Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

internet speeds suddenly very slow -- malware?


  • Please log in to reply

#1
jkabat

jkabat

    Member

  • Member
  • PipPip
  • 98 posts
Hi,

My internet speeds suddenly went from fast (or at least reasonable) to very slow. I suspect there may be malware on my computer.
Malware Bytes found no problems. I ran CC cleaner and there was no change.

The connection speed is 72 Mbps.
A speed test showed download speed of 0.88 Mbps and an upload speed of 0.17 bps.

OTL log attached:

Thank you in advance.


OTL logfile created on: 1/8/2013 4:54:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 72.99% Memory free
7.89 Gb Paging File | 6.58 Gb Available in Paging File | 83.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 135.42 Gb Free Space | 72.69% Space Free | Partition Type: NTFS
Drive D: | 258.45 Gb Total Space | 258.33 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: J2ACADEMY | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/08 16:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2012/12/09 21:09:49 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/11/08 16:58:24 | 016,070,136 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/10/31 15:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/08/06 16:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/03 18:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 20:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 20:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 13:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/20 19:21:54 | 001,557,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/06/07 16:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/06/07 16:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/08 13:56:04 | 001,169,408 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._core_.pyd
MOD - [2013/01/08 13:56:04 | 001,024,024 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\windows._cacheinvalidation.pyd
MOD - [2013/01/08 13:56:04 | 000,807,424 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._windows_.pyd
MOD - [2013/01/08 13:56:04 | 000,792,576 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._gdi_.pyd
MOD - [2013/01/08 13:56:04 | 000,731,136 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._misc_.pyd
MOD - [2013/01/08 13:56:04 | 000,645,120 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\_ssl.pyd
MOD - [2013/01/08 13:56:04 | 000,571,392 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\pysqlite2._sqlite.pyd
MOD - [2013/01/08 13:56:04 | 000,354,304 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\pythoncom26.dll
MOD - [2013/01/08 13:56:04 | 000,311,808 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\_hashlib.pyd
MOD - [2013/01/08 13:56:04 | 000,263,168 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32com.shell.shell.pyd
MOD - [2013/01/08 13:56:04 | 000,121,856 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._wizard.pyd
MOD - [2013/01/08 13:56:04 | 000,111,104 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32file.pyd
MOD - [2013/01/08 13:56:04 | 000,110,592 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32security.pyd
MOD - [2013/01/08 13:56:04 | 000,110,592 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\PyWinTypes26.dll
MOD - [2013/01/08 13:56:04 | 000,096,256 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32api.pyd
MOD - [2013/01/08 13:56:04 | 000,086,016 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\_elementtree.pyd
MOD - [2013/01/08 13:56:04 | 000,073,728 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\_ctypes.pyd
MOD - [2013/01/08 13:56:04 | 000,070,656 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._html2.pyd
MOD - [2013/01/08 13:56:04 | 000,040,448 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\_socket.pyd
MOD - [2013/01/08 13:56:04 | 000,039,424 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32inet.pyd
MOD - [2013/01/08 13:56:04 | 000,036,352 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32process.pyd
MOD - [2013/01/08 13:56:04 | 000,023,040 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32ts.pyd
MOD - [2013/01/08 13:56:04 | 000,022,528 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32pdh.pyd
MOD - [2013/01/08 13:56:04 | 000,017,920 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32profile.pyd
MOD - [2013/01/08 13:56:04 | 000,011,776 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32crypt.pyd
MOD - [2013/01/08 13:56:03 | 001,056,256 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\wx._controls_.pyd
MOD - [2013/01/08 13:56:03 | 000,585,728 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\unicodedata.pyd
MOD - [2013/01/08 13:56:03 | 000,153,088 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\pyexpat.pyd
MOD - [2013/01/08 13:56:03 | 000,017,920 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\win32event.pyd
MOD - [2013/01/08 13:56:03 | 000,011,776 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Temp\_MEI35882\select.pyd
MOD - [2012/12/13 21:04:55 | 001,879,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\67668ff81a0ddfbfeb228e67a87fbfb3\System.Xaml.ni.dll
MOD - [2012/12/13 21:04:40 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\c612f071f9fedbf02702e6a7b738eb7a\PresentationFramework.ni.dll
MOD - [2012/12/13 21:04:40 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\41ed65e6f9bcf0277df48e5157b9ae85\PresentationFramework.Aero2.ni.dll
MOD - [2012/12/13 21:04:30 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a5ec93bab2670698bb14c517f693ba6\PresentationCore.ni.dll
MOD - [2012/12/13 20:39:01 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\65ec9332b8f812c6d62492f99bd36c7d\WindowsBase.ni.dll
MOD - [2012/12/12 13:46:25 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2012/12/12 13:46:20 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2012/12/12 13:45:52 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2012/12/12 13:41:41 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2012/12/12 13:41:15 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2012/12/12 13:41:06 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/07 16:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/25 23:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 22:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/01/26 16:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/16 16:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 20:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/11/09 06:35:26 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/06 02:36:14 | 000,096,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/11/06 02:35:34 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/31 15:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/08/16 03:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/16 02:01:20 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/01 22:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/26 00:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 20:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/23 22:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 01:09:08 | 000,295,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 09:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 08:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 09:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 09:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 09:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 22:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/18 17:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/12/13 20:03:08 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121218064637.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121218064637.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A223DD4-8F82-416A-849D-D033A37B782A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/08 16:54:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/01/08 15:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/01/08 15:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/01/08 15:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/01 20:06:23 | 000,000,000 | --SD | C] -- C:\Users\Jeff\Google Drive
[2013/01/01 20:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/12/31 22:48:59 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Programs
[2012/12/18 17:04:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/17 22:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\WinPatrol
[2012/12/17 22:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/12/17 22:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/17 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/12/17 22:12:15 | 000,870,088 | ---- | C] (BillP Studios) -- C:\Users\Jeff\Desktop\wpsetup.exe
[2012/12/15 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Malwarebytes
[2012/12/15 19:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/15 19:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/15 19:53:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/15 19:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/13 22:06:56 | 000,000,000 | ---D | C] -- C:\sources
[2012/12/13 18:40:39 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/12/12 16:07:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\CyberLink
[2012/12/12 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\CyberLink
[2012/12/12 16:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/12/12 15:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kyocera
[2012/12/12 14:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/12 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/12/12 14:27:53 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/12/12 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/12/12 14:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/12/12 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Microsoft Help
[2012/12/12 14:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/12/12 14:25:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/12/12 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\Microsoft Office Home & Student 2010 - 3PC-1User
[2012/12/12 13:33:47 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\Amazon Downloader Logs
[2012/12/12 13:23:40 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Macromedia
[2012/12/12 13:23:17 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Adobe
[2012/12/12 13:21:49 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\ASUS icons
[2012/12/12 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\All from old computer
[2012/12/12 12:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/12 12:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/12/12 12:34:29 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Google
[2012/12/12 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Apps
[2012/12/12 12:34:07 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Deployment
[2012/12/12 12:26:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\ASUS WebStorage
[2012/12/12 12:25:35 | 000,000,000 | R--D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/12/12 12:25:35 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Searches
[2012/12/12 12:25:35 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Contacts
[2012/12/12 12:25:35 | 000,000,000 | R--D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/12/12 12:25:35 | 000,000,000 | -H-D | C] -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/12/12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Adobe
[2012/12/12 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2012/12/12 12:24:06 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\VirtualStore
[2012/12/12 12:23:53 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Packages
[2012/12/12 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\ASUS
[2012/12/12 12:23:37 | 000,000,000 | --SD | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Videos
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Saved Games
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Pictures
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Music
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Links
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Favorites
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Downloads
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Documents
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\Desktop
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/12 12:23:37 | 000,000,000 | R--D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\AppData\Local\Temporary Internet Files
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Templates
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Start Menu
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\SendTo
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Recent
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\PrintHood
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\NetHood
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Documents\My Videos
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Documents\My Pictures
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Documents\My Music
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\My Documents
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Local Settings
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\AppData\Local\History
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Cookies
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\Application Data
[2012/12/12 12:23:37 | 000,000,000 | -HSD | C] -- C:\Users\Jeff\AppData\Local\Application Data
[2012/12/12 12:23:37 | 000,000,000 | -H-D | C] -- C:\Users\Jeff\AppData
[2012/12/12 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Temp
[2012/12/12 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Microsoft
[2012/12/12 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

