Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Very Slowly


  • Please log in to reply

#1
876Darnoc

876Darnoc

    New Member

  • Member
  • Pip
  • 8 posts
My computer is running very slowly. I run Malwarebytes and nothing shows up. A McAfee scan takes days to complete. I usually just get frustrated and cancel it. I think I have a bug (or several) but can't seem to find them.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#3
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the logs as requested. Thanks for your assistance.

OTL Extras logfile created on: 7/25/2013 5:30:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 38.73 Mb Available Physical Memory | 3.82% Memory free
1.99 Gb Paging File | 0.90 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 87.34 Gb Free Space | 64.25% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21D637FC-05FB-4E5C-B37B-E197DA994F02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{57C136D9-4D73-4067-96EA-3E744385EBE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.178.503
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.2
"ESET Online Scanner" = ESET Online Scanner v3
"F3C7F6463C419D1D216961B5B81E2FE534986562" = ENE USB Card Reader Driver
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078760" = Insaniquarium Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078957" = Blasterball 3
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079061" = Jewel Quest
"WT079065" = Jewel Quest Solitaire 3
"WT079105" = Penguins!
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079209" = Diner Dash
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2012 12:21:21 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/11/2012 12:33:57 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:33:58 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:33:59 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:34:00 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 5:25:39 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/11/2012 5:25:54 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1188 Start
Time: 01cdc052da642e74 Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/12/2012 7:24:37 AM | Computer Name = KMansTravelPal | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,
time stamp: 0x503723f6 Faulting module name: Flash32_11_4_402_287.ocx, version: 11.4.402.287,
time stamp: 0x5066dd49 Exception code: 0xc0000005 Fault offset: 0x001b50f6 Faulting
process id: 0x1460 Faulting application start time: 0x01cdc0c81af2b286 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
Report
Id: 8a421cf7-2cbb-11e2-bc9f-88ae1d0d0d8c

Error - 11/12/2012 7:17:52 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/12/2012 9:45:46 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d80 Start
Time: 01cdc12b91fbd4a4 Termination Time: 100 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 7/24/2013 6:14:36 AM | Computer Name = KMansTravelPal | Source = DCOM | ID = 10010
Description =

Error - 7/24/2013 6:14:36 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/24/2013 7:30:39 AM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/24/2013 7:30:58 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 4:55:13 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/25/2013 4:55:30 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 6:25:39 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/25/2013 6:25:57 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 6:46:45 PM | Computer Name = KMansTravelPal | Source = BROWSER | ID = 8032
Description =

Error - 7/25/2013 7:38:59 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >





OTL logfile created on: 7/25/2013 5:30:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 38.73 Mb Available Physical Memory | 3.82% Memory free
1.99 Gb Paging File | 0.90 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 87.34 Gb Free Space | 64.25% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/07/04 12:46:04 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 11:34:22 | 000,257,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/03/05 20:43:30 | 000,945,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/28 13:33:06 | 000,140,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/07/04 12:46:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/15 14:22:52 | 000,287,752 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/11 22:28:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013/04/03 13:53:24 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/04/03 13:50:44 | 000,212,432 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/04/03 13:48:22 | 000,566,656 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/04/03 13:47:32 | 000,363,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/04/03 13:47:10 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/04/03 13:46:52 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/04/03 13:46:22 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/18 07:46:38 | 000,080,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2013/02/18 07:46:34 | 000,257,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/07/04 14:08:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/11 22:39:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^K Man's Travel Pal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
MsConfig - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: mcpltui_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: mcpltsvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcpltsvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F27DFE00-8C6C-45A3-BAF8-8AAD19348A20} - Yahoo! Search Migration
ActiveX: {F46B7B55-5C99-45BE-BD19-9BB14E8AF94E} - att.net Toolbar
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{367E46D0-6BA4-490A-85AF-7C7E959E0120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 17:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/24 05:46:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/12 05:44:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/12 05:43:54 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/12 05:43:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/12 05:43:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/12 05:43:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/12 05:43:45 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/12 05:43:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/12 05:43:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/12 05:43:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/12 05:43:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/11 19:52:23 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 19:52:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/11 19:51:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 19:51:00 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 15:59:27 | 000,000,000 | ---D | C] -- C:\1f8db849cf79cb411304c7cc9508fe95
[2013/07/04 13:15:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/07/04 13:15:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/07/04 13:15:35 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/07/04 13:15:07 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/07/04 13:15:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/07/04 13:13:10 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/07/04 13:13:09 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/07/04 13:13:06 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/07/04 13:10:43 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/07/04 13:10:43 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/07/04 13:09:41 | 000,147,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/07/03 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\{97A59357-F63B-4188-9587-2179FD2C3C58}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/25 17:45:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 17:43:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 17:34:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 17:34:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 17:25:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 17:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 17:25:25 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/12 05:52:13 | 000,351,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/11 16:10:42 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/11 16:10:42 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/09 20:11:17 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2013/07/04 12:46:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/04 12:46:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/09 20:11:17 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2013/07/04 13:08:36 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/07/04 13:08:34 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1600BEVT-22A23T0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 102.00MB
Starting Offset: 13966525440
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 136.00GB
Starting Offset: 14073454080
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/25 22:34:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\.minecraft
[2013/04/22 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Adobe
[2013/07/04 12:28:46 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Audacity
[2013/03/15 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2011/06/12 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Google
[2011/06/18 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\HP
[2011/06/12 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Identities
[2012/05/08 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Logishrd
[2012/05/08 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Logitech
[2011/06/12 16:05:01 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Macromedia
[2012/02/25 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\MakeMusic
[2013/01/09 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Malwarebytes
[2012/04/12 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\McAfee
[2013/04/30 20:33:18 | 000,000,000 | --SD | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft
[2013/03/15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2011/08/06 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\WildTangent
[2011/08/30 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Windows Live Writer
[2011/06/12 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 04:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 04:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >


Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 812 K 404 K 352 Adobe Acrobat Update Service Adobe Systems Incorporated
audiodg.exe 16,836 K 15,880 K 5336 Windows Audio Device Graph Isolation Microsoft Corporation
csrss.exe 1,416 K 1,576 K 596 Client Server Runtime Process Microsoft Corporation
dwm.exe 1,048 K 1,724 K 1732 Desktop Window Manager Microsoft Corporation
ePowerSvc.exe 1,144 K 404 K 1312 ePowerSvc Acer Incorporated
FlashUtil32_11_7_700_224_ActiveX.exe 3,184 K 2,832 K 4680 Adobe® Flash® Player Installer/Uninstaller 11.7 r700 Adobe Systems Incorporated
GREGsvc.exe 496 K 468 K 1676 Global Registration Service Acer Incorporated
IAANTmon.exe 1,596 K 1,412 K 2372 RAID Monitor Intel Corporation
iexplore.exe 51,960 K 75,488 K 2136 Internet Explorer Microsoft Corporation
iexplore.exe 37,848 K 58,588 K 3120 Internet Explorer Microsoft Corporation
iexplore.exe 18,108 K 35,612 K 4480 Internet Explorer Microsoft Corporation
lsass.exe 4,124 K 4,652 K 708 Local Security Authority Process Microsoft Corporation
lsm.exe 1,292 K 1,296 K 716 Local Session Manager Service Microsoft Corporation
McAPExe.exe 2,204 K 384 K 3808 McAfee Access Protection McAfee, Inc.
McSvHost.exe 14,556 K 3,196 K 476 McAfee Service Host McAfee, Inc.
McUICnt.exe 22,672 K 9,180 K 1492 McAfee McAfee, Inc.
mfefire.exe 1,948 K 1,344 K 2576 McAfee Core Firewall Service McAfee, Inc.
mfevtps.exe 3,412 K 3,124 K 1572 McAfee Process Validation Service McAfee, Inc.
msiexec.exe 2,500 K 7,632 K 1876 Windows® installer Microsoft Corporation
MsSpellCheckingFacility.exe 2,704 K 6,596 K 1400 Microsoft Spell Checking Facility Microsoft Corporation
MWLService.exe 1,708 K 616 K 384 MyWinLocker Service Egis Technology Inc.
notepad.exe 1,328 K 5,352 K 2468 Notepad Microsoft Corporation
notepad.exe 1,220 K 5,152 K 5784 Notepad Microsoft Corporation
RS_Service.exe 816 K 424 K 2140 Raw Socket Service Acer Incorporated
rundll32.exe 1,340 K 2,772 K 2072 Windows host process (Rundll32) Microsoft Corporation
services.exe 5,568 K 3,724 K 692 Services and Controller app Microsoft Corporation
smss.exe 256 K 220 K 316 Windows Session Manager Microsoft Corporation
svchost.exe 1,612 K 1,820 K 3420 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,944 K 1,272 K 2232 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,344 K 3,676 K 1824 Host Process for Windows Services Microsoft Corporation
svchost.exe 17,864 K 8,832 K 1004 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,056 K 4,684 K 952 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,880 K 4,608 K 1600 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,960 K 2,984 K 872 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,204 K 2,352 K 1460 Host Process for Windows Services Microsoft Corporation
taskeng.exe 992 K 3,508 K 6036 Task Scheduler Engine Microsoft Corporation
UpdaterService.exe 748 K 700 K 2280 Updater Service Acer Group
wininit.exe 924 K 268 K 636 Windows Start-Up Application Microsoft Corporation
winlogon.exe 1,808 K 2,376 K 748 Windows Logon Application Microsoft Corporation
WLIDSVCM.EXE 648 K 352 K 2512 Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WmiPrvSE.exe 1,816 K 4,208 K 5972 WMI Provider Host Microsoft Corporation
spoolsv.exe < 0.01 6,368 K 4,120 K 1528 Spooler SubSystem App Microsoft Corporation
dsiwmis.exe < 0.01 900 K 452 K 600 Dritek WMI Service Dritek System Inc.
svchost.exe 0.01 29,452 K 24,964 K 1092 Host Process for Windows Services Microsoft Corporation
OTL.exe 0.01 16,648 K 12,572 K 5048 OldTimer Tools
wmpnetwk.exe 0.01 5,252 K 3,680 K 3956 Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 0.02 17,740 K 6,328 K 1360 Host Process for Windows Services Microsoft Corporation
mcshield.exe 0.02 213,784 K 149,516 K 2432 McAfee On-Access Scanner service McAfee, Inc.
WLIDSVC.EXE 0.02 4,480 K 1,216 K 2340 Microsoft® Windows Live ID Service Microsoft Corp.
svchost.exe 0.02 9,812 K 9,560 K 1136 Host Process for Windows Services Microsoft Corporation
MOBKbackup.exe 0.02 2,028 K 416 K 2224 McAfee Online Backup Service bootstrapper McAfee, Inc.
svchost.exe 0.02 24,396 K 17,132 K 1168 Host Process for Windows Services Microsoft Corporation
taskhost.exe 0.03 12,132 K 9,540 K 1640 Host Process for Windows Tasks Microsoft Corporation
svchost.exe 0.06 3,460 K 3,440 K 3384 Host Process for Windows Services Microsoft Corporation
McSvHost.exe 0.07 33,676 K 23,492 K 2664 McAfee Service Host McAfee, Inc.
MOBKbackup.exe 0.10 9,240 K 4,516 K 2312 McAfee Online Backup Service bootstrapper McAfee, Inc.
SearchIndexer.exe 0.11 27,928 K 16,180 K 3320 Microsoft Windows Search Indexer Microsoft Corporation
explorer.exe 0.32 32,728 K 22,324 K 1740 Windows Explorer Microsoft Corporation
csrss.exe 0.45 8,956 K 5,580 K 644 Client Server Runtime Process Microsoft Corporation
System 0.58 64 K 528 K 4
Interrupts 0.98 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 21.37 17,808 K 29,212 K 5564 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System Idle Process 75.78 0 K 24 K 0
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.



