppXSvc",enabled,"Services",System-wide,"Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appxdeploymentserver.dll",6.3.9600.18231,"%SystemRoot%\system32\appxdeploymentserver.dll"
  22. 2014-02-17 11:28 PM,"HKLM\System\CurrentControlSet\Services","ASLDRService",enabled,"Services",System-wide,"ASLDR Service","(Verified) ASUSTeK Computer Inc.","ASUSTek Computer Inc.","c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe",1.0.80.5,"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
  23. 2011-11-21 2:19 AM,"HKLM\System\CurrentControlSet\Services","ATKGFNEXSrv",enabled,"Services",System-wide,"GFNEXSrv","(Verified) ASUSTeK Computer Inc.","ASUS","c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe",1.0.11.1,"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
  24. 2015-05-30 3:36 PM,"HKLM\System\CurrentControlSet\Services","AudioEndpointBuilder",enabled,"Services",System-wide,"Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\audioendpointbuilder.dll",6.3.9600.17893,"%SystemRoot%\System32\AudioEndpointBuilder.dll"
  25. 2015-05-30 3:35 PM,"HKLM\System\CurrentControlSet\Services","Audiosrv",enabled,"Services",System-wide,"Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\audiosrv.dll",6.3.9600.17893,"%SystemRoot%\System32\Audiosrv.dll"
  26. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","AxInstSV",enabled,"Services",System-wide,"Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\axinstsv.dll",6.3.9600.17415,"%SystemRoot%\System32\AxInstSV.dll"
  27. 2016-02-05 11:11 AM,"HKLM\System\CurrentControlSet\Services","BFE",enabled,"Services",System-wide,"The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\bfe.dll",6.3.9600.18229,"%SystemRoot%\System32\bfe.dll"
  28. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","BITS",enabled,"Services",System-wide,"Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\qmgr.dll",7.7.9600.17415,"%SystemRoot%\System32\qmgr.dll"
  29. 2014-10-28 9:12 PM,"HKLM\System\CurrentControlSet\Services","BrokerInfrastructure",enabled,"Services",System-wide,"Windows infrastructure service that controls which background tasks can run on the system.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\bisrv.dll",6.3.9600.17415,"%SystemRoot%\System32\bisrv.dll"
  30. 2016-12-24 8:48 PM,"HKLM\System\CurrentControlSet\Services","CertPropSvc",enabled,"Services",System-wide,"Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\certprop.dll",6.3.9600.18562,"%SystemRoot%\System32\certprop.dll"
  31. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","COMSysApp",enabled,"Services",System-wide,"Manages the configuration and tracking of Component Object Model (COM) -based components. If the service is stopped, most COM -based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dllhost.exe",6.3.9600.17415,"%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
  32. 2011-12-22 2:45 AM,"HKLM\System\CurrentControlSet\Services","cphs",enabled,"Services",System-wide,"Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW","(Verified) Intel Corporation - pGFX","Intel Corporation","c:\windows\syswow64\intelcphecisvc.exe",1.0.1.14,"%SystemRoot%\SysWow64\IntelCpHeciSvc.exe"
  33. 2014-10-28 9:27 PM,"HKLM\System\CurrentControlSet\Services","CryptSvc",enabled,"Services",System-wide,"Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\cryptsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\cryptsvc.dll"
  34. 2017-04-16 3:22 AM,"HKLM\System\CurrentControlSet\Services","DcomLaunch",enabled,"Services",System-wide,"The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rpcss.dll",6.3.9600.18666,"%SystemRoot%\system32\rpcss.dll"
  35. 2014-10-28 9:12 PM,"HKLM\System\CurrentControlSet\Services","defragsvc",enabled,"Services",System-wide,"Helps the computer run more efficiently by optimizing files on storage drives.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\defragsvc.dll",6.3.9600.17415,"%Systemroot%\System32\defragsvc.dll"
  36. 2014-10-28 9:12 PM,"HKLM\System\CurrentControlSet\Services","DeviceAssociationService",enabled,"Services",System-wide,"Enables pairing between the system and wired or wireless devices.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\das.dll",6.3.9600.17415,"%SystemRoot%\system32\das.dll"
  37. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","DeviceInstall",enabled,"Services",System-wide,"Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\umpnpmgr.dll",6.3.9600.17415,"%SystemRoot%\system32\umpnpmgr.dll"
  38. 2014-10-28 9:29 PM,"HKLM\System\CurrentControlSet\Services","Dhcp",enabled,"Services",System-wide,"Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dhcpcore.dll",6.3.9600.17415,"%SystemRoot%\system32\dhcpcore.dll"
  39. 2016-08-20 1:37 AM,"HKLM\System\CurrentControlSet\Services","DiagTrack",enabled,"Services",System-wide,"The Diagnostics Tracking Service enables data collection about functional issues in Windows components.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\diagtrack.dll",10.0.10586.3,"%SystemRoot%\system32\diagtrack.dll"
  40. 2017-02-09 10:58 AM,"HKLM\System\CurrentControlSet\Services","Dnscache",enabled,"Services",System-wide,"The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dnsrslvr.dll",6.3.9600.18592,"%SystemRoot%\System32\dnsrslvr.dll"
  41. 2014-10-28 9:53 PM,"HKLM\System\CurrentControlSet\Services","dot3svc",enabled,"Services",System-wide,"The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dot3svc.dll",6.3.9600.17415,"%SystemRoot%\System32\dot3svc.dll"
  42. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","DPS",enabled,"Services",System-wide,"The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dps.dll",6.3.9600.17415,"%SystemRoot%\system32\dps.dll"
  43. 2014-10-28 9:05 PM,"HKLM\System\CurrentControlSet\Services","DsmSvc",enabled,"Services",System-wide,"Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\devicesetupmanager.dll",6.3.9600.17415,"%SystemRoot%\System32\DeviceSetupManager.dll"
  44. 2014-10-28 9:14 PM,"HKLM\System\CurrentControlSet\Services","Eaphost",enabled,"Services",System-wide,"The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\eapsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\eapsvc.dll"
  45. 2014-10-28 10:42 PM,"HKLM\System\CurrentControlSet\Services","EFS",enabled,"Services",System-wide,"Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\efssvc.dll",6.3.9600.17415,"%SystemRoot%\system32\efssvc.dll"
  46. 2013-07-28 10:35 PM,"HKLM\System\CurrentControlSet\Services","ETDService",enabled,"Services",System-wide,"Elan Service","(Verified) ELAN Microelectronics Corporation","ELAN Microelectronics Corp.","c:\program files\elantech\etdservice.exe",11.8.0.0,"C:\Program Files\Elantech\ETDService.exe"
  47. 2015-03-05 10:47 PM,"HKLM\System\CurrentControlSet\Services","EventLog",enabled,"Services",System-wide,"This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wevtsvc.dll",6.3.9600.17722,"%SystemRoot%\System32\wevtsvc.dll"
  48. 2014-10-28 9:12 PM,"HKLM\System\CurrentControlSet\Services","EventSystem",enabled,"Services",System-wide,"Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\es.dll",2001.12.10530.17415,"%systemroot%\system32\es.dll"
  49. 2014-10-28 8:58 PM,"HKLM\System\CurrentControlSet\Services","fdPHost",enabled,"Services",System-wide,"The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services � Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\fdphost.dll",6.3.9600.17415,"%SystemRoot%\system32\fdPHost.dll"
  50. 2014-10-28 9:15 PM,"HKLM\System\CurrentControlSet\Services","FDResPub",enabled,"Services",System-wide,"Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\fdrespub.dll",6.3.9600.17415,"%SystemRoot%\system32\fdrespub.dll"
  51. 2017-05-11 10:48 PM,"HKLM\System\CurrentControlSet\Services","FontCache",enabled,"Services",System-wide,"Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\fntcache.dll",6.3.9600.18696,"%SystemRoot%\system32\FntCache.dll"
  52. 2013-07-20 1:58 AM,"HKLM\System\CurrentControlSet\Services","FontCache3.0.0.0",enabled,"Services",System-wide,"Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.","(Verified) Microsoft Corporation","Microsoft Corporation","c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe",3.0.6920.7903,"%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
  53. 2017-04-06 12:35 PM,"HKLM\System\CurrentControlSet\Services","gpsvc",enabled,"Services",System-wide,"The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpsvc.dll",6.3.9600.18659,"%SystemRoot%\System32\gpsvc.dll"
  54. 2014-10-28 10:44 PM,"HKLM\System\CurrentControlSet\Services","hidserv",enabled,"Services",System-wide,"Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\hidserv.dll",6.3.9600.17415,"%SystemRoot%\system32\hidserv.dll"
  55. 2014-10-28 10:33 PM,"HKLM\System\CurrentControlSet\Services","hkmsvc",enabled,"Services",System-wide,"Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\kmsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\kmsvc.dll"
  56. 2016-02-03 9:16 AM,"HKLM\System\CurrentControlSet\Services","IAStorDataMgrSvc",enabled,"Services",System-wide,"Provides storage event notification and manages communication between the storage driver and user space applications.","(Verified) Intel(R) Rapid Storage Technology","Intel Corporation","c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe",14.10.0.1016,"""C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"""
  57. 2017-04-16 4:37 AM,"HKLM\System\CurrentControlSet\Services","IEEtwCollectorService",enabled,"Services",System-wide,"ETW Collector Service for Internet Explorer. When running, this service collects real time ETW events and processes them.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ieetwcollector.exe",11.0.9600.18666,"%SystemRoot%\system32\IEEtwCollector.exe /V"
  58. 2016-03-23 12:43 PM,"HKLM\System\CurrentControlSet\Services","igfxCUIService1.0.0.0",enabled,"Services",System-wide,"Service for Intel(R) HD Graphics Control Panel","(Verified) Intel Corporation - pGFX","Intel Corporation","c:\windows\system32\igfxcuiservice.exe",6.15.10.4414,"%SystemRoot%\system32\igfxCUIService.exe"
  59. 2016-07-07 4:59 PM,"HKLM\System\CurrentControlSet\Services","IKEEXT",enabled,"Services",System-wide,"The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ikeext.dll",6.3.9600.18404,"%SystemRoot%\System32\ikeext.dll"
  60. 2013-09-02 7:30 AM,"HKLM\System\CurrentControlSet\Services","Intel(R) Capability Licensing Service TCP IP Interface",enabled,"Services",System-wide,"Version: 1.31.169.1","(Not verified) Intel(R) Corporation","Intel(R) Corporation","c:\program files\intel\icls client\socketheciserver.exe",1.31.169.1,"""C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"""
  61. 2016-04-07 12:06 PM,"HKLM\System\CurrentControlSet\Services","iphlpsvc",enabled,"Services",System-wide,"Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\iphlpsvc.dll",6.3.9600.18299,"%SystemRoot%\System32\iphlpsvc.dll"
  62. 2013-07-16 10:50 PM,"HKLM\System\CurrentControlSet\Services","jhi_service",enabled,"Services",System-wide,"Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL","(Verified) Intel Corporation - Intel� Management Engine Firmware","Intel Corporation","c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe",9.5.12.1682,"""C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"""
  63. 2014-10-28 9:22 PM,"HKLM\System\CurrentControlSet\Services","KeyIso",enabled,"Services",System-wide,"The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\keyiso.dll",6.3.9600.17415,"%SystemRoot%\system32\keyiso.dll"
  64. 2013-08-22 7:29 AM,"HKLM\System\CurrentControlSet\Services","KPSSVC",enabled,"Services",System-wide,"KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\kpssvc.dll",6.3.9600.16384,"%systemroot%\system32\kpssvc.dll"
  65. 2014-10-28 9:11 PM,"HKLM\System\CurrentControlSet\Services","KtmRm",enabled,"Services",System-wide,"Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msdtckrm.dll",2001.12.10530.17415,"%systemroot%\system32\msdtckrm.dll"
  66. 2017-05-02 2:31 PM,"HKLM\System\CurrentControlSet\Services","LanmanServer",enabled,"Services",System-wide,"Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\srvsvc.dll",6.3.9600.18688,"%SystemRoot%\system32\srvsvc.dll"
  67. 2014-10-28 9:24 PM,"HKLM\System\CurrentControlSet\Services","LanmanWorkstation",enabled,"Services",System-wide,"Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wkssvc.dll",6.3.9600.17415,"%SystemRoot%\System32\wkssvc.dll"
  68. 2014-10-28 10:09 PM,"HKLM\System\CurrentControlSet\Services","lltdsvc",enabled,"Services",System-wide,"Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\lltdsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\lltdsvc.dll"
  69. 2014-10-28 10:48 PM,"HKLM\System\CurrentControlSet\Services","lmhosts",enabled,"Services",System-wide,"Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\lmhsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\lmhsvc.dll"
  70. 2013-06-26 6:39 PM,"HKLM\System\CurrentControlSet\Services","LMS",enabled,"Services",System-wide,"Intel(R) Management and Security Application Local Management Service - Provides OS-related Intel(R) ME functionality.","(Verified) Intel Corporation - Software and Firmware Products","Intel Corporation","c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe",9.5.10.1628,"""C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"""
  71. 2015-02-20 7:49 PM,"HKLM\System\CurrentControlSet\Services","LSM",enabled,"Services",System-wide,"Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\lsm.dll",6.3.9600.17690,"%SystemRoot%\System32\lsm.dll"
  72. 2014-10-28 9:22 PM,"HKLM\System\CurrentControlSet\Services","MMCSS",enabled,"Services",System-wide,"Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mmcss.dll",6.3.9600.17415,"%SystemRoot%\system32\mmcss.dll"
  73. 2016-04-09 5:55 PM,"HKLM\System\CurrentControlSet\Services","MpsSvc",enabled,"Services",System-wide,"Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mpssvc.dll",6.3.9600.18302,"%SystemRoot%\system32\mpssvc.dll"
  74. 2014-10-28 9:12 PM,"HKLM\System\CurrentControlSet\Services","MSDTC",enabled,"Services",System-wide,"Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msdtc.exe",2001.12.10530.17415,"%SystemRoot%\System32\msdtc.exe"
  75. 2016-09-03 2:06 PM,"HKLM\System\CurrentControlSet\Services","MSiSCSI",enabled,"Services",System-wide,"Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\iscsiexe.dll",6.3.9600.18467,"%systemroot%\system32\iscsiexe.dll"
  76. 2016-05-05 1:18 PM,"HKLM\System\CurrentControlSet\Services","msiserver",enabled,"Services",System-wide,"Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msiexec.exe",5.0.9600.18333,"%systemroot%\system32\msiexec.exe /V"
  77. 2016-11-15 12:52 AM,"HKLM\System\CurrentControlSet\Services","MsMpSvc",enabled,"Services",System-wide,"Helps protect users from malware and other potentially unwanted software","(Verified) Microsoft Corporation","Microsoft Corporation","c:\program files\microsoft security client\msmpeng.exe",4.10.209.0,"""c:\Program Files\Microsoft Security Client\MsMpEng.exe"""
  78. 2014-10-28 10:20 PM,"HKLM\System\CurrentControlSet\Services","napagent",enabled,"Services",System-wide,"The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\qagentrt.dll",6.3.9600.17415,"%SystemRoot%\system32\qagentRT.dll"
  79. 2014-10-28 9:48 PM,"HKLM\System\CurrentControlSet\Services","NcaSvc",enabled,"Services",System-wide,"Provides DirectAccess status notification for UI components","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ncasvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ncasvc.dll"
  80. 2014-10-28 9:16 PM,"HKLM\System\CurrentControlSet\Services","NcbService",enabled,"Services",System-wide,"Brokers connections that allow Windows Store Apps to receive notifications from the internet.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ncbservice.dll",6.3.9600.17415,"%SystemRoot%\System32\ncbservice.dll"
  81. 2017-01-10 5:06 PM,"HKLM\System\CurrentControlSet\Services","Netlogon",enabled,"Services",System-wide,"Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\netlogon.dll",6.3.9600.18573,"%SystemRoot%\system32\netlogon.dll"
  82. 2014-10-28 8:51 PM,"HKLM\System\CurrentControlSet\Services","Netman",enabled,"Services",System-wide,"Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\netman.dll",6.3.9600.17415,"%SystemRoot%\System32\netman.dll"
  83. 2014-10-28 9:19 PM,"HKLM\System\CurrentControlSet\Services","netprofm",enabled,"Services",System-wide,"Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\netprofmsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\netprofmsvc.dll"
  84. 2016-11-15 12:52 AM,"HKLM\System\CurrentControlSet\Services","NisSrv",enabled,"Services",System-wide,"Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols","(Verified) Microsoft Corporation","Microsoft Corporation","c:\program files\microsoft security client\nissrv.exe",4.10.209.0,"""c:\Program Files\Microsoft Security Client\NisSrv.exe"""
  85. 2014-12-05 9:41 PM,"HKLM\System\CurrentControlSet\Services","NlaSvc",enabled,"Services",System-wide,"Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\nlasvc.dll",6.3.9600.17550,"%SystemRoot%\System32\nlasvc.dll"
  86. 2015-07-20 11:34 AM,"HKLM\System\CurrentControlSet\Services","NoIPDUCService4",enabled,"Services",System-wide,"The No-IP DUC Service operates a background service to monitor your IP and submit updates to your account when the graphical version of the update client is not actively running on your system.",,"","c:\program files (x86)\no-ip\ducservice.exe",1.0.0.0,"C:\Program Files (x86)\No-IP\ducservice.exe"
  87. 2016-12-25 10:43 PM,"HKLM\System\CurrentControlSet\Services","npggsvc",enabled,"Services",System-wide,"nProtect GameGuard Service","(Verified) INCA Internet Co.","INCA Internet Co., Ltd.","c:\windows\syswow64\gamemon.des",2016.12.26.1,"C:\Windows\system32\GameMon.des -service"
  88. 2014-10-28 9:29 PM,"HKLM\System\CurrentControlSet\Services","nsi",enabled,"Services",System-wide,"This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\nsisvc.dll",6.3.9600.17415,"%systemroot%\system32\nsisvc.dll"
  89. 2017-05-06 7:34 AM,"HKLM\System\CurrentControlSet\Services","NvContainerLocalSystem",enabled,"Services",System-wide,"Container service for NVIDIA root features","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe",1.5.2208.6100,"""C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe"" -s NvContainerLocalSystem -f ""C:\ProgramData\NVIDIA\NvContainerLocalSystem.log"" -l 3 -d ""C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem"" -r -p 30000"
  90. 2017-05-06 7:34 AM,"HKLM\System\CurrentControlSet\Services","NvContainerNetworkService",enabled,"Services",System-wide,"Container service for NVIDIA network features","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe",1.5.2208.6100,"""C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe"" -s NvContainerNetworkService -f ""C:\ProgramData\NVIDIA\NvContainerNetworkService.log"" -l 3 -d ""C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService"" -r -p 30000"
  91. 2017-06-07 7:47 PM,"HKLM\System\CurrentControlSet\Services","NVDisplay.ContainerLocalSystem",enabled,"Services",System-wide,"Container service for NVIDIA root features","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe",1.2.0.0,"""C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe"" -s NVDisplay.ContainerLocalSystem -f ""C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log"" -l 3 -d ""C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"" -r -p 30000"