========== Files - Modified Within 30 Days ==========

[2013/01/08 16:54:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/01/08 16:52:21 | 000,000,380 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\sp_data.sys
[2013/01/08 16:52:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/08 16:39:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/08 15:00:18 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/08 13:55:51 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/08 13:55:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/08 13:55:17 | 3340,075,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 19:44:06 | 001,192,434 | ---- | M] () -- C:\Users\Jeff\Desktop\TheJungle.pdf
[2013/01/05 17:35:40 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/05 17:35:40 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/05 17:35:40 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/01 20:06:24 | 000,001,658 | ---- | M] () -- C:\Users\Jeff\Desktop\Google Drive.lnk
[2012/12/31 22:49:20 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/31 22:44:18 | 000,356,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/29 13:47:59 | 000,218,355 | ---- | M] () -- C:\Users\Jeff\Desktop\animal_farm.pdf
[2012/12/17 22:12:11 | 000,870,088 | ---- | M] (BillP Studios) -- C:\Users\Jeff\Desktop\wpsetup.exe
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/12 12:50:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/12 12:36:17 | 000,002,291 | ---- | M] () -- C:\Users\Jeff\Desktop\Google Chrome.lnk
[2012/12/12 12:31:35 | 000,001,426 | ---- | M] () -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/01/08 15:00:18 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/06 19:44:05 | 001,192,434 | ---- | C] () -- C:\Users\Jeff\Desktop\TheJungle.pdf
[2013/01/04 10:32:45 | 000,002,060 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
[2013/01/01 20:06:24 | 000,001,658 | ---- | C] () -- C:\Users\Jeff\Desktop\Google Drive.lnk
[2012/12/31 22:49:20 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/31 22:43:58 | 000,356,320 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/29 13:47:59 | 000,218,355 | ---- | C] () -- C:\Users\Jeff\Desktop\animal_farm.pdf
[2012/12/15 08:54:38 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/12/12 12:50:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2012/12/12 12:36:17 | 000,002,291 | ---- | C] () -- C:\Users\Jeff\Desktop\Google Chrome.lnk
[2012/12/12 12:34:37 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/12 12:34:36 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/12 12:31:35 | 000,001,426 | ---- | C] () -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/12 12:26:13 | 000,000,380 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\sp_data.sys
[2012/12/12 12:25:29 | 000,001,432 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/12 12:23:37 | 000,000,352 | ---- | C] () -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/12 12:23:37 | 000,000,334 | ---- | C] () -- C:\Users\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/22 07:13:17 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/22 07:13:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/22 07:13:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/04 21:25:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 21:25:06 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 19:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 15:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 15:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/09/29 13:53:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/12 12:26:22 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\ASUS WebStorage
[2012/12/17 22:14:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

How do you connect to the internet?
  • 0

#3
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thank you for your response.

I connect to the internet via wireless modem at home. It is a comcast connection with a wireless router. I also connect at work via att with a uverse wireless router. I am currently at home.

The severe slowness was at work yesterday on the uverse wireless. I confirmed with att that all was well on their end. At home it was better but still slow. Today it has been a bit better in both locations. The severe slowness has not been as present today. It may have been a temporary glitch.

I have done as instructed and the log is pasted below. There may not be a problem but I appreciate your review and feedback.


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 94.39 0 K 20 K
procexp64.exe 3812 1.87 20,120 K 46,608 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 0.61 0 K 0 K Hardware Interrupts and DPCs
System 4 0.58 140 K 13,532 K
dwm.exe 572 0.54 26,212 K 21,952 K (Unable to verify) (null)
csrss.exe 688 0.46 2,320 K 22,064 K (Unable to verify) (null)
svchost.exe 444 0.36 78,152 K 65,280 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AsusTPCenter.exe 264 0.33 2,652 K 1,552 K ASUS Smart Gesture Center AsusTek (Verified) ASUSTeK Computer Inc.
explorer.exe 5464 0.16 26,028 K 44,220 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 416 0.13 15,028 K 16,544 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1308 0.10 29,308 K 27,316 K Google Chrome Google Inc. (Verified) Google Inc
AsusTPLoader.exe 3372 0.09 1,488 K 528 K ASUS Smart Gesture Loader AsusTek (Verified) ASUSTeK Computer Inc.
QuickGesture.exe 3416 0.08 1,652 K 880 K ASUS Quick Gesture Exe ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
QuickGesture64.exe 3404 0.07 1,512 K 800 K ASUS Quick Gesture Exe ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
chrome.exe 6752 0.05 103,288 K 114,492 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4796 0.04 111,040 K 86,360 K Google Chrome Google Inc. (Verified) Google Inc
googledrivesync.exe 128 0.03 87,212 K 45,776 K Google Drive Google (Verified) Google Inc
LMS.exe 4568 0.03 1,904 K 2,292 K Local Manageability Service Intel Corporation (Verified) Intel Corporation
LiveUpdate.exe 3244 0.02 42,740 K 3,420 K (Unable to verify) (null)
RIconMan.exe 4300 0.02 1,616 K 1,512 K Realtek Card Reader Patch Tool. Realsil Microelectronics Inc. (Unable to verify) Realsil Microelectronics Inc.
McSvHost.exe 1972 < 0.01 37,156 K 25,236 K McAfee Service Host McAfee, Inc. (Verified) McAfee
lsass.exe 784 < 0.01 4,988 K 6,352 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
BatteryLife.exe 2716 < 0.01 1,948 K 1,804 K (Unable to verify) (null)
svchost.exe 1092 < 0.01 19,544 K 13,204 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mcshield.exe 4892 < 0.01 230,772 K 92,492 K McAfee On-Access Scanner service McAfee, Inc. (Verified) McAfee
svchost.exe 1472 < 0.01 22,104 K 20,700 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 612 < 0.01 1,912 K 1,760 K (Unable to verify) (null)
chrome.exe 5708 < 0.01 39,160 K 15,868 K Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 232 < 0.01 45,800 K 33,468 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
InsOnSrv.exe 1632 < 0.01 1,368 K 1,540 K ASUS InstantOn Program ASUS (Verified) ASUSTeK Computer Inc.
AsusTPHelper.exe 3968 < 0.01 692 K 368 K (Unable to verify) (null)
InsOnWMI.exe 2804 < 0.01 15,768 K 6,052 K (Unable to verify) (null)
ACMON.exe 3128 < 0.01 2,328 K 4,480 K ACMON ASUS (Verified) ASUSTeK Computer Inc.
HControl.exe 2756 < 0.01 1,600 K 2,812 K (Unable to verify) (null)
spoolsv.exe 1392 < 0.01 4,964 K 3,724 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1292 2,320 K 2,780 K (Unable to verify) (null)
WinPatrol.exe 2464 5,556 K 5,540 K WinPatrol System Monitor BillP Studios (Verified) BillP Studios
winlogon.exe 732 1,684 K 2,280 K (Unable to verify) (null)
wininit.exe 668 880 K 116 K (Unable to verify) (null)
USBChargerPlus.exe 2664 1,508 K 388 K (Unable to verify) (null)
UNS.exe 2272 3,236 K 2,864 K User Notification Service Intel Corporation (Verified) Intel Corporation
taskhostex.exe 2680 6,580 K 4,500 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 948 6,648 K 6,468 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1452 6,468 K 7,496 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 892 3,576 K 5,072 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1000 19,372 K 16,852 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5824 1,584 K 1,800 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1844 2,308 K 2,544 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2472 1,640 K 2,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 284 K 268 K (Unable to verify) (null)
services.exe 776 6,088 K 7,040 K (Unable to verify) (null)
SearchIndexer.exe 3392 36,848 K 13,644 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5796 2,868 K 4,684 K Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 3212 3,580 K 2,896 K Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 4316 2,052 K 7,088 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PDVD10Serv.exe 3872 1,540 K 1,636 K PowerDVD RC Service CyberLink Corp. (Verified) CyberLink
OSPPSVC.EXE 4564 2,804 K 7,508 K (Unable to verify) (null)
mfevtps.exe 1780 6,700 K 4,676 K McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfefire.exe 1892 2,940 K 3,744 K McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mcagent.exe 1204 23,952 K 2,280 K McAfee Security Center McAfee, Inc. (Verified) McAfee
LiveComm.exe 5892 Suspended 4,596 K 2,936 K Communications Service Microsoft Corporation (Verified) Microsoft Corporation
KBFiltr.exe 3152 1,076 K 1,408 K (Unable to verify) (null)
Jhi_service.exe 1752 1,084 K 72 K Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
igfxtray.exe 2624 1,504 K 2,660 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3016 1,688 K 3,168 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 3148 1,388 K 1,320 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HeciServer.exe 1684 1,236 K 864 K Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel Upgrade Service
googledrivesync.exe 3588 824 K 128 K Google Drive Google (Verified) Google Inc
glcnd.exe 5820 Suspended 44,204 K 1,160 K Windows Reader Microsoft Corporation (Unable to verify) Microsoft Corporation
GFNEXSrv.exe 1260 824 K 80 K GFNEXSrv ASUS (Verified) ASUSTeK Computer Inc.
DMedia.exe 3292 1,208 K 704 K (Unable to verify) (null)
dllhost.exe 856 1,504 K 5,256 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 1700 6,364 K 11,068 K (Unable to verify) (null)
ATKOSD2.exe 3336 2,340 K 5,120 K (Unable to verify) (null)
AsLdrSrv.exe 1196 1,020 K 944 K ASLDR Service ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
armsvc.exe 1576 1,132 K 68 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ACEngSvr.exe 3024 1,684 K 2,148 K ACEngSvr Module ASUSTeK (Verified) ASUSTeK Computer Inc.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
System Idle Process 0 94.39 0 K 20 K