Uninstall
Yahoo! Toolbar

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl

:files
C:\Program Files\Yahoo!
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07252013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.



Ron
  • 0

#5
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow! You sure threw a lot at me to do. Since we started this, I moved to a new house and my wife had to have surgery--so I hope I didn't screw this up. The only problem I recall is that the 2nd time you asked me to run OTL, it wouldn't scan. Here are the logs (I hope I got all of them).

OTL logfile created on: 7/25/2013 5:30:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 38.73 Mb Available Physical Memory | 3.82% Memory free
1.99 Gb Paging File | 0.90 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 87.34 Gb Free Space | 64.25% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/07/04 12:46:04 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 11:34:22 | 000,257,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/03/05 20:43:30 | 000,945,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/28 13:33:06 | 000,140,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/07/04 12:46:12 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/15 14:22:52 | 000,287,752 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/11 22:28:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2013/04/03 13:53:24 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/04/03 13:50:44 | 000,212,432 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/04/03 13:48:22 | 000,566,656 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/04/03 13:47:32 | 000,363,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/04/03 13:47:10 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/04/03 13:46:52 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/04/03 13:46:22 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/18 07:46:38 | 000,080,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2013/02/18 07:46:34 | 000,257,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/07/04 14:08:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/11 22:39:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^K Man's Travel Pal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Acer ePower Management - hkey= - key= - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
MsConfig - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: mcpltui_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: mcpltsvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mcpltsvc - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F27DFE00-8C6C-45A3-BAF8-8AAD19348A20} - Yahoo! Search Migration
ActiveX: {F46B7B55-5C99-45BE-BD19-9BB14E8AF94E} - att.net Toolbar
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{367E46D0-6BA4-490A-85AF-7C7E959E0120} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 17:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/24 05:46:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/12 05:44:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/12 05:43:54 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/12 05:43:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/12 05:43:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/12 05:43:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/12 05:43:45 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/12 05:43:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/12 05:43:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/12 05:43:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/12 05:43:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/11 19:52:23 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 19:52:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/11 19:51:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 19:51:00 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 15:59:27 | 000,000,000 | ---D | C] -- C:\1f8db849cf79cb411304c7cc9508fe95
[2013/07/04 13:15:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/07/04 13:15:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/07/04 13:15:35 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/07/04 13:15:07 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/07/04 13:15:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/07/04 13:13:10 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/07/04 13:13:09 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/07/04 13:13:06 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/07/04 13:10:43 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/07/04 13:10:43 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/07/04 13:09:41 | 000,147,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/07/03 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\{97A59357-F63B-4188-9587-2179FD2C3C58}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/25 17:45:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/25 17:43:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 17:34:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 17:34:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 17:25:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 17:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 17:25:25 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/12 05:52:13 | 000,351,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/11 16:10:42 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/11 16:10:42 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/09 20:11:17 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2013/07/04 12:46:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/04 12:46:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/09 20:11:17 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2013/07/04 13:08:36 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/07/04 13:08:34 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1600BEVT-22A23T0
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 13.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 102.00MB
Starting Offset: 13966525440
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 136.00GB
Starting Offset: 14073454080
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/25 22:34:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\.minecraft
[2013/04/22 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Adobe
[2013/07/04 12:28:46 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Audacity
[2013/03/15 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2011/06/12 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Google
[2011/06/18 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\HP
[2011/06/12 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Identities
[2012/05/08 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Logishrd
[2012/05/08 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Logitech
[2011/06/12 16:05:01 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Macromedia
[2012/02/25 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\MakeMusic
[2013/01/09 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Malwarebytes
[2012/04/12 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\McAfee
[2013/04/30 20:33:18 | 000,000,000 | --SD | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft
[2013/03/15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2011/08/06 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\WildTangent
[2011/08/30 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Windows Live Writer
[2011/06/12 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 04:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 04:56:31 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/06/11 18:43:48 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >




OTL Extras logfile created on: 7/25/2013 5:30:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 38.73 Mb Available Physical Memory | 3.82% Memory free
1.99 Gb Paging File | 0.90 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 87.34 Gb Free Space | 64.25% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21D637FC-05FB-4E5C-B37B-E197DA994F02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{57C136D9-4D73-4067-96EA-3E744385EBE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.178.503
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.2
"ESET Online Scanner" = ESET Online Scanner v3
"F3C7F6463C419D1D216961B5B81E2FE534986562" = ENE USB Card Reader Driver
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078760" = Insaniquarium Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078957" = Blasterball 3
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079061" = Jewel Quest
"WT079065" = Jewel Quest Solitaire 3
"WT079105" = Penguins!
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079209" = Diner Dash
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2012 12:21:21 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/11/2012 12:33:57 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:33:58 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:33:59 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 12:34:00 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/11/2012 5:25:39 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/11/2012 5:25:54 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1188 Start
Time: 01cdc052da642e74 Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/12/2012 7:24:37 AM | Computer Name = KMansTravelPal | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,
time stamp: 0x503723f6 Faulting module name: Flash32_11_4_402_287.ocx, version: 11.4.402.287,
time stamp: 0x5066dd49 Exception code: 0xc0000005 Fault offset: 0x001b50f6 Faulting
process id: 0x1460 Faulting application start time: 0x01cdc0c81af2b286 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
Report
Id: 8a421cf7-2cbb-11e2-bc9f-88ae1d0d0d8c

Error - 11/12/2012 7:17:52 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/12/2012 9:45:46 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d80 Start
Time: 01cdc12b91fbd4a4 Termination Time: 100 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 7/24/2013 6:14:36 AM | Computer Name = KMansTravelPal | Source = DCOM | ID = 10010
Description =

Error - 7/24/2013 6:14:36 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/24/2013 7:30:39 AM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/24/2013 7:30:58 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 4:55:13 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/25/2013 4:55:30 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 6:25:39 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 7/25/2013 6:25:57 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/25/2013 6:46:45 PM | Computer Name = KMansTravelPal | Source = BROWSER | ID = 8032
Description =