  92. 2017-05-02 5:55 PM,"HKLM\System\CurrentControlSet\Services","NvTelemetryContainer",enabled,"Services",System-wide,"Container service for NVIDIA Telemetry","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\program files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe",1.4.2206.1309,"""C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe"" -s NvTelemetryContainer -f ""C:\ProgramData\NVIDIA\NvTelemetryContainer.log"" -l 3 -d ""C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"""
  93. 2013-08-22 12:12 AM,"HKLM\System\CurrentControlSet\Services","PerfHost",enabled,"Services",System-wide,"Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\perfhost.exe",6.3.9600.16384,"%SystemRoot%\SysWow64\perfhost.exe"
  94. 2014-10-28 9:56 PM,"HKLM\System\CurrentControlSet\Services","pla",enabled,"Services",System-wide,"Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\pla.dll",6.3.9600.17415,"%systemroot%\system32\pla.dll"
  95. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","PlugPlay",enabled,"Services",System-wide,"Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\umpnpmgr.dll",6.3.9600.17415,"%SystemRoot%\system32\umpnpmgr.dll"
  96. 2016-05-12 11:59 AM,"HKLM\System\CurrentControlSet\Services","PolicyAgent",enabled,"Services",System-wide,"Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool 'netsh ipsec'. If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ipsecsvc.dll",6.3.9600.18339,"%SystemRoot%\System32\ipsecsvc.dll"
  97. 2014-10-28 9:27 PM,"HKLM\System\CurrentControlSet\Services","Power",enabled,"Services",System-wide,"Manages power policy and power policy notification delivery.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\umpo.dll",6.3.9600.17415,"%SystemRoot%\system32\umpo.dll"
  98. 2016-06-07 2:54 PM,"HKLM\System\CurrentControlSet\Services","PrintNotify",enabled,"Services",System-wide,"This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won�t be able to see printer extensions or notifications.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\spool\drivers\x64\3\printconfig.dll",0.3.9600.18374,"C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll"
  99. 2015-07-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","ProfSvc",enabled,"Services",System-wide,"This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\profsvc.dll",6.3.9600.17930,"%systemroot%\system32\profsvc.dll"
  100. 2014-10-28 9:17 PM,"HKLM\System\CurrentControlSet\Services","QWAVE",enabled,"Services",System-wide,"Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\qwave.dll",6.3.9600.17415,"%windir%\system32\qwave.dll"
  101. 2014-10-28 10:34 PM,"HKLM\System\CurrentControlSet\Services","RasAuto",enabled,"Services",System-wide,"Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rasauto.dll",6.3.9600.17415,"%SystemRoot%\System32\rasauto.dll"
  102. 2016-07-07 4:34 PM,"HKLM\System\CurrentControlSet\Services","RasMan",enabled,"Services",System-wide,"Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rasmans.dll",6.3.9600.18404,"%SystemRoot%\System32\rasmans.dll"
  103. 2014-10-28 9:28 PM,"HKLM\System\CurrentControlSet\Services","RpcEptMapper",enabled,"Services",System-wide,"Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rpcepmap.dll",6.3.9600.17415,"%SystemRoot%\System32\RpcEpMap.dll"
  104. 2014-10-28 10:48 PM,"HKLM\System\CurrentControlSet\Services","RpcLocator",enabled,"Services",System-wide,"In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\locator.exe",6.3.9600.17415,"%SystemRoot%\system32\locator.exe"
  105. 2017-04-16 3:22 AM,"HKLM\System\CurrentControlSet\Services","RpcSs",enabled,"Services",System-wide,"The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rpcss.dll",6.3.9600.18666,"%SystemRoot%\system32\rpcss.dll"
  106. 2013-08-22 7:08 AM,"HKLM\System\CurrentControlSet\Services","RSoPProv",enabled,"Services",System-wide,"Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rsopprov.exe",6.3.9600.16384,"%SystemRoot%\system32\RSoPProv.exe"
  107. 2013-08-22 6:03 AM,"HKLM\System\CurrentControlSet\Services","sacsvr",enabled,"Services",System-wide,"Allows administrators to remotely access a command prompt using Emergency Management Services.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sacsvr.dll",6.3.9600.16384,"%SystemRoot%\system32\sacsvr.dll"
  108. 2014-10-28 9:29 PM,"HKLM\System\CurrentControlSet\Services","SamSs",enabled,"Services",System-wide,"The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.","(Verified) Microsoft Windows Publisher","Microsoft Corporation","c:\windows\system32\lsass.exe",6.3.9600.17415,"%SystemRoot%\system32\lsass.exe"
  109. 2016-12-24 7:39 PM,"HKLM\System\CurrentControlSet\Services","ScDeviceEnum",enabled,"Services",System-wide,"Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\scdeviceenum.dll",6.3.9600.18562,"%SystemRoot%\System32\ScDeviceEnum.dll"
  110. 2015-07-31 11:38 PM,"HKLM\System\CurrentControlSet\Services","Schedule",enabled,"Services",System-wide,"Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\schedsvc.dll",6.3.9600.18001,"%systemroot%\system32\schedsvc.dll"
  111. 2016-12-24 8:48 PM,"HKLM\System\CurrentControlSet\Services","SCPolicySvc",enabled,"Services",System-wide,"Allows the system to be configured to lock the user desktop upon smart card removal.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\certprop.dll",6.3.9600.18562,"%SystemRoot%\System32\certprop.dll"
  112. 2016-02-06 2:08 PM,"HKLM\System\CurrentControlSet\Services","seclogon",enabled,"Services",System-wide,"Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\seclogon.dll",6.3.9600.18230,"%windir%\system32\seclogon.dll"
  113. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","SENS",enabled,"Services",System-wide,"Monitors system events and notifies subscribers to COM Event System of these events.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sens.dll",6.3.9600.17415,"%SystemRoot%\System32\sens.dll"
  114. 2017-01-11 3:12 PM,"HKLM\System\CurrentControlSet\Services","SessionEnv",enabled,"Services",System-wide,"Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sessenv.dll",6.3.9600.18574,"%SystemRoot%\system32\sessenv.dll"
  115. 2014-10-28 9:04 PM,"HKLM\System\CurrentControlSet\Services","ShellHWDetection",enabled,"Services",System-wide,"Provides notifications for AutoPlay hardware events.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\shsvcs.dll",6.3.9600.17415,"%SystemRoot%\System32\shsvcs.dll"
  116. 2014-10-28 9:27 PM,"HKLM\System\CurrentControlSet\Services","smphost",enabled,"Services",System-wide,"Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\smphost.dll",6.3.9600.17415,"%Systemroot%\System32\smphost.dll"
  117. 2017-05-09 10:29 AM,"HKLM\System\CurrentControlSet\Services","SNMPTRAP",enabled,"Services",System-wide,"Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\snmptrap.exe",6.3.9600.18693,"%SystemRoot%\System32\snmptrap.exe"
  118. 2014-11-04 1:01 AM,"HKLM\System\CurrentControlSet\Services","Spooler",enabled,"Services",System-wide,"This service spools print jobs and handles interaction with the printer. If you turn off this service, you won�t be able to print or see your printers.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\spoolsv.exe",6.3.9600.17480,"%SystemRoot%\System32\spoolsv.exe"
  119. 2016-06-09 3:40 PM,"HKLM\System\CurrentControlSet\Services","sppsvc",enabled,"Services",System-wide,"Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sppsvc.exe",6.3.9600.18376,"%SystemRoot%\system32\sppsvc.exe"
  120. 2014-10-28 9:22 PM,"HKLM\System\CurrentControlSet\Services","SstpSvc",enabled,"Services",System-wide,"Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sstpsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\sstpsvc.dll"
  121. 2014-10-01 2:23 AM,"HKLM\System\CurrentControlSet\Services","ss_conn_service",enabled,"Services",System-wide,"MSS CS Connectivity Service","(Verified) DEVGURU CO LTD","DEVGURU Co., LTD.","c:\program files\samsung\usb drivers\25_escape\conn\ss_conn_service.exe",2.5.5.0,"""C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe"""
  122. 2017-06-08 12:33 AM,"HKLM\System\CurrentControlSet\Services","Steam Client Service",enabled,"Services",System-wide,"Steam Client Service monitors and updates Steam content","(Verified) Valve","Valve Corporation","c:\program files (x86)\common files\steam\steamservice.exe",4.0.6.0,"""C:\Program Files (x86)\Common Files\Steam\SteamService.exe"" /RunAsService"
  123. 2014-10-28 9:59 PM,"HKLM\System\CurrentControlSet\Services","stisvc",enabled,"Services",System-wide,"Provides image acquisition services for scanners and cameras","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wiaservc.dll",6.3.9600.17415,"%SystemRoot%\System32\wiaservc.dll"
  124. 2014-10-28 10:33 PM,"HKLM\System\CurrentControlSet\Services","svsvc",enabled,"Services",System-wide,"Verifies potential file system corruptions.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\svsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\svsvc.dll"
  125. 2014-10-28 9:01 PM,"HKLM\System\CurrentControlSet\Services","swprv",enabled,"Services",System-wide,"Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\swprv.dll",6.3.9600.17415,"%Systemroot%\System32\swprv.dll"
  126. 2015-07-10 1:54 PM,"HKLM\System\CurrentControlSet\Services","SysMain",enabled,"Services",System-wide,"Maintains and improves system performance over time.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sysmain.dll",6.3.9600.17931,"%systemroot%\system32\sysmain.dll"
  127. 2015-05-12 9:19 AM,"HKLM\System\CurrentControlSet\Services","SystemEventsBroker",enabled,"Services",System-wide,"Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\systemeventsbrokerserver.dll",6.3.9600.17827,"%SystemRoot%\System32\SystemEventsBrokerServer.dll"
  128. 2014-10-28 10:41 PM,"HKLM\System\CurrentControlSet\Services","TabletInputService",enabled,"Services",System-wide,"Enables Touch Keyboard and Handwriting Panel pen and ink functionality","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tabsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\TabSvc.dll"
  129. 2014-10-28 10:12 PM,"HKLM\System\CurrentControlSet\Services","TapiSrv",enabled,"Services",System-wide,"Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tapisrv.dll",6.3.9600.17415,"%SystemRoot%\System32\tapisrv.dll"
  130. 2014-10-28 9:26 PM,"HKLM\System\CurrentControlSet\Services","Themes",enabled,"Services",System-wide,"Provides user experience theme management.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\themeservice.dll",6.3.9600.17415,"%SystemRoot%\system32\themeservice.dll"
  131. 2014-10-28 9:22 PM,"HKLM\System\CurrentControlSet\Services","THREADORDER",enabled,"Services",System-wide,"Provides ordered execution for a group of threads within a specific period of time.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mmcss.dll",6.3.9600.17415,"%SystemRoot%\system32\mmcss.dll"
  132. 2014-10-08 3:13 AM,"HKLM\System\CurrentControlSet\Services","TieringEngineService",enabled,"Services",System-wide,"Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tieringengineservice.exe",6.3.9600.17396,"%SystemRoot%\system32\TieringEngineService.exe"
  133. 2014-10-28 9:20 PM,"HKLM\System\CurrentControlSet\Services","TimeBroker",enabled,"Services",System-wide,"Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\timebrokerserver.dll",6.3.9600.17415,"%SystemRoot%\System32\TimeBrokerServer.dll"
  134. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","TrkWks",enabled,"Services",System-wide,"Maintains links between NTFS files within a computer or across computers in a network.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\trkwks.dll",6.3.9600.17415,"%SystemRoot%\System32\trkwks.dll"
  135. 2014-10-28 9:19 PM,"HKLM\System\CurrentControlSet\Services","TrustedInstaller",enabled,"Services",System-wide,"Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\servicing\trustedinstaller.exe",6.3.9600.17415,"%SystemRoot%\servicing\TrustedInstaller.exe"
  136. 2014-09-04 6:28 PM,"HKLM\System\CurrentControlSet\Services","UALSVC",enabled,"Services",System-wide,"This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ualsvc.dll",6.3.9600.17335,"%SystemRoot%\System32\ualsvc.dll"
  137. 2014-10-28 10:34 PM,"HKLM\System\CurrentControlSet\Services","UI0Detect",enabled,"Services",System-wide,"Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ui0detect.exe",6.3.9600.17415,"%SystemRoot%\system32\UI0Detect.exe"
  138. 2014-10-28 8:49 PM,"HKLM\System\CurrentControlSet\Services","UmRdpService",enabled,"Services",System-wide,"Allows the redirection of Printers/Drives/Ports for RDP connections","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\umrdp.dll",6.3.9600.17415,"%SystemRoot%\System32\umrdp.dll"
  139. 2014-10-28 9:13 PM,"HKLM\System\CurrentControlSet\Services","VaultSvc",enabled,"Services",System-wide,"Provides secure storage and retrieval of credentials to users, applications and security service packages.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\vaultsvc.dll",6.3.9600.17415,"C:\Windows\System32\vaultsvc.dll"
  140. 2014-10-28 10:06 PM,"HKLM\System\CurrentControlSet\Services","vds",enabled,"Services",System-wide,"Provides management services for disks, volumes, file systems, and storage arrays.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\vds.exe",6.3.9600.17415,"%SystemRoot%\System32\vds.exe"
  141. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmicguestinterface",enabled,"Services",System-wide,"Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  142. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmicheartbeat",enabled,"Services",System-wide,"Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  143. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmickvpexchange",enabled,"Services",System-wide,"Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  144. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmicrdv",enabled,"Services",System-wide,"Provides a platform for communication between the virtual machine and the operating system running on the physical computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  145. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmicshutdown",enabled,"Services",System-wide,"Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  146. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmictimesync",enabled,"Services",System-wide,"Synchronizes the system time of this virtual machine with the system time of the physical computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  147. 2014-10-28 9:43 PM,"HKLM\System\CurrentControlSet\Services","vmicvss",enabled,"Services",System-wide,"Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\icsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\ICSvc.dll"
  148. 2016-02-05 10:46 AM,"HKLM\System\CurrentControlSet\Services","VSS",enabled,"Services",System-wide,"Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\vssvc.exe",6.3.9600.18229,"%systemroot%\system32\vssvc.exe"
  149. 2014-10-28 9:26 PM,"HKLM\System\CurrentControlSet\Services","W32Time",enabled,"Services",System-wide,"Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\w32time.dll",6.3.9600.17415,"%systemroot%\system32\w32time.dll"
  150. 2014-10-28 9:13 PM,"HKLM\System\CurrentControlSet\Services","Wcmsvc",enabled,"Services",System-wide,"Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wcmsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\wcmsvc.dll"
  151. 2014-10-28 9:04 PM,"HKLM\System\CurrentControlSet\Services","wcncsvc",enabled,"Services",System-wide,"WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started programmatically as needed.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wcncsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\wcncsvc.dll"
  152. 2014-10-28 10:17 PM,"HKLM\System\CurrentControlSet\Services","WcsPlugInService",enabled,"Services",System-wide,"The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wcspluginservice.dll",6.3.9600.17415,"%SystemRoot%\System32\WcsPlugInService.dll"
  153. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","WdiServiceHost",enabled,"Services",System-wide,"The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wdi.dll",6.3.9600.17415,"%SystemRoot%\system32\wdi.dll"
  154. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","WdiSystemHost",enabled,"Services",System-wide,"The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wdi.dll",6.3.9600.17415,"%SystemRoot%\system32\wdi.dll"
  155. 2016-06-09 3:32 PM,"HKLM\System\CurrentControlSet\Services","WebClient",enabled,"Services",System-wide,"Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\webclnt.dll",6.3.9600.18376,"%SystemRoot%\System32\webclnt.dll"
  156. 2014-10-28 9:08 PM,"HKLM\System\CurrentControlSet\Services","Wecsvc",enabled,"Services",System-wide,"This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wecsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\wecsvc.dll"
  157. 2014-10-28 10:42 PM,"HKLM\System\CurrentControlSet\Services","WEPHOSTSVC",enabled,"Services",System-wide,"Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wephostsvc.dll",6.3.9600.17415,"%systemroot%\system32\wephostsvc.dll"
  158. 2014-10-28 10:11 PM,"HKLM\System\CurrentControlSet\Services","wercplsupport",enabled,"Services",System-wide,"This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wercplsupport.dll",6.3.9600.17415,"%SystemRoot%\System32\wercplsupport.dll"
  159. 2014-10-28 10:34 PM,"HKLM\System\CurrentControlSet\Services","WiaRpc",enabled,"Services",System-wide,"Launches applications associated with still image acquisition events.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wiarpc.dll",6.3.9600.17415,"%SystemRoot%\System32\wiarpc.dll"
  160. 2016-06-11 12:37 PM,"HKLM\System\CurrentControlSet\Services","WinHttpAutoProxySvc",enabled,"Services",System-wide,"WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\winhttp.dll",6.3.9600.18378,"%SystemRoot%\system32\winhttp.dll"
  161. 2014-10-28 9:18 PM,"HKLM\System\CurrentControlSet\Services","Winmgmt",enabled,"Services",System-wide,"Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wbem\wmisvc.dll",6.3.9600.17415,"%SystemRoot%\system32\wbem\WMIsvc.dll"
  162. 2017-03-13 12:29 PM,"HKLM\System\CurrentControlSet\Services","WinRM",enabled,"Services",System-wide,"Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wsmsvc.dll",6.3.9600.18627,"%SystemRoot%\system32\WsmSvc.dll"
  163. 2014-10-28 9:03 PM,"HKLM\System\CurrentControlSet\Services","WlanSvc",enabled,"Services",System-wide,"The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wlansvc.dll",6.3.9600.17415,"%SystemRoot%\System32\wlansvc.dll"
  164. 2014-10-28 9:11 PM,"HKLM\System\CurrentControlSet\Services","wlidsvc",enabled,"Services",System-wide,"Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wlidsvc.dll",6.3.9600.17415,"%SystemRoot%\system32\wlidsvc.dll"
  165. 2013-08-22 7:32 AM,"HKLM\System\CurrentControlSet\Services","WLMS",enabled,"Services",System-wide,"This service monitors the Windows software license state.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wlms\wlms.exe",6.3.9600.16384,"%SystemRoot%\system32\wlms\wlms.exe"