Not seeing any slowness right now. If it happens again, run Process Explorer and make a log as before. That may help isolate the problem.

Let's check for errors:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(Does it complain that it could fix something?)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application

Also let's get some more info:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#5
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

Thanks for your help.

I ran the /scannow thing. It said that it found corrupt files and repaired them. I tried to download the event viewer tool. The link led me to a 'can't find it' page. I've done nothing else. My browsers are working well. Shall I continue or not?

I'm satisfied with current speed.

Thanks again
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
If you are happy we can stop but it would be smart to run the event viewer tool. It appears the server is moving and the file got lost. I have a copy which I will attach. Download, Save and then right click on it and Extract All.

If you want to quit then here is the goodbye speech:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#7
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
I've done the remaining tasks (VEW, speccy, speedtest). Things seem to be running well. Do you see any concerns?


Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/01/2013 10:33:07 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2013 3:18:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2013 3:22:27 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 11/01/2013 3:18:41 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 11:34:20 PM on ?1/?10/?2013 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2013 3:22:08 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:22:08 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:22:08 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:22:08 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:17:14 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/01/2013 4:44:42 AM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user J2Academy\Jeff to restart/shutdown computer J2ACADEMY failed

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.



Summary
Operating System
Microsoft Windows 8 64-bit
CPU
Intel Core i5 3210M @ 2.50GHz 36 C
Ivy Bridge 22nm Technology
RAM
4.00 GB Single-Channel DDR3 @ 798MHz (11-11-11-28)
Motherboard
ASUSTeK COMPUTER INC. K55A (SOCKET 0) 35 C
Graphics
Generic PnP Monitor ([email protected])
Intel HD Graphics 4000
Hard Drives
466GB Seagate ST500LM012 HN-M500MBB (SATA) 29 C
Optical Drives
Slimtype DVD A
Audio
Realtek High Definition Audio
Operating System
Microsoft Windows 8 64-bit
Computer type: Notebook
Installation Date: 12 December 2012, 12:23

Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every Day
Schedule Time
Windows Defender
Windows Defender Disabled
Firewall
Firewall Enabled
Display Name McAfee Firewall
Antivirus
McAfee Anti-Virus and Anti-Spyware
Antivirus Enabled
Virus Signature Database Up to date
Windows Defender
Antivirus Disabled
Virus Signature Database Up to date
.NET Frameworks installed
v4.5 Full
v4.5 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Environment Variables
USERPROFILE C:\Users\Jeff
SystemRoot C:\Windows
User Variables
TMP C:\Users\Jeff\AppData\Local\Temp
TEMP C:\Users\Jeff\AppData\Local\Temp
Machine Variables
FP_NO_HOST_CHECK NO
USERNAME SYSTEM
Path C:\Program Files (x86)\Intel\iCLS Client\
C:\Program Files\Intel\iCLS Client\
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
C:\Program Files\Intel\Intel Management Engine Components\DAL
C:\Program Files\Intel\Intel Management Engine Components\IPT
C:\Program Files (x86)\Intel\Intel Management Engine Components\DAL
C:\Program Files (x86)\Intel\Intel Management Engine Components\IPT
C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86
C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
ComSpec C:\Windows\system32\cmd.exe
TMP C:\Windows\TEMP
OS Windows_NT
windir C:\Windows
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\Windows\TEMP
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 4
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
PROCESSOR_REVISION 3a09
configsetroot C:\Windows\ConfigSetRoot
Battery
AC Line Offline
Battery Charge % 68 %
Battery State High
Remaining Battery Time 4 : 25
Power Profile
Active power scheme Power4Gear Battery Saving
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 10 min
Turn Off Monitor after: (On Battery Power) 3 min
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 3 min
Suspend after: (On AC Power) 15 min
Suspend after: (On Battery Power) 15 min
Screen saver Enabled
Uptime
Current Session
Current Time 1/11/2013 10:36:34 AM
Current Uptime 1,100 sec (0 d, 00 h, 18 m, 20 s)
Last Boot Time 1/11/2013 10:18:14 AM
TimeZone
TimeZone GMT -5:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
acengsvr.exe
Process ID 2808
User Jeff
Domain J2Academy
Path C:\Windows\SysWOW64\ACEngSvr.exe
Memory Usage 220 KB
Peak Memory Usage 8.71 MB
acmon.exe
Process ID 3496
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Memory Usage 660 KB
Peak Memory Usage 8.80 MB
adobearm.exe
Process ID 3924
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Memory Usage 764 KB
Peak Memory Usage 25 MB
armsvc.exe
Process ID 1588
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Memory Usage 168 KB
Peak Memory Usage 3.80 MB
asldrsrv.exe
Process ID 1204
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
Memory Usage 132 KB
Peak Memory Usage 3.66 MB
asustpcenter.exe
Process ID 1948
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
Memory Usage 804 KB
Peak Memory Usage 14 MB
asustphelper.exe
Process ID 4632
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
Memory Usage 320 KB
Peak Memory Usage 3.11 MB
asustploader.exe
Process ID 408
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
Memory Usage 456 KB
Peak Memory Usage 6.89 MB
atkosd2.exe
Process ID 3636
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
Memory Usage 612 KB
Peak Memory Usage 5.27 MB
audiodg.exe
Process ID 4616
batterylife.exe
Process ID 2696
User Jeff
Domain J2Academy
Path C:\Program Files\ASUS\P4G\BatteryLife.exe
Memory Usage 1.65 MB
Peak Memory Usage 7.00 MB
chrome.exe
Process ID 4572
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 13 MB
Peak Memory Usage 59 MB
chrome.exe
Process ID 4500
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 138 MB
Peak Memory Usage 171 MB
chrome.exe
Process ID 1164
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 14 MB
Peak Memory Usage 100 MB
chrome.exe
Process ID 3500
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 55 MB
Peak Memory Usage 109 MB
chrome.exe
Process ID 4556
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 33 MB
Peak Memory Usage 33 MB
csrss.exe
Process ID 612
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 1.56 MB
Peak Memory Usage 3.87 MB
csrss.exe
Process ID 692
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 8.90 MB
Peak Memory Usage 17 MB
dashost.exe
Process ID 1792
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\dashost.exe
Memory Usage 2.61 MB
Peak Memory Usage 9.57 MB
dmedia.exe
Process ID 3620
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
Memory Usage 460 KB
Peak Memory Usage 4.81 MB
dwm.exe
Process ID 388
User DWM-1
Domain Window Manager
Path C:\Windows\system32\dwm.exe
Memory Usage 14 MB
Peak Memory Usage 34 MB
explorer.exe
Process ID 3224
User Jeff
Domain J2Academy
Path C:\Windows\Explorer.EXE
Memory Usage 69 MB
Peak Memory Usage 360 MB
gfnexsrv.exe
Process ID 1276
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
Memory Usage 112 KB
Peak Memory Usage 2.64 MB
googledrivesync.exe
Process ID 4192
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Memory Usage 6.52 MB
Peak Memory Usage 92 MB
googledrivesync.exe
Process ID 1344
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Memory Usage 168 KB
Peak Memory Usage 14 MB
hcontrol.exe
Process ID 3196
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
Memory Usage 520 KB
Peak Memory Usage 5.80 MB
heciserver.exe
Process ID 1764
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Intel\iCLS Client\HeciServer.exe
Memory Usage 224 KB
Peak Memory Usage 4.86 MB
hkcmd.exe
Process ID 1252
User Jeff
Domain J2Academy
Path C:\Windows\System32\hkcmd.exe
Memory Usage 464 KB
Peak Memory Usage 5.28 MB
igfxpers.exe
Process ID 3964
User Jeff
Domain J2Academy
Path C:\Windows\system32\igfxpers.exe
Memory Usage 464 KB
Peak Memory Usage 6.27 MB
igfxtray.exe
Process ID 1348
User Jeff
Domain J2Academy
Path C:\Windows\System32\igfxtray.exe
Memory Usage 432 KB
Peak Memory Usage 5.49 MB
insoncfg.exe
Process ID 3188
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
Memory Usage 1.91 MB
Peak Memory Usage 7.89 MB
insonsrv.exe
Process ID 1696
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
Memory Usage 1.33 MB
Peak Memory Usage 4.91 MB
insonwmi.exe
Process ID 3132
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
Memory Usage 2.67 MB
Peak Memory Usage 6.73 MB
jhi_service.exe
Process ID 1828
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\DAL\jhi_service.exe
Memory Usage 156 KB
Peak Memory Usage 4.08 MB
kbfiltr.exe
Process ID 3464
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
Memory Usage 416 KB
Peak Memory Usage 3.97 MB
livecomm.exe
Process ID 3888
User Jeff
Domain J2Academy
Path C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
Memory Usage 5.61 MB
Peak Memory Usage 10 MB
liveupdate.exe
Process ID 4536
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Memory Usage 3.43 MB
Peak Memory Usage 49 MB
lms.exe
Process ID 972
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
Memory Usage 1.15 MB
Peak Memory Usage 4.22 MB
lsass.exe
Process ID 796
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 4.25 MB
Peak Memory Usage 33 MB
mcagent.exe
Process ID 3152
User Jeff
Domain J2Academy
Path C:\Program Files\mcafee.com\agent\mcagent.exe
Memory Usage 1.95 MB
Peak Memory Usage 48 MB
mcshield.exe
Process ID 4548
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Memory Usage 79 MB
Peak Memory Usage 243 MB
mcsvhost.exe
Process ID 1884
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
Memory Usage 19 MB
Peak Memory Usage 41 MB
mfefire.exe
Process ID 1988
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
Memory Usage 1.86 MB
Peak Memory Usage 5.79 MB
mfevtps.exe
Process ID 1852
User SYSTEM
Domain NT AUTHORITY
Path C:\windows\system32\mfevtps.exe
Memory Usage 4.54 MB
Peak Memory Usage 22 MB
pdvd10serv.exe
Process ID 2560
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
Memory Usage 544 KB
Peak Memory Usage 5.33 MB
quickgesture.exe
Process ID 2468
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
Memory Usage 668 KB
Peak Memory Usage 5.52 MB
quickgesture64.exe
Process ID 1088
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
Memory Usage 508 KB
Peak Memory Usage 5.47 MB
ravcpl64.exe
Process ID 3192
User Jeff
Domain J2Academy
Path C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Memory Usage 952 KB
Peak Memory Usage 9.88 MB
riconman.exe
Process ID 4848
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
Memory Usage 644 KB
Peak Memory Usage 5.45 MB
runtimebroker.exe
Process ID 4172
User Jeff
Domain J2Academy
Path C:\Windows\System32\RuntimeBroker.exe
Memory Usage 2.84 MB
Peak Memory Usage 6.90 MB
searchfilterhost.exe
Process ID 2280
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchFilterHost.exe
Memory Usage 4.70 MB
Peak Memory Usage 4.71 MB
searchindexer.exe
Process ID 4012
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchIndexer.exe
Memory Usage 9.55 MB
Peak Memory Usage 15 MB
searchprotocolhost.exe
Process ID 4236
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchProtocolHost.exe
Memory Usage 7.75 MB
Peak Memory Usage 7.75 MB
services.exe
Process ID 788
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 5.32 MB
Peak Memory Usage 22 MB
smss.exe
Process ID 324
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 88 KB
Peak Memory Usage 988 KB
speccy64.exe
Process ID 4792
User Jeff
Domain J2Academy
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 24 MB
Peak Memory Usage 24 MB
spoolsv.exe
Process ID 1420
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\spoolsv.exe
Memory Usage 2.77 MB
Peak Memory Usage 43 MB
svchost.exe
Process ID 980
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 52 MB
Peak Memory Usage 116 MB
svchost.exe
Process ID 628
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 7.60 MB
Peak Memory Usage 87 MB
svchost.exe
Process ID 500
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 18 MB
Peak Memory Usage 112 MB
svchost.exe
Process ID 1012
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 12 MB
Peak Memory Usage 83 MB
svchost.exe
Process ID 4420
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 5.58 MB
Peak Memory Usage 5.58 MB
svchost.exe
Process ID 904
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 3.79 MB
Peak Memory Usage 30 MB
svchost.exe
Process ID 2368
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 228 KB
Peak Memory Usage 17 MB
svchost.exe
Process ID 1464
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 3.99 MB
Peak Memory Usage 37 MB
svchost.exe
Process ID 964
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 3.86 MB
Peak Memory Usage 24 MB
svchost.exe
Process ID 1916
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 312 KB
Peak Memory Usage 36 MB
svchost.exe
Process ID 1484
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 8.52 MB
Peak Memory Usage 82 MB
svchost.exe
Process ID 1104
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 6.50 MB
Peak Memory Usage 48 MB
system
Process ID 4
system idle process
Process ID 0
taskhost.exe
Process ID 208
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\taskhost.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
taskhostex.exe
Process ID 1940
User Jeff
Domain J2Academy
Path C:\Windows\system32\taskhostex.exe
Memory Usage 2.97 MB
Peak Memory Usage 8.74 MB
uns.exe
Process ID 4776
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel Management Engine Components\UNS\UNS.exe
Memory Usage 248 KB
Peak Memory Usage 11 MB
usbchargerplus.exe
Process ID 3204
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
Memory Usage 540 KB
Peak Memory Usage 5.13 MB
wininit.exe
Process ID 672
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 204 KB
Peak Memory Usage 3.56 MB
winlogon.exe
Process ID 748
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 1.01 MB
Peak Memory Usage 28 MB
winpatrol.exe
Process ID 2868
User Jeff
Domain J2Academy
Path C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
Memory Usage 3.70 MB
Peak Memory Usage 8.46 MB
wmiprvse.exe
Process ID 3444
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 2.18 MB
Peak Memory Usage 5.27 MB
wmiprvse.exe
Process ID 2276
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 9.01 MB
Peak Memory Usage 9.17 MB
Scheduler
1/11/2013 10:39 AM; GoogleUpdateTaskMachineUA
1/12/2013 9:39 AM; GoogleUpdateTaskMachineCore
ASUS InstantOn Config
ASUS Live Update
ASUS P4G
ASUS Touchpad Launcher (x64)
ASUS USB Charger Plus
CCleanerSkipUAC
Optimize Start Menu Cache Files-S-1-5-21-1585079850-2150493585-376066139-1001
Hotfixes
1/10/2013 Update for Windows 8 for x64-based Systems (KB2756872)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/10/2013 Windows Malicious Software Removal Tool for Windows 8 and Windows Server 2012 x64-based Systems - January 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
1/9/2013 Update for Internet Explorer Flash Player for Windows 8 for x64-based Systems (KB2796096)
This update addresses the vulnerability discussed in Microsoft