Error - 7/25/2013 7:38:59 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >





Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 812 K 404 K 352 Adobe Acrobat Update Service Adobe Systems Incorporated
audiodg.exe 16,836 K 15,880 K 5336 Windows Audio Device Graph Isolation Microsoft Corporation
csrss.exe 1,416 K 1,576 K 596 Client Server Runtime Process Microsoft Corporation
dwm.exe 1,048 K 1,724 K 1732 Desktop Window Manager Microsoft Corporation
ePowerSvc.exe 1,144 K 404 K 1312 ePowerSvc Acer Incorporated
FlashUtil32_11_7_700_224_ActiveX.exe 3,184 K 2,832 K 4680 Adobe® Flash® Player Installer/Uninstaller 11.7 r700 Adobe Systems Incorporated
GREGsvc.exe 496 K 468 K 1676 Global Registration Service Acer Incorporated
IAANTmon.exe 1,596 K 1,412 K 2372 RAID Monitor Intel Corporation
iexplore.exe 51,960 K 75,488 K 2136 Internet Explorer Microsoft Corporation
iexplore.exe 37,848 K 58,588 K 3120 Internet Explorer Microsoft Corporation
iexplore.exe 18,108 K 35,612 K 4480 Internet Explorer Microsoft Corporation
lsass.exe 4,124 K 4,652 K 708 Local Security Authority Process Microsoft Corporation
lsm.exe 1,292 K 1,296 K 716 Local Session Manager Service Microsoft Corporation
McAPExe.exe 2,204 K 384 K 3808 McAfee Access Protection McAfee, Inc.
McSvHost.exe 14,556 K 3,196 K 476 McAfee Service Host McAfee, Inc.
McUICnt.exe 22,672 K 9,180 K 1492 McAfee McAfee, Inc.
mfefire.exe 1,948 K 1,344 K 2576 McAfee Core Firewall Service McAfee, Inc.
mfevtps.exe 3,412 K 3,124 K 1572 McAfee Process Validation Service McAfee, Inc.
msiexec.exe 2,500 K 7,632 K 1876 Windows® installer Microsoft Corporation
MsSpellCheckingFacility.exe 2,704 K 6,596 K 1400 Microsoft Spell Checking Facility Microsoft Corporation
MWLService.exe 1,708 K 616 K 384 MyWinLocker Service Egis Technology Inc.
notepad.exe 1,328 K 5,352 K 2468 Notepad Microsoft Corporation
notepad.exe 1,220 K 5,152 K 5784 Notepad Microsoft Corporation
RS_Service.exe 816 K 424 K 2140 Raw Socket Service Acer Incorporated
rundll32.exe 1,340 K 2,772 K 2072 Windows host process (Rundll32) Microsoft Corporation
services.exe 5,568 K 3,724 K 692 Services and Controller app Microsoft Corporation
smss.exe 256 K 220 K 316 Windows Session Manager Microsoft Corporation
svchost.exe 1,612 K 1,820 K 3420 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,944 K 1,272 K 2232 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,344 K 3,676 K 1824 Host Process for Windows Services Microsoft Corporation
svchost.exe 17,864 K 8,832 K 1004 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,056 K 4,684 K 952 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,880 K 4,608 K 1600 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,960 K 2,984 K 872 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,204 K 2,352 K 1460 Host Process for Windows Services Microsoft Corporation
taskeng.exe 992 K 3,508 K 6036 Task Scheduler Engine Microsoft Corporation
UpdaterService.exe 748 K 700 K 2280 Updater Service Acer Group
wininit.exe 924 K 268 K 636 Windows Start-Up Application Microsoft Corporation
winlogon.exe 1,808 K 2,376 K 748 Windows Logon Application Microsoft Corporation
WLIDSVCM.EXE 648 K 352 K 2512 Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WmiPrvSE.exe 1,816 K 4,208 K 5972 WMI Provider Host Microsoft Corporation
spoolsv.exe < 0.01 6,368 K 4,120 K 1528 Spooler SubSystem App Microsoft Corporation
dsiwmis.exe < 0.01 900 K 452 K 600 Dritek WMI Service Dritek System Inc.
svchost.exe 0.01 29,452 K 24,964 K 1092 Host Process for Windows Services Microsoft Corporation
OTL.exe 0.01 16,648 K 12,572 K 5048 OldTimer Tools
wmpnetwk.exe 0.01 5,252 K 3,680 K 3956 Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 0.02 17,740 K 6,328 K 1360 Host Process for Windows Services Microsoft Corporation
mcshield.exe 0.02 213,784 K 149,516 K 2432 McAfee On-Access Scanner service McAfee, Inc.
WLIDSVC.EXE 0.02 4,480 K 1,216 K 2340 Microsoft® Windows Live ID Service Microsoft Corp.
svchost.exe 0.02 9,812 K 9,560 K 1136 Host Process for Windows Services Microsoft Corporation
MOBKbackup.exe 0.02 2,028 K 416 K 2224 McAfee Online Backup Service bootstrapper McAfee, Inc.
svchost.exe 0.02 24,396 K 17,132 K 1168 Host Process for Windows Services Microsoft Corporation
taskhost.exe 0.03 12,132 K 9,540 K 1640 Host Process for Windows Tasks Microsoft Corporation
svchost.exe 0.06 3,460 K 3,440 K 3384 Host Process for Windows Services Microsoft Corporation
McSvHost.exe 0.07 33,676 K 23,492 K 2664 McAfee Service Host McAfee, Inc.
MOBKbackup.exe 0.10 9,240 K 4,516 K 2312 McAfee Online Backup Service bootstrapper McAfee, Inc.
SearchIndexer.exe 0.11 27,928 K 16,180 K 3320 Microsoft Windows Search Indexer Microsoft Corporation
explorer.exe 0.32 32,728 K 22,324 K 1740 Windows Explorer Microsoft Corporation
csrss.exe 0.45 8,956 K 5,580 K 644 Client Server Runtime Process Microsoft Corporation
System 0.58 64 K 528 K 4
Interrupts 0.98 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 21.37 17,808 K 29,212 K 5564 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System Idle Process 75.78 0 K 24 K 0




Summary
		Operating System
			Windows 7 Starter 32-bit SP1
		CPU
			Intel Atom N470 @ 1.83GHz	62 °C
			Pineview-N 45nm Technology
		RAM
			1.00GB Single-Channel DDR3 (5-5-5-12)
		Motherboard
			Acer	47 °C
		Graphics
			Generic PnP Monitor ([email protected])
			Intel Graphics Media Accelerator 3150 (Acer Incorporated [ALI])
			Intel Graphics Media Accelerator 3150 (Acer Incorporated [ALI])
		Hard Drives
			149GB Western Digital WDC WD1600BEVT-22A23T0 (SATA)	38 °C
		Optical Drives
			No optical disk drives detected
		Audio
			Realtek High Definition Audio
Operating System
	Windows 7 Starter 32-bit SP1
	Computer type: Notebook
	Installation Date: 6/12/2011 3:43:11 PM
	