  166. 2014-10-28 9:18 PM,"HKLM\System\CurrentControlSet\Services","wmiApSrv",enabled,"Services",System-wide,"Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wbem\wmiapsrv.exe",6.3.9600.17415,"%systemroot%\system32\wbem\WmiApSrv.exe"
  167. 2017-04-06 11:44 AM,"HKLM\System\CurrentControlSet\Services","WPDBusEnum",enabled,"Services",System-wide,"Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wpdbusenum.dll",6.3.9600.18659,"%SystemRoot%\system32\wpdbusenum.dll"
  168. 2014-10-28 9:11 PM,"HKLM\System\CurrentControlSet\Services","WSService",enabled,"Services",System-wide,"Provides infrastructure support for Windows Store.This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wsservice.dll",6.3.9600.17415,"%SystemRoot%\System32\WSService.dll"
  169. 2017-05-11 10:18 PM,"HKLM\System\CurrentControlSet\Services","wuauserv",enabled,"Services",System-wide,"Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wuaueng.dll",7.9.9600.18696,"%systemroot%\system32\wuaueng.dll"
  170. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Services","wudfsvc",enabled,"Services",System-wide,"Creates and manages user-mode driver processes. This service cannot be stopped.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wudfsvc.dll",6.3.9600.17415,"%SystemRoot%\System32\WUDFSvc.dll"
  171. 2017-07-02 4:39 PM,HKLM\System\CurrentControlSet\Services,,,"Drivers",System-wide,,,,,,
  172. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","1394ohci",enabled,"Drivers",System-wide,"1394 OpenHCI Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\1394ohci.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\1394ohci.sys"
  173. 2013-04-11 6:49 PM,"HKLM\System\CurrentControlSet\Services","3ware",enabled,"Drivers",System-wide,"LSI 3ware SCSI Storport Driver","(Verified) Microsoft Windows","LSI","c:\windows\system32\drivers\3ware.sys",5.1.0.51,"System32\drivers\3ware.sys"
  174. 2014-10-06 11:29 PM,"HKLM\System\CurrentControlSet\Services","ACPI",enabled,"Drivers",System-wide,"ACPI Driver for NT","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\acpi.sys",6.3.9600.17393,"System32\drivers\ACPI.sys"
  175. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","acpiex",enabled,"Drivers",System-wide,"ACPIEx Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\acpiex.sys",6.3.9600.16384,"System32\Drivers\acpiex.sys"
  176. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","acpipagr",enabled,"Drivers",System-wide,"ACPI Processor Aggregator Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\acpipagr.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\acpipagr.sys"
  177. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","AcpiPmi",enabled,"Drivers",System-wide,"ACPI Power Metering Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\acpipmi.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\acpipmi.sys"
  178. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","acpitime",enabled,"Drivers",System-wide,"ACPI Wake Alarm","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\acpitime.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\acpitime.sys"
  179. 2013-07-12 5:47 PM,"HKLM\System\CurrentControlSet\Services","ADP80XX",enabled,"Drivers",System-wide,"PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller","(Verified) Microsoft Windows","PMC-Sierra","c:\windows\system32\drivers\adp80xx.sys",1.0.0.254,"System32\drivers\ADP80XX.SYS"
  180. 2015-10-13 1:10 PM,"HKLM\System\CurrentControlSet\Services","AFD",enabled,"Drivers",System-wide,"Ancillary Function Driver for Winsock","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\afd.sys",6.3.9600.18089,"\SystemRoot\system32\drivers\afd.sys"
  181. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","agp440",enabled,"Drivers",System-wide,"440 NT AGP Filter","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\agp440.sys",6.3.9600.16384,"System32\drivers\agp440.sys"
  182. 2014-12-11 8:51 PM,"HKLM\System\CurrentControlSet\Services","ahcache",enabled,"Drivers",System-wide,"Cache Compatibility Data and Attributes for Individual PE File","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ahcache.sys",6.3.9600.17555,"system32\DRIVERS\ahcache.sys"
  183. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","AmdK8",enabled,"Drivers",System-wide,"Processor Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\amdk8.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\amdk8.sys"
  184. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","AmdPPM",enabled,"Drivers",System-wide,"Processor Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\amdppm.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\amdppm.sys"
  185. 2013-07-08 6:54 PM,"HKLM\System\CurrentControlSet\Services","amdsata",enabled,"Drivers",System-wide,"AHCI 1.3 Device Driver","(Verified) Microsoft Windows","Advanced Micro Devices","c:\windows\system32\drivers\amdsata.sys",1.1.4.14,"System32\drivers\amdsata.sys"
  186. 2012-12-11 5:21 PM,"HKLM\System\CurrentControlSet\Services","amdsbs",enabled,"Drivers",System-wide,"AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform","(Verified) Microsoft Windows","AMD Technologies Inc.","c:\windows\system32\drivers\amdsbs.sys",3.7.1540.43,"System32\drivers\amdsbs.sys"
  187. 2013-07-08 6:45 PM,"HKLM\System\CurrentControlSet\Services","amdxata",enabled,"Drivers",System-wide,"Storage Filter Driver","(Verified) Microsoft Windows","Advanced Micro Devices","c:\windows\system32\drivers\amdxata.sys",1.1.4.14,"System32\drivers\amdxata.sys"
  188. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","AppID",enabled,"Drivers",System-wide,"Identifies an application and enforces software restriction policies.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\appid.sys",6.3.9600.17415,"\SystemRoot\system32\drivers\appid.sys"
  189. 2013-07-08 8:50 PM,"HKLM\System\CurrentControlSet\Services","arcsas",enabled,"Drivers",System-wide,"Adaptec SAS RAID WS03 Driver","(Verified) Microsoft Windows","PMC-Sierra, Inc.","c:\windows\system32\drivers\arcsas.sys",7.2.0.30261,"System32\drivers\arcsas.sys"
  190. 2009-07-02 5:13 AM,"HKLM\System\CurrentControlSet\Services","ASMMAP64",enabled,"Drivers",System-wide,"Memory mapping Driver","(Verified) ASUSTeK Computer Inc.","ASUS","c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys",1.0.9.1,"\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys"
  191. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","AsyncMac",enabled,"Drivers",System-wide,"RAS Asynchronous Media Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\asyncmac.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\asyncmac.sys"
  192. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","atapi",enabled,"Drivers",System-wide,"ATAPI IDE Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\atapi.sys",6.3.9600.16384,"System32\drivers\atapi.sys"
  193. 2013-07-02 4:35 AM,"HKLM\System\CurrentControlSet\Services","ATKWMIACPIIO",enabled,"Drivers",System-wide,"ATK WMIACPI Utility","(Verified) ASUSTeK Computer Inc.","ASUSTek Computer Inc.","c:\program files (x86)\asus\atk package\atk wmiacpi\atkwmiacpi64.sys",1.0.6.1,"\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys"
  194. 2013-02-04 3:47 PM,"HKLM\System\CurrentControlSet\Services","b06bdrv",enabled,"Drivers",System-wide,"Broadcom NetXtreme II GigE VBD","(Verified) Microsoft Windows","Broadcom Corporation","c:\windows\system32\drivers\bxvbda.sys",7.4.14.0,"System32\drivers\bxvbda.sys"
  195. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","BasicDisplay",enabled,"Drivers",System-wide,"Microsoft Basic Display Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\basicdisplay.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\BasicDisplay.sys"
  196. 2017-03-12 11:04 AM,"HKLM\System\CurrentControlSet\Services","BasicRender",enabled,"Drivers",System-wide,"Microsoft Basic Render Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\basicrender.sys",6.3.9600.18626,"\SystemRoot\System32\drivers\BasicRender.sys"
  197. 2013-06-01 12:59 AM,"HKLM\System\CurrentControlSet\Services","BCM43XX",enabled,"Drivers",System-wide,"Broadcom 802.11 Network Adapter wireless driver","(Verified) Broadcom Corporation","Broadcom Corporation","c:\windows\system32\drivers\bcmwl63a.sys",6.30.223.102,"\SystemRoot\system32\DRIVERS\bcmwl63a.sys"
  198. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","Beep",enabled,"Drivers",System-wide,"BEEP Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\beep.sys",6.3.9600.16384,"Beep"
  199. 2013-04-07 7:02 PM,"HKLM\System\CurrentControlSet\Services","bfadfcoei",enabled,"Drivers",System-wide,"Brocade FC/FCoE HBA Stor Miniport Driver","(Verified) Microsoft Windows","Brocade Communications Systems, Inc.","c:\windows\system32\drivers\bfadfcoei.sys",6.3.9374.0,"System32\drivers\bfadfcoei.sys"
  200. 2013-03-27 5:08 PM,"HKLM\System\CurrentControlSet\Services","bfadi",enabled,"Drivers",System-wide,"Brocade FC/FCoE HBA Stor Miniport Driver","(Verified) Microsoft Windows","Brocade Communications Systems, Inc.","c:\windows\system32\drivers\bfadi.sys",6.3.9367.0,"System32\drivers\bfadi.sys"
  201. 2016-10-04 4:39 PM,"HKLM\System\CurrentControlSet\Services","bowser",enabled,"Drivers",System-wide,"@%systemroot%\system32\browser.dll,-103","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\bowser.sys",6.3.9600.18508,"system32\DRIVERS\bowser.sys"
  202. 2013-02-04 5:38 PM,"HKLM\System\CurrentControlSet\Services","bxfcoe",enabled,"Drivers",System-wide,"FCoE offload x64 FREE","(Verified) Microsoft Windows","Broadcom Corporation","c:\windows\system32\drivers\bxfcoe.sys",7.4.6.0,"System32\drivers\bxfcoe.sys"
  203. 2013-02-04 5:40 PM,"HKLM\System\CurrentControlSet\Services","bxois",enabled,"Drivers",System-wide,"iSCSI offload x64 FREE","(Verified) Microsoft Windows","Broadcom Corporation","c:\windows\system32\drivers\bxois.sys",7.4.4.0,"System32\drivers\bxois.sys"
  204. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","cdrom",enabled,"Drivers",System-wide,"SCSI CD-ROM Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\cdrom.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\cdrom.sys"
  205. 2013-05-14 1:19 AM,"HKLM\System\CurrentControlSet\Services","cht4vbd",enabled,"Drivers",System-wide,"Virtual Bus Driver for Chelsio � T4 Chipset","(Verified) Chelsio.com(Test)","Chelsio Communications","c:\windows\system32\drivers\cht4vx64.sys",4.4.13.0,"\SystemRoot\System32\drivers\cht4vx64.sys"
  206. 2016-11-16 10:52 AM,"HKLM\System\CurrentControlSet\Services","CLFS",enabled,"Drivers",System-wide,"General-purpose logging service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\clfs.sys",6.3.9600.18539,"System32\drivers\CLFS.sys"
  207. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","CmBatt",enabled,"Drivers",System-wide,"Control Method Battery Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\cmbatt.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\CmBatt.sys"
  208. 2017-01-21 3:22 PM,"HKLM\System\CurrentControlSet\Services","CNG",enabled,"Drivers",System-wide,"Kernel Cryptography, Next Generation","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\cng.sys",6.3.9600.18581,"System32\Drivers\cng.sys"
  209. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","CompositeBus",enabled,"Drivers",System-wide,"Multi-Transport Composite Bus Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\compositebus.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\CompositeBus.sys"
  210. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","condrv",enabled,"Drivers",System-wide,"Console Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\condrv.sys",6.3.9600.16384,"System32\drivers\condrv.sys"
  211. 2017-01-10 6:37 PM,"HKLM\System\CurrentControlSet\Services","Dfsc",enabled,"Drivers",System-wide,"Client driver for access to DFS Namespaces","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\dfsc.sys",6.3.9600.18573,"System32\Drivers\dfsc.sys"
  212. 2014-11-25 10:14 PM,"HKLM\System\CurrentControlSet\Services","dg_ssudbus",enabled,"Drivers",System-wide,"SAMSUNG USB Composite Device Driver (MSS Ver.3)","(Verified) Samsung Electronics CO.","DEVGURU Co., LTD.(www.devguru.co.kr)","c:\windows\system32\drivers\ssudbus.sys",2.11.11.0,"\SystemRoot\system32\DRIVERS\ssudbus.sys"
  213. 2016-01-20 10:52 AM,"HKLM\System\CurrentControlSet\Services","disk",enabled,"Drivers",System-wide,"PnP Disk Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\disk.sys",6.3.9600.18203,"System32\drivers\disk.sys"
  214. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","dmvsc",enabled,"Drivers",System-wide,"Dynamic Memory","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\dmvsc.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\dmvsc.sys"
  215. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","drmkaud",enabled,"Drivers",System-wide,"Microsoft Trusted Audio Drivers","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\drmkaud.sys",6.3.9600.17415,"\SystemRoot\system32\drivers\drmkaud.sys"
  216. 2017-04-09 4:38 PM,"HKLM\System\CurrentControlSet\Services","DXGKrnl",enabled,"Drivers",System-wide,"Controls the underlying video driver stacks to provide fully-featured display capabilities.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\dxgkrnl.sys",6.3.9600.18662,"\SystemRoot\System32\drivers\dxgkrnl.sys"
  217. 2013-04-08 10:30 AM,"HKLM\System\CurrentControlSet\Services","ebdrv",enabled,"Drivers",System-wide,"Broadcom NetXtreme II 10 GigE VBD","(Verified) Microsoft Windows","Broadcom Corporation","c:\windows\system32\drivers\evbda.sys",7.4.33.1,"System32\drivers\evbda.sys"
  218. 2013-03-04 5:21 AM,"HKLM\System\CurrentControlSet\Services","ElbyCDIO",enabled,"Drivers",System-wide,"ElbyCD Windows x64 I/O driver","(Verified) Elaborate Bytes AG","Elaborate Bytes AG","c:\windows\system32\drivers\elbycdio.sys",6.1.1.2,"System32\Drivers\ElbyCDIO.sys"
  219. 2013-06-11 4:21 PM,"HKLM\System\CurrentControlSet\Services","elxfcoe",enabled,"Drivers",System-wide,"Emulex Storport Miniport Driver","(Verified) Microsoft Windows","Emulex","c:\windows\system32\drivers\elxfcoe.sys",2.74.214.4,"System32\drivers\elxfcoe.sys"
  220. 2013-06-11 4:21 PM,"HKLM\System\CurrentControlSet\Services","elxstor",enabled,"Drivers",System-wide,"Emulex Storport Miniport Driver","(Verified) Microsoft Windows","Emulex","c:\windows\system32\drivers\elxstor.sys",2.74.214.4,"System32\drivers\elxstor.sys"
  221. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","ErrDev",enabled,"Drivers",System-wide,"Error Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\errdev.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\errdev.sys"
  222. 2013-08-01 3:39 AM,"HKLM\System\CurrentControlSet\Services","ETD",enabled,"Drivers",System-wide,"ETD Kernel Center","(Verified) ELAN Microelectronics Corporation","ELAN Microelectronics Corp.","c:\windows\system32\drivers\etd.sys",11.110.0.0,"\SystemRoot\system32\DRIVERS\ETD.sys"
  223. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","exfat",enabled,"Drivers",System-wide,"exFAT File System Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\exfat.sys",6.3.9600.16384,"exfat"
  224. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","fastfat",enabled,"Drivers",System-wide,"Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fastfat.sys",6.3.9600.16384,"fastfat"
  225. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","fcvsc",enabled,"Drivers",System-wide,"Microsoft Virtual Fibre Channel HBA miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fcvsc.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\fcvsc.sys"
  226. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","fdc",enabled,"Drivers",System-wide,"Floppy Disk Controller Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fdc.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\fdc.sys"
  227. 2014-02-22 8:13 AM,"HKLM\System\CurrentControlSet\Services","FileInfo",enabled,"Drivers",System-wide,"Collects information about files in memory to be consumed by other system services.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fileinfo.sys",6.3.9600.17031,"\SystemRoot\System32\drivers\fileinfo.sys"
  228. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","Filetrace",enabled,"Drivers",System-wide,"ETW File Trace Filter","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\filetrace.sys",6.3.9600.16384,"system32\drivers\filetrace.sys"
  229. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","flpydisk",enabled,"Drivers",System-wide,"Floppy Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\flpydisk.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\flpydisk.sys"
  230. 2014-08-25 10:25 PM,"HKLM\System\CurrentControlSet\Services","FltMgr",enabled,"Drivers",System-wide,"File System Filter Manager Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fltmgr.sys",6.3.9600.17326,"system32\drivers\fltmgr.sys"
  231. 2014-10-08 3:34 AM,"HKLM\System\CurrentControlSet\Services","FsDepends",enabled,"Drivers",System-wide,"This minifilter tracks the dependencies associated with the various nested volumes/filesystems","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fsdepends.sys",6.3.9600.17396,"System32\drivers\FsDepends.sys"
  232. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","FxPPM",enabled,"Drivers",System-wide,"Processor Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\fxppm.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\fxppm.sys"
  233. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","gagp30kx",enabled,"Drivers",System-wide,"MS Generic AGPv3.0 Filter for K8/9 Processor Platforms","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\gagp30kx.sys",6.3.9600.16384,"System32\drivers\gagp30kx.sys"
  234. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","gencounter",enabled,"Drivers",System-wide,"Virtual Machine Generation Counter","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vmgencounter.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\vmgencounter.sys"
  235. 2014-08-14 6:24 PM,"HKLM\System\CurrentControlSet\Services","GPIOClx0101",enabled,"Drivers",System-wide,"GPIO Class Extension Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\msgpioclx.sys",6.3.9600.17253,"System32\Drivers\msgpioclx.sys"
  236. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","HdAudAddService",enabled,"Drivers",System-wide,"High Definition Audio Function Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hdaudio.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\HdAudio.sys"
  237. 2014-07-24 7:45 AM,"HKLM\System\CurrentControlSet\Services","HDAudBus",enabled,"Drivers",System-wide,"High Definition Audio Bus Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hdaudbus.sys",6.3.9600.17238,"\SystemRoot\System32\drivers\HDAudBus.sys"
  238. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","HidBatt",enabled,"Drivers",System-wide,"Hid Battery Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hidbatt.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\HidBatt.sys"
  239. 2013-10-07 9:45 PM,"HKLM\System\CurrentControlSet\Services","HIDSwitch",enabled,"Drivers",System-wide,"HID driver for ASUS Wireless Radio Control ","(Verified) ASUSTeK Computer Inc.","ASUS","c:\windows\system32\drivers\ashidswitch64.sys",1.0.0.3,"\SystemRoot\System32\drivers\AsHIDSwitch64.sys"