Security Advisory (KB2796096). Security issues have been identified
that could allow an attacker to compromise a computer running
Internet Explorer Flash Player for Windows 8 and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
1/9/2013 Security Update for Windows 8 for x64-based Systems (KB2785220)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
1/9/2013 Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64 (KB2742614)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/9/2013 Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2742616)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/9/2013 Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2736693)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
1/9/2013 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
This update provides the latest junk email and malicious links
filter definitions for Microsoft Office 2010 32-Bit Edition.
1/9/2013 Security Update for Windows 8 for x64-based Systems (KB2778930)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/9/2013 Security Update for Windows 8 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/9/2013 Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2756923)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/21/2012 Security Update for Windows 8 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/15/2012 Update for Windows 8 for x64-based Systems (KB2770917)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/15/2012 Update for Windows 8 for x64-based Systems (KB2779768)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/14/2012 Update for Windows 8 for x64-based Systems (KB2771431)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Security Update for Windows 8 for x64-based Systems (KB2727528)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Update for Microsoft Camera Codec Pack for Windows 8 for x64-based Systems (KB2779444)
Installing the Microsoft Camera Codec Pack enables the viewing
of a variety of device-specific file formats and will allow supported
RAW camera files to be viewable in applications in Windows. For
a complete listing of supported cameras, see the associated Microsoft
Knowledge Base Article for more information. After you install
this item, you may have to restart your computer.
12/13/2012 Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Microsoft has released an update for Microsoft SharePoint Workspace
2010 32-Bit Edition. This update provides the latest fixes to
Microsoft SharePoint Workspace 2010 32-Bit Edition. Additionally,
this update contains stability and performance improvements.
12/13/2012 Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Microsoft has released an update for Microsoft OneNote 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft OneNote
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Microsoft Office 2010 (KB2566458), 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010, 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010, 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
A security vulnerability exists in Microsoft Word 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2769165)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Windows Malicious Software Removal Tool for Windows 8 and Windows Server 2012 x64-based Systems - December 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
12/13/2012 Update for Office File Validation 2010 (KB2553065), 32-bit Edition
Microsoft has released an update for Microsoft Office File Validation
2010, 32-bit Edition. This update provides the latest fixes to
Microsoft Office File Validation 2010, 32-bit Edition. Additionally,
this update contains stability and performance improvements.
12/13/2012 Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Security Update for Windows 8 for x64-based Systems (KB2779030)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2768703)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2779562)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
12/13/2012 Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2780541)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2769034)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2737084)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
A security vulnerability exists in Microsoft InfoPath 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
A security vulnerability exists in Microsoft Visio Viewer 2010
32-Bit Edition that could allow arbitrary code to run when a
maliciously modified file is opened. This update resolves that
vulnerability.
12/13/2012 Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Windows 8 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 32-Bit Edition
A security vulnerability exists in Microsoft SharePoint Workspace
2010, 32-Bit Edition that could allow arbitrary code to run when
a maliciously modified file is opened. This update resolves that
vulnerability.
12/13/2012 Security Update for Microsoft Office 2010 (KB2553096), 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010, 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2777294)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
This update provides the latest junk email and malicious links
filter definitions for Microsoft Office 2010 32-Bit Edition.
12/13/2012 Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Windows 8 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Microsoft Office 2010 (KB2553091), 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010, 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2772501)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Windows 8 for x64-based Systems (KB2751352)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
12/13/2012 Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Microsoft has released an update for Microsoft OneNote 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft OneNote
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
A security vulnerability exists in Microsoft Excel 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/13/2012 Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB2761465)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/13/2012 Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Microsoft has released an update for Microsoft Outlook Social
Connector 2010 32-Bit Edition. This update provides the latest
fixes to Microsoft Outlook Social Connector 2010 32-Bit Edition.
Additionally, this update contains stability and performance
improvements.
12/13/2012 Update for Internet Explorer Flash Player for Windows 8 for x64-based Systems (KB2785605)
This update addresses the vulnerability discussed in Microsoft
Security Advisory (KB2785605). Security issues have been identified
that could allow an attacker to compromise a computer running
Internet Explorer Flash Player for Windows 8 and gain control
over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have
to restart your computer.
12/13/2012 Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Microsoft has released an update for Microsoft Outlook 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Outlook
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/13/2012 Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
A security vulnerability exists in Microsoft PowerPoint 2010
32-Bit Edition that could allow arbitrary code to run when a
maliciously modified file is opened. This update resolves that
vulnerability.
12/13/2012 Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
12/12/2012 Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/12/2012 Update for Windows 8 for x64-based Systems (KB2751352)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
9/29/2012 Update for Windows (KB2755855)
Fix for KB2755855
System Folders
Path for burning CD C:\Users\Jeff\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\Jeff\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\Jeff\Desktop
Physical Desktop C:\Users\Jeff\Desktop
User Favorites C:\Users\Jeff\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\Jeff\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\Jeff\AppData\Local
Windows Directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Services
Running Adobe Acrobat Update Service
Running Application Experience
Running Application Information
Running ASLDR Service
Running ASUS InstantOn Service
Running ATKGFNEX Service
Running Background Intelligent Transfer Service
Running Background Tasks Infrastructure Service
Running Base Filtering Engine
Running Certificate Propagation
Running COM+ Event System
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Device Association Service
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Diagnostic System Host
Running Distributed Link Tracking Client
Running DNS Client
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running HomeGroup Provider
Running Human Interface Device Access
Running IconMan_R
Running IKE and AuthIP IPsec Keying Modules
Running Intel Capability Licensing Service Interface
Running Intel Dynamic Application Loader Host Interface Service
Running Intel Management and Security Application Local Management Service
Running Intel Management and Security Application User Notification Service
Running IP Helper
Running IPsec Policy Agent
Running Local Session Manager
Running McAfee Anti-Spam Service
Running McAfee Firewall Core Service
Running McAfee McShield
Running McAfee Network Agent
Running McAfee Personal Firewall Service
Running McAfee Proxy Service
Running McAfee Services
Running McAfee Validation Trust Protection Service
Running McAfee VirusScan Announcer
Running Multimedia Class Scheduler
Running Network Connected Devices Auto-Setup
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Peer Name Resolution Protocol
Running Peer Networking Identity Manager
Running Plug and Play
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running System Events Broker
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Themes
Running Time Broker
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Connection Manager
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Search
Running Windows Update
Running WinHTTP Web Proxy Auto-Discovery Service
Running WLAN AutoConfig
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped CNG Key Isolation
Stopped COM+ System Application
Stopped Computer Browser
Stopped Credential Manager
Stopped Device Install Service
Stopped Device Setup Manager
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Extensible Authentication Protocol
Stopped Family Safety
Stopped Fax
Stopped File History Service
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Group Policy Client
Stopped Health Key and Certificate Management
Stopped HomeGroup Listener
Stopped Hyper-V Data Exchange Service
Stopped Hyper-V Guest Shutdown Service
Stopped Hyper-V Heartbeat Service
Stopped Hyper-V Remote Desktop Virtualization Service
Stopped Hyper-V Time Synchronization Service
Stopped Hyper-V Volume Shadow Copy Requestor
Stopped Intel Content Protection HECI Service
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped McAfee Activation Service
Stopped McAfee OOBE Service
Stopped McAfee Scanner
Stopped Microsoft Account Sign-in Assistant
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Network Connectivity Assistant
Stopped Office Source Engine
Stopped Office Software Protection Platform
Stopped Optimize drives
Stopped Peer Networking Grouping
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Printer Extensions and Notifications
Stopped Problem Reports and Solutions Control Panel Support
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Desktop Services UserMode Port Redirector
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Sensor Monitoring Service
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped Spot Verifier
Stopped Still Image Acquisition Events
Stopped Storage Service
Stopped Telephony
Stopped Thread Ordering Server
Stopped Touch Keyboard and Handwriting Panel Service
Stopped UPnP Device Host
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows All-User Install Agent
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Defender Service
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Installer
Stopped Windows Media Player Network Sharing Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Store Service (WSService)
Stopped Windows Time
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
Security Options
Accounts: Administrator account status Disabled
Accounts: Block Microsoft accounts Not Defined
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Machine account lockout threshold Not Defined
Interactive logon: Machine inactivity limit Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Attempt S4U2Self to obtain claim information Not Defined
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network security: Allow PKU2U authentication requests to this computer to use online identities.

Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems Posix
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x64-based PC
Microsoft ACPI-Compliant System
System board
Intel Core i5-3210M CPU @ 2.50GHz
Intel Core i5-3210M CPU @ 2.50GHz
Intel Core i5-3210M CPU @ 2.50GHz
Intel Core i5-3210M CPU @ 2.50GHz
Microsoft Windows Management Interface for ACPI
Motherboard resources
ACPI Thermal Zone
ACPI Lid
ACPI Sleep Button
ACPI Fixed Feature Button
PCI Express Root Complex
3rd Gen Core processor DRAM Controller - 0154
Intel Management Engine Interface
Intel 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10
Intel 7 Series/C216 Chipset Family SMBus Host Controller - 1E22
System board
Motherboard resources
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
Motherboard resources
Intel® HD Graphics 4000
Generic PnP Monitor
Intel® USB 3.0 eXtensible Host Controller - 0100 (Microsoft)
USB Root Hub (xHCI)
USB Composite Device
USB Input Device
HID-compliant mouse
USB Input Device
HID-compliant consumer control device
HID-compliant device
HID-compliant device
Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
USB Root Hub
Generic USB Hub
USB Composite Device
ASUS USB2.0 Webcam
High Definition Audio Controller
Intel Display Audio
Realtek High Definition Audio
Speakers (Realtek High Definition Audio)
Microphone (Realtek High Definition Audio)
Intel® 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12
Qualcomm Atheros AR9485 Wireless Network Adapter
Microsoft Wi-Fi Direct Virtual Adapter
Intel® 7 Series/C216 Chipset Family PCI Express Root Port 4 - 1E16
Realtek PCIE CardReader
Realtek PCIe GBE Family Controller
Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
USB Root Hub
Generic USB Hub
Intel® HM76 Express Chipset LPC Controller - 1E59
Direct memory access controller
Intel 82802 Firmware Hub Device
High precision event timer
Programmable interrupt controller
Motherboard resources
System CMOS/real time clock
System timer
Motherboard resources
Motherboard resources
Numeric data processor
ASUS PS/2 Port Clickpad
Keyboard Device Filter
Microsoft ACPI-Compliant Embedded Controller
Intel® 7 Series Chipset Family SATA AHCI Controller
ST500LM012 HN-M500MBB
Slimtype DVD A
ASUS Wireless Radio Control
HID-compliant device
CPU
Intel Core i5 3210M
Cores 2
Threads 4
Name Intel Core i5 3210M
Code Name Ivy Bridge
Package Socket 988B rPGA
Technology 22nm
Specification Intel Core i5-3210M CPU @ 2.50GHz
Family 6
Extended Family 6
Model A
Extended Model 3A
Stepping 9
Revision E1
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64
Virtualization Supported, Enabled
Hyperthreading Supported, Enabled
Bus Speed 99.8 MHz
Stock Core Speed 2500 MHz
Stock Bus Speed 100 MHz
Average Temperature 36 C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 256 KBytes
L3 Unified Cache Size 3072 KBytes
Core 0
Core Speed 1197.4 MHz
Multiplier x 12.0
Bus Speed 99.8 MHz
Temperature 36 C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 1197.4 MHz
Multiplier x 12.0
Bus Speed 99.8 MHz
Temperature 35 C
Thread 1
APIC ID 2
Thread 2
APIC ID 3
RAM
Memory slots
Total memory slots 4
Used memory slots 1
Free memory slots 3
Memory
Type DDR3
Size 4096 MBytes
Channels # Single
DRAM Frequency 798.3 MHz
CAS# Latency (CL) 11 clocks
RAS# to CAS# Delay (tRCD) 11 clocks
RAS# Precharge (tRP) 11 clocks
Cycle Time (tRAS) 28 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 30 %
Total Physical 3.89 GB
Available Physical 2.69 GB
Total Virtual 7.89 GB
Available Virtual 6.15 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR3
Size 4096 MBytes
Manufacturer Kingston
Max Bandwidth PC3-12800 (800 MHz)
Part Number ASU1600S11-4G-EDEG
Serial Number 653A4D7E
Week/year 21 / 12
SPD Ext. EPP
JEDEC #7
Frequency 838.1 MHz
CAS# Latency 11.0
RAS# To CAS# 11
RAS# Precharge 11
tRAS 30
tRC 41
Voltage 1.500 V
JEDEC #6
Frequency 761.9 MHz
CAS# Latency 10.0
RAS# To CAS# 10
RAS# Precharge 10
tRAS 27
tRC 37
Voltage 1.500 V
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 24
tRC 33
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 19
tRC 26
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 22
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer ASUSTeK COMPUTER INC.
Model K55A (SOCKET 0)
Version 1.0
Chipset Vendor Intel
Chipset Model Ivy Bridge
Chipset Revision 09
Southbridge Vendor Intel
Southbridge Model ID1E59
Southbridge Revision 04
System Temperature 35 C
BIOS
Brand American Megatrends Inc.
Version K55A.404
Date 08/20/2012
PCI Data
Graphics
Monitor
Name Generic PnP Monitor on Intel HD Graphics 4000
Current Resolution 1366x768 pixels
Work Resolution 1366x728 pixels
State enabled, primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel® HD Graphics 4000
Memory 1798 MB
Driver version 9.17.10.2828
OpenGL
Version 4.0.0 - Build 9.17.10.2828
Vendor Intel
Renderer Intel HD Graphics 4000
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 8
GL_MAX_TEXTURE_SIZE 8192
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_blend_color
GL_EXT_abgr
GL_EXT_texture3D
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_SGIS_texture_edge_clamp
GL_SGIS_generate_mipmap
GL_EXT_draw_range_elements
GL_SGIS_texture_lod
GL_EXT_rescale_normal
GL_EXT_packed_pixels
GL_EXT_texture_edge_clamp
GL_EXT_separate_specular_color
GL_ARB_multitexture
GL_EXT_texture_env_combine
GL_EXT_bgra
GL_EXT_blend_func_separate
GL_EXT_secondary_color
GL_EXT_fog_coord
GL_EXT_texture_env_add
GL_ARB_texture_cube_map
GL_ARB_transpose_matrix
GL_ARB_texture_env_add
GL_IBM_texture_mirrored_repeat
GL_EXT_multi_draw_arrays
GL_SUN_multi_draw_arrays
GL_NV_blend_square
GL_ARB_texture_compression
GL_3DFX_texture_compression_FXT1
GL_EXT_texture_filter_anisotropic
GL_ARB_texture_border_clamp
GL_ARB_point_parameters
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_EXT_texture_compression_s3tc
GL_ARB_shadow
GL_ARB_window_pos
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_ARB_vertex_program
GL_EXT_texture_rectangle
GL_ARB_fragment_program
GL_EXT_stencil_two_side
GL_ATI_separate_stencil
GL_ARB_vertex_buffer_object
GL_EXT_texture_lod_bias
GL_ARB_occlusion_query
GL_ARB_fragment_shader
GL_ARB_shader_objects
GL_ARB_shading_language_100
GL_ARB_texture_non_power_of_two
GL_ARB_vertex_shader
GL_NV_texgen_reflection
GL_ARB_point_sprite
GL_ARB_fragment_program_shadow
GL_EXT_blend_equation_separate
GL_ARB_depth_texture
GL_ARB_texture_rectangle
GL_ARB_draw_buffers
GL_ARB_color_buffer_float
GL_ARB_half_float_pixel
GL_ARB_texture_float
GL_ARB_pixel_buffer_object
GL_EXT_framebuffer_object
GL_ARB_draw_instanced
GL_ARB_half_float_vertex
GL_ARB_occlusion_query2
GL_EXT_draw_buffers2
GL_WIN_swap_hint
GL_EXT_texture_sRGB
GL_ARB_multisample
GL_EXT_packed_float
GL_EXT_texture_shared_exponent
GL_ARB_texture_rg
GL_ARB_texture_compression_rgtc
GL_NV_conditional_render
GL_EXT_texture_swizzle
GL_ARB_texture_gather
GL_ARB_sync
GL_ARB_framebuffer_sRGB
GL_EXT_packed_depth_stencil
GL_ARB_depth_buffer_float
GL_EXT_transform_feedback
GL_ARB_transform_feedback2
GL_ARB_draw_indirect
GL_EXT_framebuffer_blit
GL_EXT_framebuffer_multisample
GL_ARB_framebuffer_object
GL_EXT_texture_array
GL_EXT_texture_integer
GL_ARB_map_buffer_range
GL_EXT_texture_snorm
GL_ARB_blend_func_extended
GL_INTEL_performance_queries
GL_ARB_copy_buffer
GL_ARB_sampler_objects
GL_NV_primitive_restart
GL_ARB_seamless_cube_map
GL_ARB_uniform_buffer_object
GL_ARB_depth_clamp
GL_ARB_vertex_array_bgra
GL_ARB_shader_bit_encoding
GL_ARB_draw_buffers_blend
GL_ARB_geometry_shader4
GL_ARB_texture_query_lod
GL_ARB_explicit_attrib_location
GL_ARB_draw_elements_base_vertex
GL_ARB_instanced_arrays
GL_ARB_fragment_coord_conventions
GL_EXT_gpu_program_parameters
GL_ARB_texture_buffer_object_rgb32
GL_ARB_compatibility
GL_ARB_texture_rgb10_a2ui
GL_ARB_texture_multisample
GL_ARB_vertex_type_2_10_10_10_rev
GL_ARB_timer_query
GL_INTEL_map_texture
GL_ARB_tessellation_shader
GL_ARB_vertex_array_object
GL_ARB_provoking_vertex
GL_ARB_sample_shading
GL_ARB_texture_cube_map_array
GL_ARB_gpu_shader5
GL_ARB_gpu_shader_fp64
GL_ARB_shader_subroutine
GL_ARB_transform_feedback3
GL_EXT_bgra
Hard Drives
ST500LM012 HN-M500MBB
Manufacturer Seagate
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number S2TUJ9CC806000
LBA Size 48-bit LBA
Power On Count 209 times
Power On Time 12.1 days
Speed, Expressed in Revolutions Per Minute (rpm) 5400
Features S.M.A.R.T., APM, AAM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 466GB
Real size 500,107,862,016 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000000000
02 Throughput Performance 252 (252) Data 0000000000
03 Spin-Up Time 091 (091) Data 0000000B2B
04 Start/Stop Count 100 (100) Data 00000000DE
05 Reallocated Sectors Count 252 (252) Data 0000000000
07 Seek Error Rate 252 (252) Data 0000000000
08 Seek Time Performance 252 (252) Data 0000000000
09 Power-On Hours (POH) 100 (100) Data 0000000123
0A Spin Retry Count 252 (252) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 00000000D1
BF G-sense error rate 100 (100) Data 000000002A
C0 Power-off Retract Count 252 (252) Data 0000000000
C2 Temperature 064 (057) Data 000007001D
C3 Hardware ECC Recovered 100 (100) Data 0000000000
C4 Reallocation Event Count 252 (252) Data 0000000000
C5 Current Pending Sector Count 252 (252) Data 0000000000
C6 Uncorrectable Sector Count 252 (252) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (100) Data 0000000085
DF Load/Unload Retry Count 100 (100) Data 000000000C
E1 Load/Unload Cycle Count 099 (099) Data 0000003BB3
Temperature 29 C
Temperature Range ok (less than 50 C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 300 MB
Partition 1
Partition ID Disk #0, Partition #1
Size 600 MB
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter C:
File System NTFS
Volume Serial Number E0005A63
Size 186GB
Used Space 55GB (30%)
Free Space 131GB (70%)
Partition 3
Partition ID Disk #0, Partition #3
Disk Letter D:
File System NTFS
Volume Serial Number 78ECB18A
Size 258GB
Used Space 124MB (1%)
Free Space 258GB (99%)
Partition 4
Partition ID Disk #0, Partition #4
Size 20.0 GB
Optical Drives
Slimtype DVD A
Media Type DVD Writer
Name Slimtype DVD A
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded TRUE
SCSI Bus 2
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Size
Status OK
Volume Name Audio CD
Volume Serial Number F43F50
Audio
Sound Cards
Realtek High Definition Audio
Intel Display Audio
Playback Device
Speakers (Realtek High Definition Audio)
Recording Device
Microphone (Realtek High Definition Audio)