		Windows Security Center
			User Account Control (UAC)	Enabled
			Notify level	2 - Default
		Windows Update
			AutoUpdate	Not configured
		Windows Defender
			Windows Defender	Disabled
		Firewall
			Firewall	Enabled
			Display Name	McAfee Firewall
		Antivirus
			Antivirus	Enabled
			Display Name	McAfee Anti-Virus and Anti-Spyware
			Virus Signature Database	Up to date
		.NET Frameworks installed
			v4.0 Client
			v3.5 SP1
			v3.0 SP2
			v2.0 SP2
		Internet Explorer
			Version	10.0.9200.16635
		PowerShell
			Version	2.0
		Environment Variables
			USERPROFILE	C:\Users\K Man's Travel Pal
			SystemRoot	C:\Windows
				User Variables
					TEMP	C:\Users\K Man's Travel Pal\AppData\Local\Temp
					TMP	C:\Users\K Man's Travel Pal\AppData\Local\Temp
				Machine Variables
					ComSpec	C:\Windows\system32\cmd.exe
					FP_NO_HOST_CHECK	NO
					OS	Windows_NT
					Path	C:\Windows\system32
					C:\Windows
					C:\Windows\system32\wbem
					C:\Program Files\Common Files\Microsoft Shared\Windows Live
					%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
					C:\Program Files\EgisTec MyWinLocker\x86
					C:\Program Files\EgisTec MyWinLocker\x64
					C:\Program Files\Windows Live\Shared
					PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
					PROCESSOR_ARCHITECTURE	x86
					TEMP	C:\Windows\TEMP
					TMP	C:\Windows\TEMP
					USERNAME	SYSTEM
					windir	C:\Windows
					PSModulePath	C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
					NUMBER_OF_PROCESSORS	2
					PROCESSOR_LEVEL	6
					PROCESSOR_IDENTIFIER	x86 Family 6 Model 28 Stepping 10, GenuineIntel
					PROCESSOR_REVISION	1c0a
		Battery
			AC Line	Online
			Battery Charge %	100 %
			Battery State	High
			Remaining Battery Time	Unknown
		Power Profile
			Active power scheme	Balanced
			Hibernation	Enabled
			Turn Off Monitor after: (On AC Power)	15 min
			Turn Off Monitor after: (On Battery Power)	10 min
			Turn Off Hard Disk after: (On AC Power)	15 min
			Turn Off Hard Disk after: (On Battery Power)	2 min
			Suspend after: (On AC Power)	30 min
			Suspend after: (On Battery Power)	15 min
			Screen saver	Enabled
		Uptime
				Current Session
					Current Time	7/26/2013 3:59:15 PM
					Current Uptime	22,054 sec (0 d, 06 h, 07 m, 34 s)
					Last Boot Time	7/26/2013 9:51:41 AM
		TimeZone
			TimeZone	GMT -6:00 Hours
			Language	English (United States)
			Location	United States
			Format	English (United States)
			Currency	$
			Date Format	M/d/yyyy
			Time Format	h:mm:ss tt
		Process List
				armsvc.exe
					Process ID	1924
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
					Memory Usage	316 KB
					Peak Memory Usage	2.91 MB
				audiodg.exe
					Process ID	3776
				cmd.exe
					Process ID	2368
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\cmd.exe
					Memory Usage	1.17 MB
					Peak Memory Usage	2.61 MB
				conhost.exe
					Process ID	1760
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\conhost.exe
					Memory Usage	2.53 MB
					Peak Memory Usage	3.95 MB
				csrss.exe
					Process ID	608
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\csrss.exe
					Memory Usage	1.43 MB
					Peak Memory Usage	3.28 MB
				csrss.exe
					Process ID	644
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\csrss.exe
					Memory Usage	6.05 MB
					Peak Memory Usage	10 MB
				dsiwmis.exe
					Process ID	1972
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Launch Manager\dsiwmis.exe
					Memory Usage	476 KB
					Peak Memory Usage	3.03 MB
				dwm.exe
					Process ID	1704
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\Dwm.exe
					Memory Usage	916 KB
					Peak Memory Usage	3.98 MB
				ePowerSvc.exe
					Process ID	476
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
					Memory Usage	364 KB
					Peak Memory Usage	3.46 MB
				explorer.exe
					Process ID	1720
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\Explorer.EXE
					Memory Usage	30 MB
					Peak Memory Usage	47 MB
				FlashUtil32_11_7_700_224_ActiveX.exe
					Process ID	5768
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
					Memory Usage	3.38 MB
					Peak Memory Usage	7.61 MB
				GREGsvc.exe
					Process ID	564
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Acer\Registration\GREGsvc.exe
					Memory Usage	336 KB
					Peak Memory Usage	1.84 MB
				IAANTmon.exe
					Process ID	2272
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
					Memory Usage	1.37 MB
					Peak Memory Usage	6.31 MB
				iexplore.exe
					Process ID	5288
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Program Files\Internet Explorer\iexplore.exe
					Memory Usage	196 MB
					Peak Memory Usage	211 MB
				iexplore.exe
					Process ID	4460
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Program Files\Internet Explorer\iexplore.exe
					Memory Usage	32 MB
					Peak Memory Usage	36 MB
				iexplore.exe
					Process ID	4572
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Program Files\Internet Explorer\iexplore.exe
					Memory Usage	87 MB
					Peak Memory Usage	92 MB
				lsass.exe
					Process ID	740
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\lsass.exe
					Memory Usage	5.26 MB
					Peak Memory Usage	9.21 MB
				lsm.exe
					Process ID	748
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\lsm.exe
					Memory Usage	1.29 MB
					Peak Memory Usage	2.95 MB
				McAPExe.exe
					Process ID	3424
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\PROGRA~1\McAfee\MSC\McAPExe.exe
					Memory Usage	432 KB
					Peak Memory Usage	5.76 MB
				mcshield.exe
					Process ID	2316
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
					Memory Usage	144 MB
					Peak Memory Usage	349 MB
				McSvHost.exe
					Process ID	2528