  240. 2016-05-13 7:08 PM,"HKLM\System\CurrentControlSet\Services","HidUsb",enabled,"Drivers",System-wide,"USB Miniport Driver for Input Devices","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hidusb.sys",6.3.9600.18340,"\SystemRoot\System32\drivers\hidusb.sys"
  241. 2013-03-26 5:36 PM,"HKLM\System\CurrentControlSet\Services","HpSAMD",enabled,"Drivers",System-wide,"Smart Array SAS/SATA Controller Media Driver","(Verified) Microsoft Windows","Hewlett-Packard Company","c:\windows\system32\drivers\hpsamd.sys",8.0.4.0,"System32\drivers\HpSAMD.sys"
  242. 2017-01-11 5:29 PM,"HKLM\System\CurrentControlSet\Services","HTTP",enabled,"Drivers",System-wide,"HTTP Service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\http.sys",6.3.9600.18574,"system32\drivers\HTTP.sys"
  243. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","hwpolicy",enabled,"Drivers",System-wide,"Contains Processor and other policies","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hwpolicy.sys",6.3.9600.16384,"System32\drivers\hwpolicy.sys"
  244. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","hyperkbd",enabled,"Drivers",System-wide,"Microsoft VMBus Synthetic Keyboard Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hyperkbd.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\hyperkbd.sys"
  245. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","HyperVideo",enabled,"Drivers",System-wide,"Microsoft VMBus Video Device Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\hypervideo.sys",6.3.9600.16384,"\SystemRoot\system32\DRIVERS\HyperVideo.sys"
  246. 2014-11-04 2:54 AM,"HKLM\System\CurrentControlSet\Services","i8042prt",enabled,"Drivers",System-wide,"i8042 Port Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\i8042prt.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\i8042prt.sys"
  247. 2015-11-04 6:27 AM,"HKLM\System\CurrentControlSet\Services","iaStorA",enabled,"Drivers",System-wide,"Intel(R) Rapid Storage Technology driver - x64","(Verified) Intel(R) Rapid Storage Technology","Intel Corporation","c:\windows\system32\drivers\iastora.sys",14.8.0.1042,"System32\drivers\iaStorA.sys"
  248. 2013-07-31 8:00 PM,"HKLM\System\CurrentControlSet\Services","iaStorAV",enabled,"Drivers",System-wide,"Intel Rapid Storage Technology driver (inbox) - x64","(Verified) Intel Corporation - Intel� Rapid Storage Technology","Intel Corporation","c:\windows\system32\drivers\iastorav.sys",12.0.1.1018,"System32\drivers\iaStorAV.sys"
  249. 2011-04-11 2:48 PM,"HKLM\System\CurrentControlSet\Services","iaStorV",enabled,"Drivers",System-wide,"Intel Matrix Storage Manager driver - x64","(Verified) Microsoft Windows","Intel Corporation","c:\windows\system32\drivers\iastorv.sys",8.6.2.1019,"System32\drivers\iaStorV.sys"
  250. 2013-05-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","ibbus",enabled,"Drivers",System-wide,"InfiniBand Fabric Bus Driver","(Verified) Microsoft Windows","Mellanox","c:\windows\system32\drivers\ibbus.sys",4.4.13905.0,"System32\drivers\ibbus.sys"
  251. 2016-03-23 12:47 PM,"HKLM\System\CurrentControlSet\Services","igfx",enabled,"Drivers",System-wide,"Intel Graphics Kernel Mode Driver","(Verified) Intel(R) pGFX","Intel Corporation","c:\windows\system32\drivers\igdkmd64.sys",10.18.14.4414,"\SystemRoot\system32\DRIVERS\igdkmd64.sys"
  252. 2015-11-11 12:45 PM,"HKLM\System\CurrentControlSet\Services","intaud_WaveExtensible",enabled,"Drivers",System-wide,"Intel� WiDi Solution","(Verified) Intel(R) Wireless Display","Intel Corporation","c:\windows\system32\drivers\intelaud.sys",5.5.71.0,"\SystemRoot\system32\drivers\intelaud.sys"
  253. 2015-03-17 6:56 AM,"HKLM\System\CurrentControlSet\Services","IntcAzAudAddService",enabled,"Drivers",System-wide,"Realtek(r) High Definition Audio Function Driver","(Verified) Realtek Semiconductor Corp","Realtek Semiconductor Corp.","c:\windows\system32\drivers\rtkvhd64.sys",6.0.1.7469,"\SystemRoot\system32\drivers\RTKVHD64.sys"
  254. 2015-03-31 6:56 AM,"HKLM\System\CurrentControlSet\Services","IntcDAud",enabled,"Drivers",System-wide,"Intel(R) Display Audio Driver","(Verified) Intel Corporation - Client Components Group","Intel(R) Corporation","c:\windows\system32\drivers\intcdaud.sys",6.16.0.3174,"\SystemRoot\system32\DRIVERS\IntcDAud.sys"
  255. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","intelide",enabled,"Drivers",System-wide,"Intel PCI IDE Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\intelide.sys",6.3.9600.16384,"System32\drivers\intelide.sys"
  256. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","intelppm",enabled,"Drivers",System-wide,"Processor Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\intelppm.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\intelppm.sys"
  257. 2013-08-22 7:35 AM,"HKLM\System\CurrentControlSet\Services","IpFilterDriver",enabled,"Drivers",System-wide,"IP Traffic Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ipfltdrv.sys",6.3.9600.16384,"system32\DRIVERS\ipfltdrv.sys"
  258. 2016-02-03 11:14 AM,"HKLM\System\CurrentControlSet\Services","IPMIDRV",enabled,"Drivers",System-wide,"WMI IPMI DRIVER","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ipmidrv.sys",6.3.9600.18227,"\SystemRoot\System32\drivers\IPMIDrv.sys"
  259. 2013-11-27 8:02 AM,"HKLM\System\CurrentControlSet\Services","IPNAT",enabled,"Drivers",System-wide,"IP Network Address Translator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ipnat.sys",6.3.9600.16477,"System32\drivers\ipnat.sys"
  260. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","isapnp",enabled,"Drivers",System-wide,"PNP ISA Bus Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\isapnp.sys",6.3.9600.16384,"System32\drivers\isapnp.sys"
  261. 2017-03-10 11:02 AM,"HKLM\System\CurrentControlSet\Services","iScsiPrt",enabled,"Drivers",System-wide,"Microsoft iSCSI Initiator Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\msiscsi.sys",6.3.9600.18624,"\SystemRoot\System32\drivers\msiscsi.sys"
  262. 2015-11-11 12:45 PM,"HKLM\System\CurrentControlSet\Services","iwdbus",enabled,"Drivers",System-wide,"Intel� WiDi Solution","(Verified) Intel(R) Wireless Display","Intel Corporation","c:\windows\system32\drivers\iwdbus.sys",5.5.71.0,"\SystemRoot\System32\drivers\iwdbus.sys"
  263. 2014-11-04 2:54 AM,"HKLM\System\CurrentControlSet\Services","kbdclass",enabled,"Drivers",System-wide,"Keyboard Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\kbdclass.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\kbdclass.sys"
  264. 2014-11-04 2:54 AM,"HKLM\System\CurrentControlSet\Services","kbdhid",enabled,"Drivers",System-wide,"HID Keyboard Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\kbdhid.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\kbdhid.sys"
  265. 2012-08-01 11:22 PM,"HKLM\System\CurrentControlSet\Services","kbfiltr",enabled,"Drivers",System-wide,"Keyboard Filter Driver","(Verified) ASUSTeK Computer Inc."," ","c:\windows\system32\drivers\kbfiltr.sys",1.0.0.1,"\SystemRoot\System32\drivers\kbfiltr.sys"
  266. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","kdnic",enabled,"Drivers",System-wide,"Microsoft Kernel Debugger Network Miniport","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\kdnic.sys",6.1.0.0,"\SystemRoot\system32\DRIVERS\kdnic.sys"
  267. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","KSecDD",enabled,"Drivers",System-wide,"Kernel Security Support Provider Interface","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ksecdd.sys",6.3.9600.17415,"System32\Drivers\ksecdd.sys"
  268. 2016-05-18 6:11 PM,"HKLM\System\CurrentControlSet\Services","KSecPkg",enabled,"Drivers",System-wide,"Kernel Security Support Provider Interface Packages","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ksecpkg.sys",6.3.9600.18344,"System32\Drivers\ksecpkg.sys"
  269. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","ksthunk",enabled,"Drivers",System-wide,"Kernel Streaming WOW Thunk Service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ksthunk.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\ksthunk.sys"
  270. 2013-03-31 11:15 PM,"HKLM\System\CurrentControlSet\Services","L1C",enabled,"Drivers",System-wide,"Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller","(Verified) Qualcomm Atheros","Qualcomm Atheros Co., Ltd.","c:\windows\system32\drivers\l1c63x64.sys",2.1.0.16,"\SystemRoot\system32\DRIVERS\L1C63x64.sys"
  271. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","lltdio",enabled,"Drivers",System-wide,"Link-Layer Topology Mapper I/O Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\lltdio.sys",6.3.9600.16384,"\SystemRoot\system32\DRIVERS\lltdio.sys"
  272. 2013-03-28 1:42 PM,"HKLM\System\CurrentControlSet\Services","LSI_SAS",enabled,"Drivers",System-wide,"LSI Fusion-MPT SAS Driver (StorPort)","(Verified) Microsoft Windows","LSI Corporation","c:\windows\system32\drivers\lsi_sas.sys",1.34.3.82,"System32\drivers\lsi_sas.sys"
  273. 2013-03-28 1:45 PM,"HKLM\System\CurrentControlSet\Services","LSI_SAS2",enabled,"Drivers",System-wide,"LSI SAS Gen2 Driver (StorPort)","(Verified) Microsoft Windows","LSI Corporation","c:\windows\system32\drivers\lsi_sas2.sys",2.0.60.82,"System32\drivers\lsi_sas2.sys"
  274. 2013-03-15 7:38 PM,"HKLM\System\CurrentControlSet\Services","LSI_SAS3",enabled,"Drivers",System-wide,"LSI SAS Gen3 Driver (StorPort)","(Verified) Microsoft Windows","LSI Corporation","c:\windows\system32\drivers\lsi_sas3.sys",2.50.65.1,"System32\drivers\lsi_sas3.sys"
  275. 2013-03-15 7:39 PM,"HKLM\System\CurrentControlSet\Services","LSI_SSS",enabled,"Drivers",System-wide,"LSI SSS PCIe/Flash Driver (StorPort)","(Verified) Microsoft Windows","LSI Corporation","c:\windows\system32\drivers\lsi_sss.sys",2.10.61.81,"System32\drivers\lsi_sss.sys"
  276. 2014-02-22 8:14 AM,"HKLM\System\CurrentControlSet\Services","luafv",enabled,"Drivers",System-wide,"Virtualizes file write failures to per-user locations.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\luafv.sys",6.3.9600.17031,"\SystemRoot\system32\drivers\luafv.sys"
  277. 2013-07-23 5:08 PM,"HKLM\System\CurrentControlSet\Services","megasas",enabled,"Drivers",System-wide,"MEGASAS RAID Controller Driver for Windows","(Verified) Microsoft Windows","LSI Corporation","c:\windows\system32\drivers\megasas.sys",6.3.9466.0,"System32\drivers\megasas.sys"
  278. 2013-06-03 6:02 PM,"HKLM\System\CurrentControlSet\Services","megasr",enabled,"Drivers",System-wide,"LSI MegaRAID Software RAID Driver","(Verified) Microsoft Windows","LSI Corporation, Inc.","c:\windows\system32\drivers\megasr.sys",15.2.2013.129,"System32\drivers\megasr.sys"
  279. 2016-07-07 5:27 PM,"HKLM\System\CurrentControlSet\Services","MEIx64",enabled,"Drivers",System-wide,"Intel(R) Management Engine Interface","(Verified) Intel(R) Embedded Subsystems and IP Blocks Group","Intel Corporation","c:\windows\system32\drivers\teedriverw8x64.sys",11.5.0.1019,"\SystemRoot\System32\drivers\TeeDriverW8x64.sys"
  280. 2013-05-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","mlx4_bus",enabled,"Drivers",System-wide,"MLX4 Bus Driver","(Verified) Microsoft Windows","Mellanox","c:\windows\system32\drivers\mlx4_bus.sys",4.4.13905.0,"System32\drivers\mlx4_bus.sys"
  281. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","Modem",enabled,"Drivers",System-wide,"Modem Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\modem.sys",6.3.9600.16384,"system32\drivers\modem.sys"
  282. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","monitor",enabled,"Drivers",System-wide,"Monitor Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\monitor.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\monitor.sys"
  283. 2014-11-04 2:54 AM,"HKLM\System\CurrentControlSet\Services","mouclass",enabled,"Drivers",System-wide,"Mouse Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mouclass.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\mouclass.sys"
  284. 2014-11-04 2:54 AM,"HKLM\System\CurrentControlSet\Services","mouhid",enabled,"Drivers",System-wide,"HID Mouse Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mouhid.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\mouhid.sys"
  285. 2017-05-06 2:34 PM,"HKLM\System\CurrentControlSet\Services","mountmgr",enabled,"Drivers",System-wide,"Driver responsible with maintaining persistent drive letters and names for volumes","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mountmgr.sys",6.3.9600.18692,"System32\drivers\mountmgr.sys"
  286. 2016-08-08 7:01 PM,"HKLM\System\CurrentControlSet\Services","MpBoot",enabled,"Drivers",System-wide,"Microsoft Malware Protection Boot Driver","(Verified) Microsoft Windows Early Launch Anti-malware Publisher","Microsoft Corporation","c:\windows\system32\drivers\mpboot.sys",4.10.202.0,"system32\DRIVERS\MpBoot.sys"
  287. 2016-08-08 7:01 PM,"HKLM\System\CurrentControlSet\Services","MpFilter",enabled,"Drivers",System-wide,"Microsoft On-Access Malware Protection Mini-Filter Driver","(Verified) Microsoft Corporation","Microsoft Corporation","c:\windows\system32\drivers\mpfilter.sys",4.10.202.0,"system32\DRIVERS\MpFilter.sys"
  288. 2015-05-19 9:50 PM,"HKLM\System\CurrentControlSet\Services","MpKsl57b12a30",enabled,"Drivers",System-wide,"KSLDriver","(Verified) Microsoft Windows Hardware Compatibility Publisher","Microsoft Corporation","c:\programdata\microsoft\microsoft antimalware\definition updates\{2f79e5e6-4e88-4f96-95bc-52dab0f6db58}\mpksl57b12a30.sys",1.2.1003.0,"\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F79E5E6-4E88-4F96-95BC-52DAB0F6DB58}\MpKsl57b12a30.sys"
  289. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","mpsdrv",enabled,"Drivers",System-wide,"@%SystemRoot%\system32\FirewallAPI.dll,-23093","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mpsdrv.sys",6.3.9600.17415,"System32\drivers\mpsdrv.sys"
  290. 2016-09-08 10:00 AM,"HKLM\System\CurrentControlSet\Services","MRxDAV",enabled,"Drivers",System-wide,"Network Redirector that provides WebDAV file access for the WebClient service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mrxdav.sys",6.3.9600.18469,"\SystemRoot\system32\drivers\mrxdav.sys"
  291. 2017-02-01 3:42 PM,"HKLM\System\CurrentControlSet\Services","mrxsmb",enabled,"Drivers",System-wide,"Implements the framework for the SMB filesystem redirector","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mrxsmb.sys",6.3.9600.18586,"system32\DRIVERS\mrxsmb.sys"
  292. 2017-02-01 3:44 PM,"HKLM\System\CurrentControlSet\Services","mrxsmb20",enabled,"Drivers",System-wide,"Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mrxsmb20.sys",6.3.9600.18586,"system32\DRIVERS\mrxsmb20.sys"
  293. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","MsBridge",enabled,"Drivers",System-wide,"Microsoft MAC Bridge","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\bridge.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\bridge.sys"
  294. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","Msfs",enabled,"Drivers",System-wide,"Mailslot driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\msfs.sys",6.3.9600.16384,"Msfs"
  295. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","mshidkmdf",enabled,"Drivers",System-wide,"Device Filter to provide pass-through interface between HIDCLASS and KMDF","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mshidkmdf.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\mshidkmdf.sys"
  296. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","mshidumdf",enabled,"Drivers",System-wide,"Device Driver to provide pass-through interface between HIDCLASS and UMDF","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mshidumdf.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\mshidumdf.sys"
  297. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","msisadrv",enabled,"Drivers",System-wide,"ISA Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\msisadrv.sys",6.3.9600.16384,"System32\drivers\msisadrv.sys"
  298. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","MSKSSRV",enabled,"Drivers",System-wide,"MS KS Server","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mskssrv.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\MSKSSRV.sys"
  299. 2016-07-09 2:32 PM,"HKLM\System\CurrentControlSet\Services","MsLbfoProvider",enabled,"Drivers",System-wide,"Microsoft Load Balancing/Failover Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mslbfoprovider.sys",6.3.9600.18406,"\SystemRoot\system32\DRIVERS\MsLbfoProvider.sys"
  300. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","MSPCLOCK",enabled,"Drivers",System-wide,"MS Proxy Clock","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mspclock.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\MSPCLOCK.sys"
  301. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","MSPQM",enabled,"Drivers",System-wide,"MS Proxy Quality Manager","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mspqm.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\MSPQM.sys"
  302. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","MsRPC",enabled,"Drivers",System-wide,"Kernel Remote Procedure Call Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\msrpc.sys",6.3.9600.16384,"MsRPC"
  303. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","mssmbios",enabled,"Drivers",System-wide,"System Management BIOS Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mssmbios.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\mssmbios.sys"
  304. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","MSTEE",enabled,"Drivers",System-wide,"WDM Tee/Communication Transform Filter ","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mstee.sys",6.3.9600.16384,"\SystemRoot\system32\drivers\MSTEE.sys"
  305. 2015-11-13 5:25 PM,"HKLM\System\CurrentControlSet\Services","mt7612US",enabled,"Drivers",System-wide,"MT7612U Phoenix Driver","(Verified) Microsoft Windows Hardware Compatibility Publisher","MediaTek Inc.","c:\windows\system32\drivers\mt7612us.sys",5888.0.0.0,"\SystemRoot\system32\DRIVERS\mt7612US.sys"
  306. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","MTConfig",enabled,"Drivers",System-wide,"Microsoft Multi-Touch HID Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mtconfig.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\MTConfig.sys"
  307. 2016-04-06 2:22 PM,"HKLM\System\CurrentControlSet\Services","Mup",enabled,"Drivers",System-wide,"Multiple UNC Provider Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\mup.sys",6.3.9600.18298,"System32\Drivers\mup.sys"
  308. 2013-03-20 1:14 PM,"HKLM\System\CurrentControlSet\Services","mvumis",enabled,"Drivers",System-wide,"Marvell Flash Controller Driver","(Verified) Microsoft Windows","Marvell Semiconductor, Inc.","c:\windows\system32\drivers\mvumis.sys",1.0.5.1015,"System32\drivers\mvumis.sys"
  309. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","NativeWifiP",enabled,"Drivers",System-wide,"NativeWiFi Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\nwifi.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\nwifi.sys"
  310. 2013-05-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","ndfltr",enabled,"Drivers",System-wide,"NetworkDirect Support Filter Driver","(Verified) Microsoft Windows","Mellanox","c:\windows\system32\drivers\ndfltr.sys",4.4.13905.0,"System32\drivers\ndfltr.sys"
  311. 2017-01-14 3:29 PM,"HKLM\System\CurrentControlSet\Services","NDIS",enabled,"Drivers",System-wide,"NDIS System Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndis.sys",6.3.9600.18577,"system32\drivers\ndis.sys"
  312. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","NdisCap",enabled,"Drivers",System-wide,"Microsoft NDIS Capture","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndiscap.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\ndiscap.sys"
  313. 2016-03-03 2:24 PM,"HKLM\System\CurrentControlSet\Services","NdisImPlatform",enabled,"Drivers",System-wide,"Microsoft Network Adapter Multiplexor Protocol","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndisimplatform.sys",6.3.9600.18258,"\SystemRoot\system32\DRIVERS\NdisImPlatform.sys"
  314. 2014-11-08 12:00 AM,"HKLM\System\CurrentControlSet\Services","NdisTapi",enabled,"Drivers",System-wide,"Remote Access NDIS TAPI Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndistapi.sys",6.3.9600.17484,"\SystemRoot\system32\DRIVERS\ndistapi.sys"
  315. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","Ndisuio",enabled,"Drivers",System-wide,"NDIS User mode I/O driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndisuio.sys",6.3.9600.16384,"\SystemRoot\system32\DRIVERS\ndisuio.sys"
  316. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","NdisVirtualBus",enabled,"Drivers",System-wide,"Microsoft Virtual Network Adapter Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndisvirtualbus.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\NdisVirtualBus.sys"
  317. 2016-04-05 6:37 PM,"HKLM\System\CurrentControlSet\Services","NdisWan",enabled,"Drivers",System-wide,"Remote Access NDIS WAN Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndiswan.sys",6.3.9600.18297,"\SystemRoot\System32\drivers\ndiswan.sys"
  318. 2016-04-05 6:37 PM,"HKLM\System\CurrentControlSet\Services","NDISWANLEGACY",enabled,"Drivers",System-wide,"Remote Access LEGACY NDIS WAN Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndiswan.sys",6.3.9600.18297,"\SystemRoot\system32\DRIVERS\ndiswan.sys"
  319. 2015-01-05 11:00 PM,"HKLM\System\CurrentControlSet\Services","NDProxy",enabled,"Drivers",System-wide,"NDIS Proxy","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ndproxy.sys",6.3.9600.17626,"NDProxy"
  320. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","NetBIOS",enabled,"Drivers",System-wide,"@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\netbios.sys",6.3.9600.17415,"system32\DRIVERS\netbios.sys"
  321. 2016-05-13 7:07 PM,"HKLM\System\CurrentControlSet\Services","NetBT",enabled,"Drivers",System-wide,"This service implements NetBios over TCP/IP.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\netbt.sys",6.3.9600.18340,"System32\DRIVERS\netbt.sys"
  322. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","netvsc",enabled,"Drivers",System-wide,"Virtual NDIS6.3 Miniport","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\netvsc63.sys",6.3.9600.17415,"\SystemRoot\System32\drivers\netvsc63.sys"
  323. 2016-08-08 7:01 PM,"HKLM\System\CurrentControlSet\Services","NisDrv",enabled,"Drivers",System-wide,"NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols","(Verified) Microsoft Corporation","Microsoft Corporation","c:\windows\system32\drivers\nisdrvwfp.sys",4.10.202.0,"\SystemRoot\system32\DRIVERS\NisDrvWFP.sys"
  324. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","Npfs",enabled,"Drivers",System-wide,"NPFS Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\npfs.sys",6.3.9600.16384,"Npfs"
  325. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","npsvctrig",enabled,"Drivers",System-wide,"Named pipe service triggers","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\npsvctrig.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\npsvctrig.sys"
  326. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","nsiproxy",enabled,"Drivers",System-wide,"NSI Proxy Service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\nsiproxy.sys",6.3.9600.17415,"system32\drivers\nsiproxy.sys"
  327. 2017-03-31 10:26 PM,"HKLM\System\CurrentControlSet\Services","Ntfs",enabled,"Drivers",System-wide,"NT File System Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ntfs.sys",6.3.9600.18654,"Ntfs"
  328. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","Null",enabled,"Drivers",System-wide,"NULL Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\null.sys",6.3.9600.16384,"Null"
  329. 2017-06-07 7:03 PM,"HKLM\System\CurrentControlSet\Services","nvlddmkm",enabled,"Drivers",System-wide,"NVIDIA Windows Kernel Mode Driver, Version 382.53 ","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\windows\system32\drivers\nvlddmkm.sys",22.21.13.8253,"\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
  330. 2011-09-12 8:01 PM,"HKLM\System\CurrentControlSet\Services","nvraid",enabled,"Drivers",System-wide,"NVIDIA� nForce(TM) RAID Driver","(Verified) Microsoft Windows","NVIDIA Corporation","c:\windows\system32\drivers\nvraid.sys",10.6.0.22,"System32\drivers\nvraid.sys"
  331. 2011-09-12 7:53 PM,"HKLM\System\CurrentControlSet\Services","nvstor",enabled,"Drivers",System-wide,"NVIDIA� nForce(TM) Sata Performance Driver","(Verified) Microsoft Windows","NVIDIA Corporation","c:\windows\system32\drivers\nvstor.sys",10.6.0.22,"System32\drivers\nvstor.sys"
  332. 2017-05-06 7:31 AM,"HKLM\System\CurrentControlSet\Services","NvStreamKms",enabled,"Drivers",System-wide,"Nvidia Streaming Kernel Service","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys",7.1.2208.6100,"\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys"
  333. 2017-04-12 4:06 AM,"HKLM\System\CurrentControlSet\Services","nvvad_WaveExtensible",enabled,"Drivers",System-wide,"NVIDIA Virtual Audio Driver","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\windows\system32\drivers\nvvad64v.sys",3.80.1.0,"\SystemRoot\system32\drivers\nvvad64v.sys"
  334. 2016-12-27 9:44 PM,"HKLM\System\CurrentControlSet\Services","nvvhci",enabled,"Drivers",System-wide,"Virtual USB Host Controller driver","(Verified) NVIDIA Corporation","NVIDIA Corporation","c:\windows\system32\drivers\nvvhci.sys",202.0.0.0,"\SystemRoot\System32\drivers\nvvhci.sys"
  335. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","nv_agp",enabled,"Drivers",System-wide,"NForce NT AGP Filter","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\nv_agp.sys",6.3.9600.16384,"System32\drivers\nv_agp.sys"
  336. 2016-08-11 2:33 PM,"HKLM\System\CurrentControlSet\Services","Parport",enabled,"Drivers",System-wide,"Parallel Port Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\parport.sys",6.3.9600.18437,"\SystemRoot\System32\drivers\parport.sys"
  337. 2014-10-08 3:34 AM,"HKLM\System\CurrentControlSet\Services","partmgr",enabled,"Drivers",System-wide,"Disk class filter driver that auctions out partitions to volume managers","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\partmgr.sys",6.3.9600.17396,"System32\drivers\partmgr.sys"
  338. 2014-07-24 7:45 AM,"HKLM\System\CurrentControlSet\Services","pci",enabled,"Drivers",System-wide,"NT Plug and Play PCI Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pci.sys",6.3.9600.17238,"System32\drivers\pci.sys"
  339. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","pciide",enabled,"Drivers",System-wide,"Generic PCI IDE Bus Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pciide.sys",6.3.9600.16384,"System32\drivers\pciide.sys"
  340. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","pcmcia",enabled,"Drivers",System-wide,"PCMCIA Bus Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pcmcia.sys",6.3.9600.16384,"System32\drivers\pcmcia.sys"
  341. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","pcw",enabled,"Drivers",System-wide,"Performance Counters for Windows Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pcw.sys",6.3.9600.16384,"System32\drivers\pcw.sys"
  342. 2014-10-15 12:34 AM,"HKLM\System\CurrentControlSet\Services","pdc",enabled,"Drivers",System-wide,"Power Dependency Coordinator Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pdc.sys",6.3.9600.17254,"system32\drivers\pdc.sys"
  343. 2014-02-22 8:09 AM,"HKLM\System\CurrentControlSet\Services","PEAUTH",enabled,"Drivers",System-wide,"Protected Environment Authentication and Authorization Export Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\peauth.sys",6.3.9600.17031,"system32\drivers\peauth.sys"
  344. 2013-08-22 7:35 AM,"HKLM\System\CurrentControlSet\Services","PptpMiniport",enabled,"Drivers",System-wide,"WAN Miniport (PPTP)","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\raspptp.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\raspptp.sys"
  345. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","Processor",enabled,"Drivers",System-wide,"Processor Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\processr.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\processr.sys"
  346. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","Psched",enabled,"Drivers",System-wide,"QoS Packet Scheduler","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\pacer.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\pacer.sys"
  347. 2013-06-03 5:08 PM,"HKLM\System\CurrentControlSet\Services","ql2300i",enabled,"Drivers",System-wide,"QLogic Fibre Channel Stor Miniport Inbox Driver","(Verified) Microsoft Windows","QLogic Corporation","c:\windows\system32\drivers\ql2300i.sys",9.1.11.3,"System32\drivers\ql2300i.sys"
  348. 2013-03-25 6:43 PM,"HKLM\System\CurrentControlSet\Services","ql40xx2i",enabled,"Drivers",System-wide,"QLogic iSCSI Storport Miniport Inbox Driver","(Verified) Microsoft Windows","QLogic Corporation","c:\windows\system32\drivers\ql40xx2i.sys",2.1.5.0,"System32\drivers\ql40xx2i.sys"
  349. 2013-06-07 3:07 PM,"HKLM\System\CurrentControlSet\Services","qlfcoei",enabled,"Drivers",System-wide,"QLogic FCoE Stor Miniport Inbox Driver","(Verified) Microsoft Windows","QLogic Corporation","c:\windows\system32\drivers\qlfcoei.sys",9.1.11.3,"System32\drivers\qlfcoei.sys"
  350. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","QWAVEdrv",enabled,"Drivers",System-wide,"Quality Windows Audio/Video Experience component driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\qwavedrv.sys",6.3.9600.17415,"\SystemRoot\system32\drivers\qwavedrv.sys"
  351. 2014-10-28 10:48 PM,"HKLM\System\CurrentControlSet\Services","RasAcd",enabled,"Drivers",System-wide,"Remote Access Auto Connection Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rasacd.sys",6.3.9600.17415,"System32\DRIVERS\rasacd.sys"
  352. 2016-07-07 6:32 PM,"HKLM\System\CurrentControlSet\Services","RasAgileVpn",enabled,"Drivers",System-wide,"@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\agilevpn.sys",6.3.9600.18404,"\SystemRoot\system32\DRIVERS\AgileVpn.sys"
  353. 2016-02-02 2:16 PM,"HKLM\System\CurrentControlSet\Services","Rasl2tp",enabled,"Drivers",System-wide,"WAN Miniport (L2TP)","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rasl2tp.sys",6.3.9600.18226,"\SystemRoot\System32\drivers\rasl2tp.sys"
  354. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","RasPppoe",enabled,"Drivers",System-wide,"Remote Access PPPOE Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\raspppoe.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\raspppoe.sys"
  355. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Services","RasSstp",enabled,"Drivers",System-wide,"WAN Miniport (SSTP)","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rassstp.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\rassstp.sys"
  356. 2016-04-06 2:20 PM,"HKLM\System\CurrentControlSet\Services","rdbss",enabled,"Drivers",System-wide,"Provides the framework for network mini-redirectors","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rdbss.sys",6.3.9600.18298,"system32\DRIVERS\rdbss.sys"
  357. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","rdpbus",enabled,"Drivers",System-wide,"Microsoft RDP Bus Device driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rdpbus.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\rdpbus.sys"
  358. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","RDPDR",enabled,"Drivers",System-wide,"Remote Desktop Device Redirector Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rdpdr.sys",6.3.9600.16384,"System32\drivers\rdpdr.sys"
  359. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","RdpVideoMiniport",enabled,"Drivers",System-wide,"Microsoft RDP Video Miniport driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rdpvideominiport.sys",6.3.9600.17415,"System32\drivers\rdpvideominiport.sys"
  360. 2016-10-11 11:56 AM,"HKLM\System\CurrentControlSet\Services","ReFS",enabled,"Drivers",System-wide,"NT ReFS FS Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\refs.sys",6.3.9600.18514,"ReFS"
  361. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","rspndr",enabled,"Drivers",System-wide,"Link-Layer Topology Responder Driver for NDIS 6","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\rspndr.sys",6.3.9600.16384,"\SystemRoot\system32\DRIVERS\rspndr.sys"
  362. 2016-09-30 8:03 AM,"HKLM\System\CurrentControlSet\Services","RTCore64",enabled,"Drivers",System-wide,"","(Verified) MICRO-STAR INTERNATIONAL CO.","","c:\program files (x86)\msi afterburner\rtcore64.sys",,"\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys"
  363. 2015-08-11 7:13 AM,"HKLM\System\CurrentControlSet\Services","rzudd",enabled,"Drivers",System-wide,"Razer Rzudd Engine","(Verified) Razer Inc.","Razer Inc","c:\windows\system32\drivers\rzudd.sys",1.0.38.0,"\SystemRoot\System32\drivers\rzudd.sys"
  364. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","s3cap",enabled,"Drivers",System-wide,"Microsoft S3 Emulated Device Cap Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vms3cap.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\vms3cap.sys"
  365. 2013-08-22 7:35 AM,"HKLM\System\CurrentControlSet\Services","sacdrv",enabled,"Drivers",System-wide,"Windows SAC Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sacdrv.sys",6.3.9600.16384,"system32\DRIVERS\sacdrv.sys"
  366. 2013-08-22 4:46 AM,"HKLM\System\CurrentControlSet\Services","sbp2port",enabled,"Drivers",System-wide,"SBP-2 Protocol Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sbp2port.sys",6.3.9600.16384,"System32\drivers\sbp2port.sys"
  367. 2016-12-24 9:21 PM,"HKLM\System\CurrentControlSet\Services","scfilter",enabled,"Drivers",System-wide,"Smart card reader filter driver enabling smart card PnP.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\scfilter.sys",6.3.9600.18562,"System32\DRIVERS\scfilter.sys"
  368. 2015-03-12 10:01 PM,"HKLM\System\CurrentControlSet\Services","sdbus",enabled,"Drivers",System-wide,"SecureDigital Bus Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sdbus.sys",6.3.9600.17705,"\SystemRoot\System32\drivers\sdbus.sys"
  369. 2014-02-22 8:14 AM,"HKLM\System\CurrentControlSet\Services","sdstor",enabled,"Drivers",System-wide,"SD Storage Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sdstor.sys",6.3.9600.17031,"\SystemRoot\System32\drivers\sdstor.sys"
  370. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","SerCx",enabled,"Drivers",System-wide,"Serial Class Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sercx.sys",6.3.9600.16384,"system32\drivers\SerCx.sys"
  371. 2013-10-25 4:28 PM,"HKLM\System\CurrentControlSet\Services","SerCx2",enabled,"Drivers",System-wide,"Serial Class Extension V2","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sercx2.sys",6.3.9600.16444,"system32\drivers\SerCx2.sys"
  372. 2016-08-11 2:33 PM,"HKLM\System\CurrentControlSet\Services","Serenum",enabled,"Drivers",System-wide,"Serial Port Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\serenum.sys",6.3.9600.18437,"\SystemRoot\System32\drivers\serenum.sys"
  373. 2016-08-11 2:33 PM,"HKLM\System\CurrentControlSet\Services","Serial",enabled,"Drivers",System-wide,"Serial Device Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\serial.sys",6.3.9600.18437,"\SystemRoot\System32\drivers\serial.sys"
  374. 2014-11-04 2:55 AM,"HKLM\System\CurrentControlSet\Services","sermouse",enabled,"Drivers",System-wide,"Serial Mouse Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sermouse.sys",6.3.9600.17480,"\SystemRoot\System32\drivers\sermouse.sys"
  375. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","sfloppy",enabled,"Drivers",System-wide,"SCSI Floppy Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\sfloppy.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\sfloppy.sys"
  376. 2008-09-24 2:28 PM,"HKLM\System\CurrentControlSet\Services","SiSRaid2",enabled,"Drivers",System-wide,"SiS RAID Stor Miniport Driver","(Verified) Microsoft Windows","Silicon Integrated Systems Corp.","c:\windows\system32\drivers\sisraid2.sys",5.1.1039.2600,"System32\drivers\SiSRaid2.sys"
  377. 2008-10-01 5:56 PM,"HKLM\System\CurrentControlSet\Services","SiSRaid4",enabled,"Drivers",System-wide,"SiS AHCI Stor-Miniport Driver","(Verified) Microsoft Windows","Silicon Integrated Systems","c:\windows\system32\drivers\sisraid4.sys",5.1.1039.3600,"System32\drivers\sisraid4.sys"
  378. 2014-03-19 9:15 PM,"HKLM\System\CurrentControlSet\Services","smbdirect",enabled,"Drivers",System-wide,"SMB Network Direct Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\smbdirect.sys",6.3.9600.17056,"System32\DRIVERS\smbdirect.sys"
  379. 2017-01-10 6:37 PM,"HKLM\System\CurrentControlSet\Services","spaceport",enabled,"Drivers",System-wide,"Storage Spaces Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\spaceport.sys",6.3.9600.18573,"System32\drivers\spaceport.sys"
  380. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","SpbCx",enabled,"Drivers",System-wide,"SPB Class Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\spbcx.sys",6.3.9600.16384,"system32\drivers\SpbCx.sys"
  381. 2017-05-02 4:09 PM,"HKLM\System\CurrentControlSet\Services","srv2",enabled,"Drivers",System-wide,"Enables connectivity from Windows Vista and later clients","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\srv2.sys",6.3.9600.18688,"System32\DRIVERS\srv2.sys"
  382. 2017-05-02 4:08 PM,"HKLM\System\CurrentControlSet\Services","srvnet",enabled,"Drivers",System-wide,"Server Network driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\srvnet.sys",6.3.9600.18688,"System32\DRIVERS\srvnet.sys"
  383. 2014-11-25 10:14 PM,"HKLM\System\CurrentControlSet\Services","ssudmdm",enabled,"Drivers",System-wide,"@oem67.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)","(Verified) Samsung Electronics CO.","DEVGURU Co., LTD.(www.devguru.co.kr)","c:\windows\system32\drivers\ssudmdm.sys",2.11.11.0,"\SystemRoot\system32\DRIVERS\ssudmdm.sys"
  384. 2012-11-26 8:02 PM,"HKLM\System\CurrentControlSet\Services","stexstor",enabled,"Drivers",System-wide,"Promise SuperTrak EX Series Driver for Windows x64","(Verified) Microsoft Windows","Promise Technology, Inc.","c:\windows\system32\drivers\stexstor.sys",5.1.0.10,"System32\drivers\stexstor.sys"
  385. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","storahci",enabled,"Drivers",System-wide,"MS AHCI Storport Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\storahci.sys",6.3.9600.16384,"System32\drivers\storahci.sys"
  386. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","storflt",enabled,"Drivers",System-wide,"Virtual Storage Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vmstorfl.sys",6.3.9600.17415,"System32\drivers\vmstorfl.sys"
  387. 2017-05-14 4:44 PM,"HKLM\System\CurrentControlSet\Services","stornvme",enabled,"Drivers",System-wide,"Microsoft NVM Express Storport Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\stornvme.sys",6.3.9600.18698,"System32\drivers\stornvme.sys"
  388. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","storvsc",enabled,"Drivers",System-wide,"Storage VSC Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\storvsc.sys",6.3.9600.16384,"System32\drivers\storvsc.sys"
  389. 2017-01-12 11:03 AM,"HKLM\System\CurrentControlSet\Services","storvsp",enabled,"Drivers",System-wide,"Storage vsp Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\storvsp.sys",6.3.9600.18575,"\SystemRoot\System32\drivers\storvsp.sys"
  390. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","swenum",enabled,"Drivers",System-wide,"Plug and Play Software Device Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\swenum.sys",6.3.9600.17415,"\SystemRoot\System32\drivers\swenum.sys"
  391. 2016-09-20 10:18 AM,"HKLM\System\CurrentControlSet\Services","Tcpip",enabled,"Drivers",System-wide,"TCP/IP Protocol Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tcpip.sys",6.3.9600.18478,"System32\drivers\tcpip.sys"
  392. 2016-09-20 10:18 AM,"HKLM\System\CurrentControlSet\Services","TCPIP6",enabled,"Drivers",System-wide,"@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tcpip.sys",6.3.9600.18478,"\SystemRoot\system32\DRIVERS\tcpip.sys"
  393. 2014-03-06 5:19 AM,"HKLM\System\CurrentControlSet\Services","tcpipreg",enabled,"Drivers",System-wide,"Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tcpipreg.sys",6.3.9600.17041,"System32\drivers\tcpipreg.sys"
  394. 2017-05-14 4:42 PM,"HKLM\System\CurrentControlSet\Services","tdx",enabled,"Drivers",System-wide,"NetIO Legacy TDI Support Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tdx.sys",6.3.9600.18698,"\SystemRoot\system32\DRIVERS\tdx.sys"
  395. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","terminpt",enabled,"Drivers",System-wide,"Terminal Server Input Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\terminpt.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\terminpt.sys"
  396. 2015-09-25 10:23 AM,"HKLM\System\CurrentControlSet\Services","TPM",enabled,"Drivers",System-wide,"@tpm.inf,%TPMDesc%;TPM Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tpm.sys",6.3.9600.18065,"\SystemRoot\system32\drivers\tpm.sys"
  397. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","TsUsbFlt",enabled,"Drivers",System-wide,"Remote Desktop USB Hub Class Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tsusbflt.sys",6.3.9600.16384,"system32\drivers\tsusbflt.sys"
  398. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","TsUsbGD",enabled,"Drivers",System-wide,"Remote Desktop Generic USB Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tsusbgd.sys",6.3.9600.17415,"\SystemRoot\System32\drivers\TsUsbGD.sys"
  399. 2016-01-31 2:08 PM,"HKLM\System\CurrentControlSet\Services","tsusbhub",enabled,"Drivers",System-wide,"Remote Desktop USB Hub","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tsusbhub.sys",6.3.9600.18224,"\SystemRoot\System32\drivers\tsusbhub.sys"
  400. 2015-09-04 3:24 PM,"HKLM\System\CurrentControlSet\Services","tunnel",enabled,"Drivers",System-wide,"Microsoft Tunnel Interface Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\tunnel.sys",6.3.9600.18048,"\SystemRoot\system32\DRIVERS\tunnel.sys"
  401. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","uagp35",enabled,"Drivers",System-wide,"MS AGPv3.5 Filter","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\uagp35.sys",6.3.9600.16384,"System32\drivers\uagp35.sys"
  402. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","UASPStor",enabled,"Drivers",System-wide,"Microsoft Uasp Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\uaspstor.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\uaspstor.sys"
  403. 2014-10-07 1:00 AM,"HKLM\System\CurrentControlSet\Services","UCX01000",enabled,"Drivers",System-wide,"USB Controller Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\ucx01000.sys",6.3.9600.17393,"\SystemRoot\System32\drivers\ucx01000.sys"
  404. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","UEFI",enabled,"Drivers",System-wide,"UEFI Driver for NT","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\uefi.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\UEFI.sys"
  405. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","uliagpkx",enabled,"Drivers",System-wide,"ULi AGPv3.0 Filter for K8/9 Processor Platforms","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\uliagpkx.sys",6.3.9600.16384,"System32\drivers\uliagpkx.sys"
  406. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","umbus",enabled,"Drivers",System-wide,"User-Mode Bus Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\umbus.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\umbus.sys"
  407. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","UmPass",enabled,"Drivers",System-wide,"Generic pass-through driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\umpass.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\umpass.sys"
  408. 2014-07-24 7:44 AM,"HKLM\System\CurrentControlSet\Services","usbccgp",enabled,"Drivers",System-wide,"USB Common Class Generic Parent Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbccgp.sys",6.3.9600.17238,"\SystemRoot\System32\drivers\usbccgp.sys"
  409. 2016-01-08 2:22 PM,"HKLM\System\CurrentControlSet\Services","usbehci",enabled,"Drivers",System-wide,"EHCI eUSB Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbehci.sys",6.3.9600.18191,"\SystemRoot\System32\drivers\usbehci.sys"
  410. 2015-10-10 2:40 PM,"HKLM\System\CurrentControlSet\Services","usbhub",enabled,"Drivers",System-wide,"Default Hub Driver for USB","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbhub.sys",6.3.9600.18088,"\SystemRoot\System32\drivers\usbhub.sys"
  411. 2015-10-10 2:40 PM,"HKLM\System\CurrentControlSet\Services","USBHUB3",enabled,"Drivers",System-wide,"USB3 HUB Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbhub3.sys",6.3.9600.18088,"\SystemRoot\System32\drivers\UsbHub3.sys"
  412. 2015-10-10 2:41 PM,"HKLM\System\CurrentControlSet\Services","usbohci",enabled,"Drivers",System-wide,"OHCI USB Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbohci.sys",6.3.9600.18088,"\SystemRoot\System32\drivers\usbohci.sys"
  413. 2013-08-22 7:36 AM,"HKLM\System\CurrentControlSet\Services","usbprint",enabled,"Drivers",System-wide,"USB Printer driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbprint.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\usbprint.sys"
  414. 2016-01-31 2:09 PM,"HKLM\System\CurrentControlSet\Services","USBSTOR",enabled,"Drivers",System-wide,"USB Mass Storage Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbstor.sys",6.3.9600.18224,"\SystemRoot\System32\drivers\USBSTOR.SYS"
  415. 2015-10-10 2:41 PM,"HKLM\System\CurrentControlSet\Services","usbuhci",enabled,"Drivers",System-wide,"UHCI USB Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbuhci.sys",6.3.9600.18088,"\SystemRoot\System32\drivers\usbuhci.sys"
  416. 2014-06-21 3:33 AM,"HKLM\System\CurrentControlSet\Services","usbvideo",enabled,"Drivers",System-wide,"USB Video Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbvideo.sys",6.3.9600.17217,"\SystemRoot\System32\Drivers\usbvideo.sys"
  417. 2015-04-09 10:08 PM,"HKLM\System\CurrentControlSet\Services","USBXHCI",enabled,"Drivers",System-wide,"USB XHCI Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\usbxhci.sys",6.3.9600.17795,"\SystemRoot\System32\drivers\USBXHCI.SYS"
  418. 2013-07-24 11:02 AM,"HKLM\System\CurrentControlSet\Services","VClone",enabled,"Drivers",System-wide,"Virtual CloneDrive storage miniport","(Verified) Elaborate Bytes AG","Elaborate Bytes AG","c:\windows\system32\drivers\vclone.sys",5.4.7.0,"\SystemRoot\System32\drivers\VClone.sys"
  419. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","vdrvroot",enabled,"Drivers",System-wide,"Virtual Drive Root Enumerator","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vdrvroot.sys",6.3.9600.16384,"System32\drivers\vdrvroot.sys"
  420. 2013-09-14 7:40 AM,"HKLM\System\CurrentControlSet\Services","VerifierExt",enabled,"Drivers",System-wide,"Driver Verifier Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\verifierext.sys",6.3.9600.16404,"system32\drivers\VerifierExt.sys"
  421. 2016-10-08 7:58 PM,"HKLM\System\CurrentControlSet\Services","vhdmp",enabled,"Drivers",System-wide,"VHD Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vhdmp.sys",6.3.9600.18512,"\SystemRoot\System32\drivers\vhdmp.sys"
  422. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","viaide",enabled,"Drivers",System-wide,"VIA Generic PCI IDE Bus Driver","(Verified) Microsoft Windows","VIA Technologies, Inc.","c:\windows\system32\drivers\viaide.sys",6.0.6000.170,"System32\drivers\viaide.sys"
  423. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","Vid",enabled,"Drivers",System-wide,"Microsoft Hyper-V Virtualization Infrastructure Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vid.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\Vid.sys"
  424. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","vmbus",enabled,"Drivers",System-wide,"Microsoft Hyper-V Virtual Machine Bus Child Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vmbus.sys",6.3.9600.17415,"System32\drivers\vmbus.sys"
  425. 2013-08-22 7:37 AM,"HKLM\System\CurrentControlSet\Services","VMBusHID",enabled,"Drivers",System-wide,"Microsoft VMBus HID Miniport","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vmbushid.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\VMBusHID.sys"
  426. 2017-04-09 4:37 PM,"HKLM\System\CurrentControlSet\Services","vmbusr",enabled,"Drivers",System-wide,"Microsoft Hyper-V Virtual Machine Bus Root Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vmbusr.sys",6.3.9600.18662,"\SystemRoot\System32\drivers\vmbusr.sys"
  427. ,"HKLM\System\CurrentControlSet\Services","VMnetAdapter",enabled,"Drivers",System-wide,"@oem88.inf,%VMnetAdapter.Service.Desc%;Driver for VMware's Virtual Ethernet Adapters Ver. 2",,"","File not found: C:\Windows\system32\DRIVERS\vmnetadapter.sys",,"\SystemRoot\system32\DRIVERS\vmnetadapter.sys"
  428. 2016-04-09 5:31 PM,"HKLM\System\CurrentControlSet\Services","volmgr",enabled,"Drivers",System-wide,"Volume Manager Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\volmgr.sys",6.3.9600.18302,"System32\drivers\volmgr.sys"
  429. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","volmgrx",enabled,"Drivers",System-wide,"Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\volmgrx.sys",6.3.9600.16384,"System32\drivers\volmgrx.sys"
  430. 2016-03-11 10:44 AM,"HKLM\System\CurrentControlSet\Services","volsnap",enabled,"Drivers",System-wide,"Volume Shadow Copy Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\volsnap.sys",6.3.9600.18265,"System32\drivers\volsnap.sys"
  431. 2016-01-26 10:48 AM,"HKLM\System\CurrentControlSet\Services","vpci",enabled,"Drivers",System-wide,"Virtual PCI Bus","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vpci.sys",6.3.9600.18219,"\SystemRoot\System32\drivers\vpci.sys"
  432. 2017-01-12 11:03 AM,"HKLM\System\CurrentControlSet\Services","vpcivsp",enabled,"Drivers",System-wide,"Virtual PCI VSP Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vpcivsp.sys",6.3.9600.18575,"\SystemRoot\System32\drivers\vpcivsp.sys"
  433. 2013-01-23 4:35 PM,"HKLM\System\CurrentControlSet\Services","vsmraid",enabled,"Drivers",System-wide,"VIA RAID DRIVER FOR AMD-X86-64","(Verified) Microsoft Windows","VIA Technologies Inc.,Ltd","c:\windows\system32\drivers\vsmraid.sys",7.0.9200.6320,"System32\drivers\vsmraid.sys"
  434. 2013-01-21 3:00 PM,"HKLM\System\CurrentControlSet\Services","VSTXRAID",enabled,"Drivers",System-wide,"VIA StorX RAID Controller Driver","(Verified) Microsoft Windows","VIA Corporation","c:\windows\system32\drivers\vstxraid.sys",8.0.9200.8110,"System32\drivers\vstxraid.sys"
  435. 2016-08-12 8:03 PM,"HKLM\System\CurrentControlSet\Services","vwifibus",enabled,"Drivers",System-wide,"Implements bus functionality for Virtual WiFi","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vwifibus.sys",6.3.9600.18438,"\SystemRoot\System32\drivers\vwifibus.sys"
  436. 2016-08-12 8:02 PM,"HKLM\System\CurrentControlSet\Services","vwififlt",enabled,"Drivers",System-wide,"Virtual WiFi Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vwififlt.sys",6.3.9600.18438,"\SystemRoot\system32\DRIVERS\vwififlt.sys"
  437. 2016-08-12 8:01 PM,"HKLM\System\CurrentControlSet\Services","vwifimp",enabled,"Drivers",System-wide,"Virtual WiFi Miniport Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\vwifimp.sys",6.3.9600.18438,"\SystemRoot\system32\DRIVERS\vwifimp.sys"
  438. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","WacomPen",enabled,"Drivers",System-wide,"Wacom Serial Pen Tablet HID Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wacompen.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\wacompen.sys"
  439. 2015-01-05 10:59 PM,"HKLM\System\CurrentControlSet\Services","Wanarp",enabled,"Drivers",System-wide,"Remote Access IP ARP Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wanarp.sys",6.3.9600.17626,"\SystemRoot\system32\DRIVERS\wanarp.sys"
  440. 2015-01-05 10:59 PM,"HKLM\System\CurrentControlSet\Services","Wanarpv6",enabled,"Drivers",System-wide,"Remote Access IPv6 ARP Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wanarp.sys",6.3.9600.17626,"\SystemRoot\system32\DRIVERS\wanarp.sys"
  441. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","Wdf01000",enabled,"Drivers",System-wide,"Kernel Mode Driver Framework Runtime","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wdf01000.sys",1.13.9600.16384,"system32\drivers\Wdf01000.sys"
  442. 2014-11-09 10:57 PM,"HKLM\System\CurrentControlSet\Services","WFPLWFS",enabled,"Drivers",System-wide,"Microsoft Windows Filtering Platform","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wfplwfs.sys",6.3.9600.17485,"system32\DRIVERS\wfplwfs.sys"
  443. 2014-10-28 10:47 PM,"HKLM\System\CurrentControlSet\Services","WIMMount",enabled,"Drivers",System-wide,"WIM Image mount service driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wimmount.sys",6.3.9600.17415,"system32\drivers\wimmount.sys"
  444. 2013-05-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","WinMad",enabled,"Drivers",System-wide,"Kernel WinMad","(Verified) Microsoft Windows","Mellanox","c:\windows\system32\drivers\winmad.sys",4.4.13905.0,"System32\drivers\winmad.sys"
  445. 2016-02-02 2:16 PM,"HKLM\System\CurrentControlSet\Services","WinNat",enabled,"Drivers",System-wide,"This service provides network address translation functionality","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\winnat.sys",6.3.9600.18226,"system32\drivers\winnat.sys"
  446. 2015-10-10 2:40 PM,"HKLM\System\CurrentControlSet\Services","WinUsb",enabled,"Drivers",System-wide,"Windows WinUSB Class Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\winusb.sys",6.3.9600.18088,"\SystemRoot\system32\DRIVERS\WinUsb.sys"
  447. 2013-05-09 12:14 PM,"HKLM\System\CurrentControlSet\Services","WinVerbs",enabled,"Drivers",System-wide,"Kernel WinVerbs","(Verified) Microsoft Windows","Mellanox","c:\windows\system32\drivers\winverbs.sys",4.4.13905.0,"System32\drivers\winverbs.sys"
  448. 2013-08-22 7:40 AM,"HKLM\System\CurrentControlSet\Services","WmiAcpi",enabled,"Drivers",System-wide,"Windows Management Interface for ACPI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wmiacpi.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\wmiacpi.sys"
  449. 2013-08-22 7:38 AM,"HKLM\System\CurrentControlSet\Services","WpdUpFltr",enabled,"Drivers",System-wide,"WPD Upper Class Filter Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wpdupfltr.sys",6.3.9600.16384,"System32\drivers\WpdUpFltr.sys"
  450. 2013-08-22 7:39 AM,"HKLM\System\CurrentControlSet\Services","wtlmdrv",enabled,"Drivers",System-wide,"Microsoft Sapporo Local mount Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wtlmdrv.sys",6.3.9600.16384,"\SystemRoot\System32\drivers\wtlmdrv.sys"
  451. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","WudfPf",enabled,"Drivers",System-wide,"Windows Driver Foundation - User-mode Driver Framework Platform Driver","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wudfpf.sys",6.3.9600.17415,"system32\drivers\WudfPf.sys"
  452. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","WUDFWpdFs",enabled,"Drivers",System-wide,"Windows Driver Foundation - User-mode Driver Framework Reflector","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wudfrd.sys",6.3.9600.17415,"\SystemRoot\System32\drivers\WUDFRd.sys"
  453. 2014-10-28 10:46 PM,"HKLM\System\CurrentControlSet\Services","WUDFWpdMtp",enabled,"Drivers",System-wide,"Windows Driver Foundation - User-mode Driver Framework Reflector","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drivers\wudfrd.sys",6.3.9600.17415,"\SystemRoot\system32\DRIVERS\WUDFRd.sys"
  454. 2014-05-27 4:13 AM,"HKLM\System\CurrentControlSet\Services","xb1usb",enabled,"Drivers",System-wide,"Xbox One Common Controller for Windows Driver","(Verified) Windows Central Build Account - X","Microsoft Corporation","c:\windows\system32\drivers\xb1usb.sys",6.2.11059.0,"\SystemRoot\System32\drivers\xb1usb.sys"
  455. 2015-11-13 5:34 PM,"HKLM\System\CurrentControlSet\Services","xboxgip",enabled,"Drivers",System-wide,"@oem83.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver","(Verified) Microsoft Windows Hardware Compatibility Publisher","Microsoft Corporation","c:\windows\system32\drivers\xboxgip.sys",10.0.10586.1013,"\SystemRoot\system32\DRIVERS\xboxgip.sys"
  456. 2015-11-13 5:34 PM,"HKLM\System\CurrentControlSet\Services","xinputhid",enabled,"Drivers",System-wide,"XINPUT filter driver for HID","(Verified) Microsoft Windows Hardware Compatibility Publisher","Microsoft Corporation","c:\windows\system32\drivers\xinputhid.sys",10.0.10586.1013,"\SystemRoot\System32\drivers\xinputhid.sys"
  457. 2013-08-22 11:40 AM,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers,,,"Drivers",System-wide,,,,,,
  458. 2017-05-12 12:16 AM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers","Adobe Type Manager",enabled,"Drivers",System-wide,"Windows NT OpenType/Type 1 Font Driver","(Verified) Microsoft Windows","Adobe Systems Incorporated","c:\windows\system32\atmfd.dll",5.1.2.252,"atmfd.dll"
  459. 2017-06-26 3:47 PM,HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers,,,"Winlogon",System-wide,,,,,,
  460. 2014-10-28 9:07 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","Smartcard Reader Selection Provider",enabled,"Winlogon",System-wide,"Windows Smartcard Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\smartcardcredentialprovider.dll",6.3.9600.17415,"HKCR\CLSID\{1b283861-754f-4022-ad47-a5eaaa618894}"
  461. 2014-10-28 9:07 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","Smartcard WinRT Provider",enabled,"Winlogon",System-wide,"Windows Smartcard Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\smartcardcredentialprovider.dll",6.3.9600.17415,"HKCR\CLSID\{1ee7337f-85ac-45e2-a23c-37c753209769}"
  462. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","PicturePasswordLogonProvider",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}"
  463. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","GenericProvider",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{25CBB996-92ED-457e-B28C-4774084BD562}"
  464. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","NPProvider",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}"
  465. 2014-10-28 9:21 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","CngCredUICredentialProvider",enabled,"Winlogon",System-wide,"Microsoft CNG CredUI Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\cngcredui.dll",6.3.9600.17415,"HKCR\CLSID\{600e7adb-da3e-41a4-9225-3c0399e88c0c}"
  466. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","PasswordProvider",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}"
  467. 2014-10-28 9:07 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","Smartcard Credential Provider",enabled,"Winlogon",System-wide,"Windows Smartcard Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\smartcardcredentialprovider.dll",6.3.9600.17415,"HKCR\CLSID\{8FD7E19C-3BF7-489B-A72C-846AB3678C96}"
  468. 2014-10-28 9:07 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","Smartcard Pin Provider",enabled,"Winlogon",System-wide,"Windows Smartcard Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\smartcardcredentialprovider.dll",6.3.9600.17415,"HKCR\CLSID\{94596c7e-3744-41ce-893e-bbf09122f76a}"
  469. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","PINLogonProvider",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{cb82ea12-9f71-446d-89e1-8d0924e1256e}"
  470. 2014-10-28 9:14 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","CCertProvider",enabled,"Winlogon",System-wide,"Cert Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\certcredprovider.dll",6.3.9600.17415,"HKCR\CLSID\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}"
  471. 2014-10-28 8:56 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers","WLIDCredentialProvider",enabled,"Winlogon",System-wide,"Microsoft� Account Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wlidcredprov.dll",6.3.9600.17415,"HKCR\CLSID\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}"
  472. 2013-08-22 10:48 AM,HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters,,,"Winlogon",System-wide,,,,,,
  473. 2016-11-05 11:56 AM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters","GenericFilter",enabled,"Winlogon",System-wide,"Windows Authentication UI","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\authui.dll",6.3.9600.18533,"HKCR\CLSID\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}"
  474. 2013-08-22 10:48 AM,HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers,,,"Winlogon",System-wide,,,,,,
  475. 2014-10-28 10:25 PM,"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers","CRasProvider",enabled,"Winlogon",System-wide,"RAS PLAP Credential Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rasplap.dll",6.3.9600.17415,"HKCR\CLSID\{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}"
  476. 2017-06-28 9:01 AM,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions,,,"Winlogon",System-wide,,,,,,
  477. 2014-10-28 9:22 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}",enabled,"Winlogon",System-wide,"802.11 Group Policy Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wlgpclnt.dll",6.3.9600.17415,"wlgpclnt.dll"
  478. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{0E28E245-9368-4853-AD84-6DA3BA35BB75}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  479. 2014-10-28 10:19 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{16be69fa-4209-4250-88cb-716cf41954e0}",enabled,"Winlogon",System-wide,"Windows Audit Settings CSE","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\auditcse.dll",6.3.9600.17415,"auditcse.dll"
  480. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{17D89FEC-5C44-4972-B12D-241CAEF74509}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  481. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{1A6364EB-776B-4120-ADE1-B63A406A76B5}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  482. 2014-10-28 8:55 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{25537BA6-77A8-11D2-9B6C-0000F8080861}",enabled,"Winlogon",System-wide,"Folder Redirection Group Policy Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\fdeploy.dll",6.3.9600.17415,"fdeploy.dll"
  483. 2014-10-28 10:09 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{3610eda5-77ef-11d2-8dc5-00c04fa31a66}",enabled,"Winlogon",System-wide,"Windows Shell Disk Quota Support DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dskquota.dll",6.3.9600.17415,"%SystemRoot%\System32\dskquota.dll"
  484. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  485. 2014-10-28 10:05 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{426031c0-0b47-4852-b0ca-ac3d37bfcb39}",enabled,"Winlogon",System-wide,"GPTExt","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gptext.dll",6.3.9600.17415,"gptext.dll"
  486. 2016-05-12 12:12 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{42B5FAAE-6536-11d2-AE5A-0000F87571E3}",enabled,"Winlogon",System-wide,"Script Client Side Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpscript.dll",6.3.9600.18339,"C:\Windows\System32\gpscript.dll"
  487. 2014-10-28 10:40 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{4bcd6cde-777b-48b6-9804-43568e23545d}",enabled,"Winlogon",System-wide,"Remote Desktop USB Redirection GP Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tsusbredirectiongrouppolicyextension.dll",6.3.9600.17415,"%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll"
  488. 2017-04-16 3:40 AM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}",enabled,"Winlogon",System-wide,"IEAK branding","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\iedkcs32.dll",18.0.9600.18666,"C:\Windows\System32\iedkcs32.dll"
  489. 2014-10-28 9:34 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}",enabled,"Winlogon",System-wide,"RemoteApp and Desktop Connection Component","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tsworkspace.dll",6.3.9600.17415,"C:\Windows\System32\tsworkspace.dll"
  490. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{5794DAFD-BE60-433f-88A2-1A31939AC01F}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  491. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{6232C319-91AC-4931-9385-E70C2B099F0E}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  492. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  493. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  494. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{728EE579-943C-4519-9EF7-AB56765798ED}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  495. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{74EE6C03-5363-4554-B161-627540339CAB}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  496. 2017-04-16 3:40 AM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{7B849a69-220F-451E-B3FE-2CB811AF94AE}",enabled,"Winlogon",System-wide,"IEAK branding","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\iedkcs32.dll",18.0.9600.18666,"C:\Windows\System32\iedkcs32.dll"
  497. 2014-10-28 9:23 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{827D319E-6EAC-11D2-A4EA-00C04F79F83A}",enabled,"Winlogon",System-wide,"Windows Security Configuration Editor Client Engine","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\scecli.dll",6.3.9600.17415,"scecli.dll"
  498. 2014-10-28 10:16 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{8A28E2C5-8D06-49A4-A08C-632DAA493E17}",enabled,"Winlogon",System-wide,"Group Policy Printer Extension","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprnext.dll",6.3.9600.17415,"%systemroot%\system32\gpprnext.dll"
  499. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{91FBB303-0CD5-4055-BF42-E512A681B325}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  500. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{A3F3E39B-5D83-4940-B954-28315B82F0A8}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  501. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{AADCED64-746C-4633-A97C-D61349046527}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  502. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{B087BE9D-ED37-454f-AF9C-04291E351182}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  503. 2014-10-28 8:59 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}",enabled,"Winlogon",System-wide,"802.3 Group Policy Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\dot3gpclnt.dll",6.3.9600.17415,"dot3gpclnt.dll"
  504. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  505. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  506. 2014-10-28 10:28 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{C631DF4C-088F-4156-B058-4375F0853CD8}",enabled,"Winlogon",System-wide,"In-proc COM object used by clients of CSC API","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\cscobj.dll",6.3.9600.17415,"%SystemRoot%\System32\cscobj.dll"
  507. 2014-10-28 10:30 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{c6dc5466-785a-11d2-84d0-00c04fb169f7}",enabled,"Winlogon",System-wide,"Software installation Service","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\appmgmts.dll",6.3.9600.17415,"appmgmts.dll"
  508. 2014-10-28 10:05 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}",enabled,"Winlogon",System-wide,"GPTExt","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gptext.dll",6.3.9600.17415,"gptext.dll"
  509. 2017-04-16 3:40 AM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}",enabled,"Winlogon",System-wide,"IEAK branding","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\iedkcs32.dll",18.0.9600.18666,"C:\Windows\System32\iedkcs32.dll"
  510. 2016-05-12 12:17 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{e437bc1c-aa7d-11d2-a382-00c04f991e27}",enabled,"Winlogon",System-wide,"Policy Storage dll","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\polstore.dll",6.3.9600.18339,"%SystemRoot%\System32\polstore.dll"
  511. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  512. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  513. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{E5094040-C46C-4115-B030-04FB2E545B00}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  514. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  515. 2014-10-28 10:19 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{f3ccc681-b74c-4060-9f26-cd84525dca2a}",enabled,"Winlogon",System-wide,"Windows Audit Settings CSE","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\auditcse.dll",6.3.9600.17415,"auditcse.dll"
  516. 2016-05-12 12:24 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{F9C77450-3A41-477E-9310-9ACD617BD9E3}",enabled,"Winlogon",System-wide,"Group Policy Preference Client","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gpprefcl.dll",6.3.9600.18339,"C:\Windows\System32\gpprefcl.dll"
  517. 2014-10-28 10:05 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{FB2CA36D-0B40-4307-821B-A13B252DE56C}",enabled,"Winlogon",System-wide,"GPTExt","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gptext.dll",6.3.9600.17415,"gptext.dll"
  518. 2014-10-28 10:05 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions","{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}",enabled,"Winlogon",System-wide,"GPTExt","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gptext.dll",6.3.9600.17415,"gptext.dll"
  519. 2013-08-22 10:48 AM,HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors,,,"Print Monitors",System-wide,,,,,,
  520. 2017-05-06 12:05 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors","Local Port",enabled,"Print Monitors",System-wide,"Local Spooler DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\localspl.dll",6.3.9600.18692,"localspl.dll"
  521. 2014-10-28 8:57 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors","Standard TCP/IP Port",enabled,"Print Monitors",System-wide,"Standard TCP/IP Port Monitor DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tcpmon.dll",6.3.9600.17415,"tcpmon.dll"
  522. 2014-10-28 10:26 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors","USB Monitor",enabled,"Print Monitors",System-wide,"Standard Dynamic Printing Port Monitor DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\usbmon.dll",6.3.9600.17415,"usbmon.dll"
  523. 2014-11-04 9:14 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors","WSD Port",enabled,"Print Monitors",System-wide,"WSD Printer Port Monitor","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wsdmon.dll",6.3.9600.17481,"WSDMon.dll"
  524. 2013-08-22 10:48 AM,HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers,,,"Print Monitors",System-wide,,,,,,
  525. 2017-05-06 12:04 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers","LanMan Print Services",enabled,"Print Monitors",System-wide,"Client Side Rendering Print Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\win32spl.dll",6.3.9600.18692,"win32spl.dll"
  526. 2013-08-22 10:48 AM,HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders,,,"LSA Providers",System-wide,,,,,,
  527. 2014-10-28 9:27 PM,"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders","credssp.dll",enabled,"LSA Providers",System-wide,"Credential Delegation Security Package","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\credssp.dll",6.3.9600.17415,"credssp.dll"
  528. 2017-07-01 4:27 PM,HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages,,,"LSA Providers",System-wide,,,,,,
  529. 2016-10-08 6:17 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages","msv1_0",enabled,"LSA Providers",System-wide,"Microsoft Authentication Package v1.0","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msv1_0.dll",6.3.9600.18512,"msv1_0"
  530. 2017-07-01 4:27 PM,HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages,,,"LSA Providers",System-wide,,,,,,
  531. 2013-08-22 7:25 AM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages","rassfm",enabled,"LSA Providers",System-wide,"Remote Access Subauthentication dll","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rassfm.dll",6.3.9600.16384,"rassfm"
  532. 2014-10-28 9:23 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages","scecli",enabled,"LSA Providers",System-wide,"Windows Security Configuration Editor Client Engine","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\scecli.dll",6.3.9600.17415,"scecli"
  533. 2013-08-22 11:40 AM,HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages,,,"LSA Providers",System-wide,,,,,,
  534. 2016-06-11 12:50 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","kerberos",enabled,"LSA Providers",System-wide,"Kerberos Security Package","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\kerberos.dll",6.3.9600.18378,"kerberos"
  535. 2016-10-08 6:17 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","msv1_0",enabled,"LSA Providers",System-wide,"Microsoft Authentication Package v1.0","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msv1_0.dll",6.3.9600.18512,"msv1_0"
  536. 2014-10-28 9:25 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","tspkg",enabled,"LSA Providers",System-wide,"Web Service Security Package","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\tspkg.dll",6.3.9600.17415,"tspkg"
  537. 2015-03-12 10:58 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","pku2u",enabled,"LSA Providers",System-wide,"Pku2u Security Package","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\pku2u.dll",6.3.9600.17728,"pku2u"
  538. 2016-05-06 12:04 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","wdigest",enabled,"LSA Providers",System-wide,"Microsoft Digest Access","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wdigest.dll",6.3.9600.18334,"wdigest"
  539. 2017-04-06 12:46 PM,"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages","schannel",enabled,"LSA Providers",System-wide,"TLS / SSL Security Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\schannel.dll",6.3.9600.18659,"schannel"
  540. 2017-06-26 3:47 PM,HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order,,,"Network Providers",System-wide,,,,,,
  541. 2014-10-28 10:42 PM,"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order","RDPNP",enabled,"Network Providers",System-wide,"Microsoft Terminal Services","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\drprov.dll",6.3.9600.17415,"%SystemRoot%\System32\drprov.dll"
  542. 2014-10-28 9:27 PM,"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order","LanmanWorkstation",enabled,"Network Providers",System-wide,"Microsoft Windows Network","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ntlanman.dll",6.3.9600.17415,"%SystemRoot%\System32\ntlanman.dll"
  543. 2015-07-01 6:16 PM,"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order","webclient",enabled,"Network Providers",System-wide,"Web Client Network","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\davclnt.dll",6.3.9600.17923,"%SystemRoot%\System32\davclnt.dll"
  544. 2017-07-01 1:07 PM,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries,,,"Network Providers",System-wide,,,,,,
  545. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [TCP/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  546. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [UDP/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  547. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [RAW/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  548. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [TCP/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  549. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [UDP/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  550. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","MSAFD Tcpip [RAW/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  551. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","RSVP TCPv6 Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  552. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","RSVP TCP Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  553. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","RSVP UDPv6 Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  554. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries","RSVP UDP Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  555. 2013-08-22 10:48 AM,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries,,,"Network Providers",System-wide,,,,,,
  556. 2014-10-28 10:42 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","E-mail Naming Shim Provider",enabled,"Network Providers",System-wide,"E-mail Naming Shim Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\napinsp.dll",6.3.9600.17415,"%SystemRoot%\system32\napinsp.dll"
  557. 2014-10-28 9:24 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","Network Location Awareness Legacy (NLAv1) Namespace",enabled,"Network Providers",System-wide,"Network Location Awareness 2","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\nlaapi.dll",6.3.9600.17415,"%SystemRoot%\system32\NLAapi.dll"
  558. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","Tcpip",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\System32\mswsock.dll"