Speaker Configuration
Speaker type Stereo
Peripherals
Keyboard Device Filter
Device Kind Keyboard
Device Name Keyboard Device Filter
Vendor ATK
Location Intel HM76 Express Chipset LPC Controller - 1E59
Driver
Date 8-2-2012
Version 1.0.0.5
File C:\Windows\system32\DRIVERS\kbfiltr.sys
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Logitech
Location USB Input Device
Driver
Date 6-21-2006
Version 6.2.9200.16384
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
ASUS PS/2 Port Clickpad
Device Kind Mouse
Device Name ASUS PS/2 Port Clickpad
Vendor ETD
Location Intel HM76 Express Chipset LPC Controller - 1E59
Driver
Date 10-29-2012
Version 1.0.0.148
File C:\Windows\system32\DRIVERS\AsusTP.sys
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor Unknown
Comment ASUS USB2.0 Webcam
Location 0000.001a.0000.001.003.000.000.000.000
Driver
Date 6-21-2006
Version 6.2.9200.16420
File C:\Windows\system32\drivers\usbvideo.sys
Printers
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Kyocera FS-1035MFP (Default Printer)
Printer Port USB001
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Kyocera FS-1035MFP KX (v1.03)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\KMUC60MC.DLL
Kyocera FS-1035MFP KX
Printer Port USB002
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Kyocera FS-1035MFP KX (v1.03)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\KMUC60MC.DLL
Microsoft XPS Document Writer
Printer Port PORTPROMPT:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer v4 (v6.00)
Driver Path C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_70804bc81126e090\Amd64\mxdwdrv.dll
Send To OneNote 2010
Printer Port nul:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Send To Microsoft OneNote 2010 Driver (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Qualcomm Atheros AR9485 Wireless Network Adapter
IP Address 192.168.1.101
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 75.75.76.76
Alternate DNS server 75.75.75.75
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 98.224.238.103
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 Bps
Computer Name
NetBIOS Name J2ACADEMY
DNS Name J2Academy
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain J2Academy
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 1
Wi-Fi (chickenleg)
SSID chickenleg
Frequency 2412000 kHz
Channel Number 1
Name chickenleg
Signal Strength/Quality 62
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network Temporal Key Integrity Protocol (TKIP) algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Disabled
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Microsoft Wi-Fi Direct Virtual Adapter
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Realtek PCIe GBE Family Controller
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Qualcomm Atheros AR9485 Wireless Network Adapter
IP Address 192.168.1.101
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
No network shares
Current TCP Connections
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3500)
Local 192.168.1.101:49322 ESTABLISHED Remote 74.125.142.125:5222 (Querying... )
Local 192.168.1.101:50134 ESTABLISHED Remote 74.125.225.136:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50294 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50295 ESTABLISHED Remote 184.85.95.144:80 (Querying... ) (HTTP)
Local 192.168.1.101:50296 ESTABLISHED Remote 184.85.95.144:80 (Querying... ) (HTTP)
Local 192.168.1.101:50297 ESTABLISHED Remote 96.17.77.64:80 (Querying... ) (HTTP)
Local 192.168.1.101:50273 ESTABLISHED Remote 184.85.95.144:80 (Querying... ) (HTTP)
Local 192.168.1.101:50277 ESTABLISHED Remote 54.240.190.6:80 (Querying... ) (HTTP)
Local 192.168.1.101:50302 ESTABLISHED Remote 184.85.95.144:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50305 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50278 ESTABLISHED Remote 54.240.190.6:80 (Querying... ) (HTTP)
Local 192.168.1.101:50308 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50309 ESTABLISHED Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50279 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50311 ESTABLISHED Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50280 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50281 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50282 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50283 ESTABLISHED Remote 74.125.225.142:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50287 ESTABLISHED Remote 74.125.225.137:80 (Querying... ) (HTTP)
Local 192.168.1.101:50289 ESTABLISHED Remote 54.240.190.6:80 (Querying... ) (HTTP)
Local 192.168.1.101:50320 ESTABLISHED Remote 74.125.225.109:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50321 ESTABLISHED Remote 184.85.92.20:80 (Querying... ) (HTTP)
Local 192.168.1.101:50322 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50325 ESTABLISHED Remote 8.18.45.80:80 (Querying... ) (HTTP)
Local 192.168.1.101:50326 ESTABLISHED Remote 31.13.74.23:80 (Querying... ) (HTTP)
Local 192.168.1.101:50327 ESTABLISHED Remote 8.18.45.81:80 (Querying... ) (HTTP)
Local 192.168.1.101:50328 ESTABLISHED Remote 96.17.77.18:80 (Querying... ) (HTTP)
Local 192.168.1.101:50331 ESTABLISHED Remote 67.228.177.87:80 (Querying... ) (HTTP)
Local 192.168.1.101:50332 ESTABLISHED Remote 74.125.225.46:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50270 ESTABLISHED Remote 67.195.186.237:80 (Querying... ) (HTTP)
Local 192.168.1.101:50272 ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
Local 192.168.1.101:50340 ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
Local 192.168.1.101:50341 ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
C:\Program Files (x86)\Google\Drive\googledrivesync.exe (4192)
Local 192.168.1.101:49432 ESTABLISHED Remote 74.125.133.125:5222 (Querying... )
C:\Windows\Explorer.EXE (3224)
Local 192.168.1.101:50152 ESTABLISHED Remote 23.67.60.74:80 (Querying... ) (HTTP)
Local 192.168.1.101:50147 ESTABLISHED Remote 157.56.9.6:80 (Querying... ) (HTTP)
Local 192.168.1.101:50148 ESTABLISHED Remote 157.56.9.6:80 (Querying... ) (HTTP)
Local 192.168.1.101:50149 ESTABLISHED Remote 23.67.60.74:80 (Querying... ) (HTTP)
Local 192.168.1.101:50150 ESTABLISHED Remote 157.55.168.13:80 (Querying... ) (HTTP)
Local 192.168.1.101:50151 ESTABLISHED Remote 157.55.168.13:80 (Querying... ) (HTTP)
McSvHost.exe (1884)
Local 0.0.0.0:6646 LISTEN
Local 192.168.1.101:50339 ESTABLISHED Remote 161.69.13.35:80 (Querying... ) (HTTP)
Local 192.168.1.101:50133 ESTABLISHED Remote 161.69.92.7:443 (Querying... ) (HTTPS)
System Process
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2160 (Querying... )
Local 192.168.1.101:50335 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50195 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50205 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50230 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50235 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50239 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50266 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50267 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50290 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50291 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2158 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2159 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2173 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2161 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2162 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2163 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2164 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2165 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2166 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2167 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2168 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2169 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2170 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2171 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2172 (Querying... )
Local 192.168.1.101:50298 TIME-WAIT Remote 96.17.77.33:80 (Querying... ) (HTTP)
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2174 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2175 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2176 (Querying... )
Local 192.168.1.101:2869 TIME-WAIT Remote 192.168.1.1:2177 (Querying... )
Local 192.168.1.101:50299 TIME-WAIT Remote 96.17.77.33:80 (Querying... ) (HTTP)
Local 192.168.1.101:50306 TIME-WAIT Remote 31.13.74.23:80 (Querying... ) (HTTP)
Local 192.168.1.101:50098 TIME-WAIT Remote 74.122.143.72:80 (Querying... ) (HTTP)
Local 192.168.1.101:50099 TIME-WAIT Remote 74.122.143.40:80 (Querying... ) (HTTP)
Local 192.168.1.101:50114 TIME-WAIT Remote 67.195.186.237:80 (Querying... ) (HTTP)
Local 192.168.1.101:50123 TIME-WAIT Remote 74.125.225.78:443 (Querying... ) (HTTPS)
Local 192.168.1.101:50310 TIME-WAIT Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50312 TIME-WAIT Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50143 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50144 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50145 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50313 TIME-WAIT Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50314 TIME-WAIT Remote 74.125.225.180:80 (Querying... ) (HTTP)
Local 192.168.1.101:50315 TIME-WAIT Remote 74.125.225.74:80 (Querying... ) (HTTP)
Local 192.168.1.101:50316 TIME-WAIT Remote 74.125.225.74:80 (Querying... ) (HTTP)
Local 192.168.1.101:50317 TIME-WAIT Remote 74.125.225.143:80 (Querying... ) (HTTP)
Local 192.168.1.101:50334 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50154 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50158 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
Local 192.168.1.101:50162 TIME-WAIT Remote 192.168.1.1:1780 (Querying... )
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 0.0.0.0:2869 LISTEN
Local 0.0.0.0:5357 LISTEN
Local 192.168.1.101:139 (NetBIOS session service) LISTEN
lsass.exe (796)
Local 0.0.0.0:49155 LISTEN
services.exe (788)
Local 0.0.0.0:49157 LISTEN
svchost.exe (1012)
Local 0.0.0.0:49153 LISTEN
svchost.exe (500)
Local 0.0.0.0:49154 LISTEN
Local 192.168.1.101:50181 ESTABLISHED Remote 23.67.60.88:80 (Querying... ) (HTTP)
svchost.exe (964)
Local 0.0.0.0:135 (DCE) LISTEN
wininit.exe (672)
Local 0.0.0.0:49152 LISTEN