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
					Memory Usage	24 MB
					Peak Memory Usage	27 MB
				McSvHost.exe
					Process ID	1432
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
					Memory Usage	3.01 MB
					Peak Memory Usage	12 MB
				McUICnt.exe
					Process ID	468
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
					Memory Usage	24 MB
					Peak Memory Usage	52 MB
				mfefire.exe
					Process ID	2480
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
					Memory Usage	1.98 MB
					Peak Memory Usage	5.17 MB
				mfevtps.exe
					Process ID	1644
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\mfevtps.exe
					Memory Usage	2.85 MB
					Peak Memory Usage	8.51 MB
				MOBKbackup.exe
					Process ID	1284
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\McAfee Online Backup\MOBKbackup.exe
					Memory Usage	456 KB
					Peak Memory Usage	3.75 MB
				MOBKbackup.exe
					Process ID	4008
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\McAfee Online Backup\MOBKbackup.exe
					Memory Usage	4.93 MB
					Peak Memory Usage	16 MB
				MWLService.exe
					Process ID	1836
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
					Memory Usage	1.07 MB
					Peak Memory Usage	4.40 MB
				notepad.exe
					Process ID	5724
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\notepad.exe
					Memory Usage	5.11 MB
					Peak Memory Usage	5.17 MB
				RS_Service.exe
					Process ID	2052
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Acer\Acer VCM\RS_Service.exe
					Memory Usage	416 KB
					Peak Memory Usage	2.69 MB
				rundll32.exe
					Process ID	116
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\rundll32.exe
					Memory Usage	692 KB
					Peak Memory Usage	4.35 MB
				SearchFilterHost.exe
					Process ID	6040
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\SearchFilterHost.exe
					Memory Usage	5.39 MB
					Peak Memory Usage	5.39 MB
				SearchIndexer.exe
					Process ID	3028
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\SearchIndexer.exe
					Memory Usage	12 MB
					Peak Memory Usage	12 MB
				SearchProtocolHost.exe
					Process ID	5908
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\SearchProtocolHost.exe
					Memory Usage	8.40 MB
					Peak Memory Usage	8.46 MB
				SearchProtocolHost.exe
					Process ID	3076
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\SearchProtocolHost.exe
					Memory Usage	5.56 MB
					Peak Memory Usage	5.56 MB
				services.exe
					Process ID	704
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\services.exe
					Memory Usage	5.38 MB
					Peak Memory Usage	11 MB
				smss.exe
					Process ID	316
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	\SystemRoot\System32\smss.exe
					Memory Usage	200 KB
					Peak Memory Usage	828 KB
				Speccy.exe
					Process ID	3336
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Program Files\Speccy\Speccy.exe
					Memory Usage	19 MB
					Peak Memory Usage	19 MB
				spoolsv.exe
					Process ID	1548
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\System32\spoolsv.exe
					Memory Usage	4.54 MB
					Peak Memory Usage	11 MB
				svchost.exe
					Process ID	1648
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	5.04 MB
					Peak Memory Usage	41 MB
				svchost.exe
					Process ID	1072
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\System32\svchost.exe
					Memory Usage	28 MB
					Peak Memory Usage	45 MB
				svchost.exe
					Process ID	1104
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	6.14 MB
					Peak Memory Usage	11 MB
				svchost.exe
					Process ID	860
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	3.02 MB
					Peak Memory Usage	6.67 MB
				svchost.exe
					Process ID	936
					User	NETWORK SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	3.15 MB
					Peak Memory Usage	5.63 MB
				svchost.exe
					Process ID	2128
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	1.74 MB
					Peak Memory Usage	6.30 MB
				svchost.exe
					Process ID	1148
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	17 MB
					Peak Memory Usage	32 MB
				svchost.exe
					Process ID	808
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	3.75 MB
					Peak Memory Usage	6.40 MB
				svchost.exe
					Process ID	568
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	4.64 MB
					Peak Memory Usage	24 MB
				svchost.exe
					Process ID	3096
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	3.27 MB
					Peak Memory Usage	5.82 MB
				svchost.exe
					Process ID	3132
					User	NETWORK SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	800 KB
					Peak Memory Usage	4.01 MB
				svchost.exe
					Process ID	1004
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\System32\svchost.exe
					Memory Usage	8.35 MB
					Peak Memory Usage	15 MB
				svchost.exe
					Process ID	1356
					User	NETWORK SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\svchost.exe
					Memory Usage	6.18 MB
					Peak Memory Usage	13 MB
				svchost.exe
					Process ID	244
					User	LOCAL SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\System32\svchost.exe
					Memory Usage	4.78 MB
					Peak Memory Usage	4.78 MB
				System
					Process ID	4
				System Idle Process
					Process ID	0
				taskhost.exe
					Process ID	1596
					User	K Man's Travel Pal
					Domain	KMansTravelPal
					Path	C:\Windows\system32\taskhost.exe
					Memory Usage	7.45 MB
					Peak Memory Usage	9.19 MB
				UpdaterService.exe
					Process ID	2176
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Acer\Acer Updater\UpdaterService.exe
					Memory Usage	692 KB
					Peak Memory Usage	2.83 MB
				wininit.exe
					Process ID	652
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\wininit.exe