  559. 2014-10-28 10:44 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries","NTDS",enabled,"Network Providers",System-wide,"LDAP RnR Provider DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\winrnr.dll",6.3.9600.17415,"%SystemRoot%\System32\winrnr.dll"
  560. 2017-07-01 1:07 PM,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64,,,"Network Providers",System-wide,,,,,,
  561. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [TCP/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  562. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [UDP/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  563. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [RAW/IP]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  564. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [TCP/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  565. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [UDP/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  566. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","MSAFD Tcpip [RAW/IPv6]",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  567. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","RSVP TCPv6 Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  568. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","RSVP TCP Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  569. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","RSVP UDPv6 Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  570. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64","RSVP UDP Service Provider",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\system32\mswsock.dll"
  571. 2013-08-22 10:48 AM,HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64,,,"Network Providers",System-wide,,,,,,
  572. 2014-10-28 10:42 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","E-mail Naming Shim Provider",enabled,"Network Providers",System-wide,"E-mail Naming Shim Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\napinsp.dll",6.3.9600.17415,"%SystemRoot%\system32\napinsp.dll"
  573. 2014-10-28 9:24 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","Network Location Awareness Legacy (NLAv1) Namespace",enabled,"Network Providers",System-wide,"Network Location Awareness 2","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\nlaapi.dll",6.3.9600.17415,"%SystemRoot%\system32\NLAapi.dll"
  574. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","Tcpip",enabled,"Network Providers",System-wide,"Microsoft Windows Sockets 2.0 Service Provider","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\mswsock.dll",6.3.9600.18340,"%SystemRoot%\System32\mswsock.dll"
  575. 2014-10-28 10:44 PM,"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64","NTDS",enabled,"Network Providers",System-wide,"LDAP RnR Provider DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\winrnr.dll",6.3.9600.17415,"%SystemRoot%\System32\winrnr.dll"
  576. 2013-08-22 10:48 AM,HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms,,,"Logon",System-wide,,,,,,
  577. 2016-07-03 11:45 PM,"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms","rdpclip",enabled,"Logon",System-wide,"RDP Clipboard Monitor","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rdpclip.exe",6.3.9600.18402,"rdpclip"
  578. 2017-07-01 4:27 PM,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit,,,"Logon",System-wide,,,,,,
  579. 2014-10-28 9:28 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit","C:\Windows\system32\userinit.exe",enabled,"Logon",System-wide,"Userinit Logon Application","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\userinit.exe",6.3.9600.17415,"C:\Windows\system32\userinit.exe"
  580. 2017-07-01 4:27 PM,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet,,,"Logon",System-wide,,,,,,
  581. 2014-10-28 10:19 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet","SystemPropertiesPerformance.exe",enabled,"Logon",System-wide,"Change Computer Performance Settings","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\systempropertiesperformance.exe",6.3.9600.17415,"SystemPropertiesPerformance.exe"
  582. 2017-06-28 9:01 AM,HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls,,,"Known DLLs",System-wide,,,,,,
  583. 2016-03-31 12:13 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","rpcrt4",enabled,"Known DLLs",System-wide,"Remote Procedure Call Runtime","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\rpcrt4.dll",6.3.9600.18292,"rpcrt4.dll"
  584. 2017-04-16 3:41 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","combase",enabled,"Known DLLs",System-wide,"Microsoft COM for Windows","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\combase.dll",6.3.9600.18666,"combase.dll"
  585. 2017-02-04 1:39 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","gdiplus",enabled,"Known DLLs",System-wide,"Microsoft GDI ","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gdiplus.dll",6.3.9600.18696,"gdiplus.dll"
  586. 2014-10-28 9:21 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","IMAGEHLP",enabled,"Known DLLs",System-wide,"Windows NT Image Helper","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\imagehlp.dll",6.3.9600.17415,"IMAGEHLP.dll"
  587. 2014-10-28 10:50 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","MSVCRT",enabled,"Known DLLs",System-wide,"Windows NT CRT DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msvcrt.dll",7.0.9600.17415,"MSVCRT.dll"
  588. 2014-10-28 8:52 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","SHLWAPI",enabled,"Known DLLs",System-wide,"Shell Light-weight Utility Library","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\shlwapi.dll",6.3.9600.17415,"SHLWAPI.dll"
  589. 2014-10-28 9:44 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","COMDLG32",enabled,"Known DLLs",System-wide,"Common Dialogs DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\comdlg32.dll",6.3.9600.17415,"COMDLG32.dll"
  590. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","NORMALIZ",enabled,"Known DLLs",System-wide,"Unicode Normalization DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\normaliz.dll",6.3.9600.17415,"NORMALIZ.dll"
  591. 2014-10-28 9:30 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","PSAPI",enabled,"Known DLLs",System-wide,"Process Status Helper","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\psapi.dll",6.3.9600.17415,"PSAPI.DLL"
  592. 2014-10-28 9:30 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","WLDAP32",enabled,"Known DLLs",System-wide,"Win32 LDAP API DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wldap32.dll",6.3.9600.17415,"WLDAP32.dll"
  593. 2017-04-16 2:54 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","ole32",enabled,"Known DLLs",System-wide,"Microsoft OLE for Windows","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ole32.dll",6.3.9600.18666,"ole32.dll"
  594. 2014-10-28 9:23 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","IMM32",enabled,"Known DLLs",System-wide,"Multi-User Windows IMM32 API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\imm32.dll",6.3.9600.17415,"IMM32.dll"
  595. 2015-03-20 12:10 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64cpu",enabled,"Known DLLs",System-wide,"AMD64 Wow64 CPU ","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wow64cpu.dll",6.3.9600.17734,"Wow64cpu.dll"
  596. 2016-10-11 12:54 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","MSCTF",enabled,"Known DLLs",System-wide,"MSCTF Server DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\msctf.dll",6.3.9600.18514,"MSCTF.dll"
  597. 2014-01-27 3:53 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64win",enabled,"Known DLLs",System-wide,"Wow64 Console and Win32 API Logging","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wow64win.dll",6.3.9600.16520,"Wow64win.dll"
  598. 2017-04-16 3:33 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","OLEAUT32",enabled,"Known DLLs",System-wide,"","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\oleaut32.dll",6.3.9600.18666,"OLEAUT32.dll"
  599. 2014-10-28 10:49 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","LPK",enabled,"Known DLLs",System-wide,"Language Pack","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\lpk.dll",6.3.9600.17415,"LPK.dll"
  600. 2014-10-28 8:56 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","clbcatq",enabled,"Known DLLs",System-wide,"COM Configuration Catalog","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\clbcatq.dll",2001.12.10530.17415,"clbcatq.dll"
  601. 2016-05-13 5:58 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","WS2_32",enabled,"Known DLLs",System-wide,"Windows Socket 2.0 32-Bit DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\ws2_32.dll",6.3.9600.18340,"WS2_32.dll"
  602. 2017-05-06 12:12 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","SHELL32",enabled,"Known DLLs",System-wide,"Windows Shell Common Dll","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\shell32.dll",6.3.9600.18692,"SHELL32.dll"
  603. 2017-05-11 10:51 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","gdi32",enabled,"Known DLLs",System-wide,"GDI Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\gdi32.dll",6.3.9600.18696,"gdi32.dll"
  604. 2017-02-04 3:30 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64",enabled,"Known DLLs",System-wide,"Win32 Emulation on NT64","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\wow64.dll",6.3.9600.18589,"Wow64.dll"
  605. 2014-10-28 10:08 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","DifxApi",enabled,"Known DLLs",System-wide,"Driver Install Frameworks for API library module","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\difxapi.dll",2.1.0.0,"difxapi.dll"
  606. 2014-10-28 8:54 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","Setupapi",enabled,"Known DLLs",System-wide,"Windows Setup API","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\setupapi.dll",6.3.9600.17415,"Setupapi.dll"
  607. 2014-10-28 10:45 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","kernel32",enabled,"Known DLLs",System-wide,"Windows NT BASE API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\kernel32.dll",6.3.9600.17415,"kernel32.dll"
  608. 2015-12-04 10:59 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","advapi32",enabled,"Known DLLs",System-wide,"Advanced Windows 32 Base API","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\advapi32.dll",6.3.9600.18155,"advapi32.dll"
  609. 2016-11-09 1:49 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","user32",enabled,"Known DLLs",System-wide,"Multi-User Windows USER API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\user32.dll",6.3.9600.18535,"user32.dll"
  610. 2014-10-28 10:48 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","NSI",enabled,"Known DLLs",System-wide,"NSI User-mode interface DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\nsi.dll",6.3.9600.17415,"NSI.dll"
  611. 2015-03-20 12:08 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","sechost",enabled,"Known DLLs",System-wide,"Host for SCM/SDDL/LSA Lookup APIs","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\sechost.dll",6.3.9600.17734,"sechost.dll"
  612. 2016-03-30 11:40 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","rpcrt4",enabled,"Known DLLs",System-wide,"Remote Procedure Call Runtime","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\rpcrt4.dll",6.3.9600.18292,"rpcrt4.dll"
  613. 2017-04-16 3:05 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","combase",enabled,"Known DLLs",System-wide,"Microsoft COM for Windows","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\combase.dll",6.3.9600.18666,"combase.dll"
  614. 2017-02-04 1:10 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","gdiplus",enabled,"Known DLLs",System-wide,"Microsoft GDI ","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\gdiplus.dll",6.3.9600.18696,"gdiplus.dll"
  615. 2014-10-28 9:00 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","IMAGEHLP",enabled,"Known DLLs",System-wide,"Windows NT Image Helper","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\imagehlp.dll",6.3.9600.17415,"IMAGEHLP.dll"
  616. 2014-10-28 10:04 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","MSVCRT",enabled,"Known DLLs",System-wide,"Windows NT CRT DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\msvcrt.dll",7.0.9600.17415,"MSVCRT.dll"
  617. 2014-10-28 8:43 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","SHLWAPI",enabled,"Known DLLs",System-wide,"Shell Light-weight Utility Library","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\shlwapi.dll",6.3.9600.17415,"SHLWAPI.dll"
  618. 2014-10-28 9:14 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","COMDLG32",enabled,"Known DLLs",System-wide,"Common Dialogs DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\comdlg32.dll",6.3.9600.17415,"COMDLG32.dll"
  619. 2014-10-28 10:00 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","NORMALIZ",enabled,"Known DLLs",System-wide,"Unicode Normalization DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\normaliz.dll",6.3.9600.17415,"NORMALIZ.dll"
  620. 2014-10-28 9:06 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","PSAPI",enabled,"Known DLLs",System-wide,"Process Status Helper","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\psapi.dll",6.3.9600.17415,"PSAPI.DLL"
  621. 2014-10-28 9:06 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","WLDAP32",enabled,"Known DLLs",System-wide,"Win32 LDAP API DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\wldap32.dll",6.3.9600.17415,"WLDAP32.dll"
  622. 2017-04-16 2:42 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","ole32",enabled,"Known DLLs",System-wide,"Microsoft OLE for Windows","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\ole32.dll",6.3.9600.18666,"ole32.dll"
  623. 2014-10-28 9:59 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","IMM32",enabled,"Known DLLs",System-wide,"Multi-User Windows IMM32 API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\imm32.dll",6.3.9600.17415,"IMM32.dll"
  624. ,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64cpu",enabled,"Known DLLs",System-wide,"",,"","File not found: C:\Windows\SysWOW64\Wow64cpu.dll",,"Wow64cpu.dll"
  625. 2016-10-11 12:23 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","MSCTF",enabled,"Known DLLs",System-wide,"MSCTF Server DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\msctf.dll",6.3.9600.18514,"MSCTF.dll"
  626. ,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64win",enabled,"Known DLLs",System-wide,"",,"","File not found: C:\Windows\SysWOW64\Wow64win.dll",,"Wow64win.dll"
  627. 2017-04-16 3:06 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","OLEAUT32",enabled,"Known DLLs",System-wide,"","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\oleaut32.dll",6.3.9600.18666,"OLEAUT32.dll"
  628. 2014-10-28 10:04 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","LPK",enabled,"Known DLLs",System-wide,"Language Pack","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\lpk.dll",6.3.9600.17415,"LPK.dll"
  629. 2014-10-28 8:44 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","clbcatq",enabled,"Known DLLs",System-wide,"COM Configuration Catalog","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\clbcatq.dll",2001.12.10530.17415,"clbcatq.dll"
  630. 2016-05-13 5:35 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","WS2_32",enabled,"Known DLLs",System-wide,"Windows Socket 2.0 32-Bit DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\ws2_32.dll",6.3.9600.18340,"WS2_32.dll"
  631. 2017-05-06 12:03 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","SHELL32",enabled,"Known DLLs",System-wide,"Windows Shell Common Dll","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\shell32.dll",6.3.9600.18692,"SHELL32.dll"
  632. 2017-05-12 12:16 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","gdi32",enabled,"Known DLLs",System-wide,"GDI Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\gdi32.dll",6.3.9600.18696,"gdi32.dll"
  633. ,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","_Wow64",enabled,"Known DLLs",System-wide,"",,"","File not found: C:\Windows\SysWOW64\Wow64.dll",,"Wow64.dll"
  634. 2014-10-28 9:34 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","DifxApi",enabled,"Known DLLs",System-wide,"Driver Install Frameworks for API library module","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\difxapi.dll",2.1.0.0,"difxapi.dll"
  635. 2014-10-28 8:43 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","Setupapi",enabled,"Known DLLs",System-wide,"Windows Setup API","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\setupapi.dll",6.3.9600.17415,"Setupapi.dll"
  636. 2014-10-28 9:58 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","kernel32",enabled,"Known DLLs",System-wide,"Windows NT BASE API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\kernel32.dll",6.3.9600.17415,"kernel32.dll"
  637. 2015-12-04 10:57 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","advapi32",enabled,"Known DLLs",System-wide,"Advanced Windows 32 Base API","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\advapi32.dll",6.3.9600.18155,"advapi32.dll"
  638. 2016-11-09 1:25 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","user32",enabled,"Known DLLs",System-wide,"Multi-User Windows USER API Client DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\user32.dll",6.3.9600.18535,"user32.dll"
  639. 2014-10-28 10:03 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","NSI",enabled,"Known DLLs",System-wide,"NSI User-mode interface DLL","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\nsi.dll",6.3.9600.17415,"NSI.dll"
  640. 2015-03-19 11:20 PM,"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls","sechost",enabled,"Known DLLs",System-wide,"Host for SCM/SDDL/LSA Lookup APIs","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\syswow64\sechost.dll",6.3.9600.17734,"sechost.dll"
  641. 2017-07-01 4:27 PM,HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,,,"Logon",System-wide,,,,,,
  642. 2016-02-08 1:01 PM,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","explorer.exe",enabled,"Logon",System-wide,"Windows Explorer","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\explorer.exe",6.3.9600.18231,"explorer.exe"
  643. 2013-08-22 10:48 AM,HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell,,,"Logon",System-wide,,,,,,
  644. 2014-10-28 9:28 PM,"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell","cmd.exe",enabled,"Logon",System-wide,"Windows Command Processor","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\system32\cmd.exe",6.3.9600.17415,"cmd.exe"
  645. 2013-08-22 11:40 AM,HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells,,,"Logon",System-wide,,,,,,
  646. 2016-02-08 1:01 PM,"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells","60000",enabled,"Logon",System-wide,"Windows Explorer","(Verified) Microsoft Windows","Microsoft Corporation","c:\windows\explorer.exe",6.3.9600.18231,"explorer.exe"
  647. ,"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells","30000",enabled,"Logon",System-wide,"",,"","File not found: cd /d ",,"cmd.exe /c ""cd /d ""%USERPROFILE%""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!