Posted Image
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


This is not good and may explain the slowness you see. Usually this is caused by an overtemperature condition. Oddly your Speccy log shows a good temp

Intel Core i5 3210M @ 2.50GHz 36 C
Ivy Bridge 22nm Technology
RAM
4.00 GB Single-Channel DDR3 @ 798MHz (11-11-11-28)
Motherboard
ASUSTeK COMPUTER INC. K55A (SOCKET 0) 35 C


Perhaps you had just turned it on? Do you sometimes use the laptop on a soft surface like a bed? This will block the air vents and cause it to overheat. Leave it next to a heater? Check the vents and make sure they do not show signs of dust build up. (Use a vacuum cleaner hose to clear the vents but do not let it overrev the fan.) Do you hear the fan run when you first turn it on?

Uninstall Speccy and get Speedfan http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. Leave it running so you can see the temperature in real time. If it seems hot you can try checking Automatic Fan Speed. Sometimes that will help.
  • 0

#9
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thanks for your reply.

I bought this computer less than a month ago. I'm not sure about the 'not good' thing. When I turned on my computer this morning the first time (after having done the scan last night) I entered my password and then nothing happened. Blank purple screen, no windows 8 icons. I waited a bit (maybe 71 seconds) and then forced shutdown. I turned it back on and it was normal. It had been off for about 9 hours prior to the 'non-startup'.

There is no visible dust near the vents. I rarely use it on any surface other than a table.

I have installed the speedfan program. It shows temps as follows:

HD0 29
Temp 1 : 42
Core 0 42
Core 1: 42

Are those temps reasonable?
What will checking 'automatic fan speed' do?

THanks


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
Temps are normal for now. Under 50 is good. Over 60 is bad. I think Speedfan will take over control of the fan and make it run when it gets over 50 if you check the Automatic Fan Control.

I expect temp control is part of the BIOS so you might look on your PC maker's website and see if there is a BIOS update.

Your event logs showed an unexpected shutdown:

Log: 'System' Date/Time: 11/01/2013 3:18:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.


Times are in GMT so you have to adjust to local time. Do you know what happened?
  • 0

Advertisements


#11
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
That sounds like this event:

When I turned on my computer this morning the first time (after having done the scan last night) I entered my password and then nothing happened. Blank purple screen, no windows 8 icons. I opened up task manager (which came up fine). I closed task manager but still only had a blank purple screen (no icons, no windows 8 screen stuff). I then forced shutdown. I turned it back on and it was normal. I have since started the computer up a few times and no problems.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
If you bought it new less than a month ago I would try to take it back and get another one.
  • 0

#13
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Wow. Not what I was hoping to hear.

Would you do that based on the shutdown this morning or other things that you see in the logs?

Thanks
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP
No reason that I can see for a new computer to be throwing these errors:

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 11/01/2013 3:45:31 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


If it's not overheating then something else is wrong and it's not something that Windows would do.
  • 0

#15
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
OK. Thanks for the advice and info. I will likely try to take it back. In the mean time, should I follow the clean up directions as you suggested a number of posts ago?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP