I checked in services and it does not seem to be there anymore. That seemed too easy.
Below is the output of pslist.exe (sysinterals) run as administrator (I tried to keep the spaces in separating the columns, but they would not paste -- even after I tried reformatting them in word). Are the items highlighted normal???
Process information for CAIRO:
Code:
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
Idle 0 0 2 0 0 15:33:06.434 0:00:00.000
System 4 8 105 566 1672 0:03:47.667 8:20:35.950
smss 284 11 2 29 264 0:00:00.078 8:20:35.950
csrss 380 13 9 389 1224 0:00:02.028 8:20:28.633
wininit 440 13 3 98 896 0:00:00.202 8:20:22.565
csrss 448 13 10 347 6644 0:00:07.956 8:20:22.549
services 496 9 7 188 3848 0:00:05.959 8:20:21.067
lsass 512 9 8 741 3844 0:00:05.709 8:20:20.958
lsm 520 8 11 150 1452 0:00:00.390 8:20:20.958
winlogon 552 13 5 115 1900 0:00:00.436 8:20:20.896
svchost 668 8 11 373 2908 0:00:15.194 8:20:20.287
svchost 748 8 10 291 2896 0:00:03.369 8:20:19.835
svchost 836 8 21 553 22364 0:00:03.307 8:20:19.710
svchost 896 8 25 806 51332 0:03:55.748 8:20:19.539
svchost 920 8 42 1258 15868 0:00:22.760 8:20:19.507
svchost 1076 8 12 336 5576 0:00:01.591 8:20:19.071
svchost 1208 8 13 489 15404 0:00:11.107 8:20:18.805
spoolsv 1380 8 12 296 4728 0:00:00.218 8:20:18.162
svchost 1416 8 18 432 9620 0:00:03.291 8:20:18.089
taskhost 1880 8 10 218 7504 0:00:00.468 8:20:13.535
dwm 1940 13 5 152 97328 0:06:07.881 8:20:13.401
explorer 2044 8 44 1287 48464 0:03:01.897 8:20:13.091
rundll32 1196 8 3 91 1436 0:00:00.046 8:20:11.328
acrotray 1260 8 2 54 948 0:00:00.031 8:20:11.313
SearchIndexer 1808 8 13 691 22532 0:00:10.670 8:20:06.239
svchost 2064 8 11 201 3428 0:00:00.390 8:20:05.179
sppsvc 3656 8 4 146 5256 0:00:03.510 8:18:13.634 Is Key Management Service for windows server 2003 normal?
svchost 3716 8 11 364 48320 0:00:38.438 8:18:13.141
googletalk 3884 8 16 486 39992 0:00:40.373 8:05:18.906
taskhost 2628 6 11 274 10232 0:00:07.316 7:33:31.031
audiodg 3468 8 7 133 15212 0:00:00.296 0:09:53.253
firefox 2980 8 14 345 63324 0:00:32.089 0:09:31.347
WUDFHost 2412 8 8 231 1548 0:00:00.062 0:03:59.600
WmiPrvSE 724 8 8 138 2156 0:00:00.187 0:03:00.905
cmd 3360 8 1 18 1724 0:00:00.109 0:00:45.500
conhost 568 8 2 73 1004 0:00:00.592 0:00:45.494
pslist 4012 13 1 208 2056 0:00:00.265 0:00:02.756
dllhost 4092 8 6 110 1152 0:00:00.031 0:00:01.635
Following is output of tasklist /svc run at (presumably) an elevated prompt.
Code:
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 284 N/A
csrss.exe 380 N/A
wininit.exe 440 N/A
csrss.exe 448 N/A
services.exe 496 N/A
lsass.exe 512 KeyIso, SamSs
lsm.exe 520 N/A
winlogon.exe 552 N/A
svchost.exe 668 DcomLaunch, PlugPlay, Power
svchost.exe 748 RpcEptMapper, RpcSs
svchost.exe 836 Audiosrv, Dhcp, EventLog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 896 AudioEndpointBuilder, CscService, Netman,
PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,
WPDBusEnum, wudfsvc
svchost.exe 920 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 1076 EventSystem, fdPHost, netprofm, nsi,
sppuinotify, WdiServiceHost
svchost.exe 1208 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
spoolsv.exe 1380 Spooler
svchost.exe 1416 BFE, DPS, MpsSvc
taskhost.exe 1880 N/A
dwm.exe 1940 N/A
explorer.exe 2044 N/A
rundll32.exe 1196 N/A
acrotray.exe 1260 N/A
SearchIndexer.exe 1808 WSearch
svchost.exe 2064 FDResPub, SSDPSRV
sppsvc.exe 3656 sppsvc
svchost.exe 3716 WinDefend
googletalk.exe 3884 N/A
taskhost.exe 2628 N/A
audiodg.exe 3468 N/A
firefox.exe 2980 N/A
WUDFHost.exe 2412 N/A
WmiPrvSE.exe 724 N/A
SearchProtocolHost.exe 2564 N/A
SearchFilterHost.exe 1676 N/A
cmd.exe 2948 N/A
conhost.exe 2764 N/A
tasklist.exe 1192 N/A
WmiPrvSE.exe 2276 N/A