					Memory Usage	332 KB
					Peak Memory Usage	3.36 MB
				winlogon.exe
					Process ID	728
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\winlogon.exe
					Memory Usage	1.37 MB
					Peak Memory Usage	6.57 MB
				WLIDSVC.EXE
					Process ID	2228
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
					Memory Usage	1.62 MB
					Peak Memory Usage	11 MB
				WLIDSVCM.EXE
					Process ID	2396
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
					Memory Usage	260 KB
					Peak Memory Usage	2.30 MB
				WmiPrvSE.exe
					Process ID	1696
					User	NETWORK SERVICE
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\wbem\wmiprvse.exe
					Memory Usage	10 MB
					Peak Memory Usage	11 MB
				WmiPrvSE.exe
					Process ID	5868
					User	SYSTEM
					Domain	NT AUTHORITY
					Path	C:\Windows\system32\wbem\wmiprvse.exe
					Memory Usage	7.39 MB
					Peak Memory Usage	7.39 MB
				wmpnetwk.exe
					Process ID	3872
					User	NETWORK SERVICE
					Domain	NT AUTHORITY
					Path	C:\Program Files\Windows Media Player\wmpnetwk.exe
					Memory Usage	3.78 MB
					Peak Memory Usage	9.25 MB
		Scheduler
			7/26/2013 11:43 AM;	GoogleUpdateTaskMachineUA
			7/26/2013 11:45 AM;	Adobe Flash Player Updater
			7/26/2013 8:43 PM;	GoogleUpdateTaskMachineCore
		Hotfixes
				7/12/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2832414)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2844286)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2832414)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2846071)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2835361)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2803821)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2845187)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2850851)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2840631)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2835364)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2833946)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2847927)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/12/2013  Security Update for Windows 7 (KB2834886)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/11/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2835393)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/11/2013  Windows Malicious Software Removal Tool - July 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				7/11/2013  Security Update for Microsoft Office 2007 suites (KB2687309)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				7/11/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/11/2013  Security Update for Microsoft Silverlight (KB2847559)
					This security update to Silverlight includes fixes outlined in
					KB 2847559. This update is backward compatible with web applications
					built using previous versions of Silverlight.
				7/6/2013  Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Update for Windows 7 (KB2834140)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2804579)
					A security issue has been identified that could allow an attacker
					to misrepresent a system action or behavior without the knowledge
					of the user. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				7/5/2013  Update for Windows 7 (KB2813956)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Update for Windows 7 (KB2808679)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Security Update for Windows 7 (KB2829361)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Security Update for Windows 7 (KB2839894)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Security Update for Windows 7 (KB2813430)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Update for Windows 7 (KB2820331)
					Install this update to resolve a set of known application compatibility
					issues with Windows. For a complete listing of the issues that
					are included in this update, see the associated Microsoft Knowledge
					Base article for more information. After you install this item,
					you may have to restart your computer.
				7/5/2013  Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2859903)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2804576)
					A security issue has been identified that could allow an attacker
					to misrepresent a system action or behavior without the knowledge
					of the user. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				7/5/2013  Windows Malicious Software Removal Tool - June 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				7/5/2013  Update for Windows 7 (KB2836502)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				7/5/2013  Security Update for Windows 7 (KB2839229)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2838727)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Security Update for Windows 7 (KB2830290)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Security Update for Windows 7 (KB2845690)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				7/5/2013  Update for Windows 7 (KB2798162)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/27/2013  Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/12/2013  Update for Windows 7 (KB2834140)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/12/2013  Update for Windows 7 (KB2808679)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/12/2013  Security Update for Windows 7 (KB2839894)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				6/12/2013  Security Update for Windows 7 (KB2813430)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				6/12/2013  Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2859903)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/12/2013  Windows Malicious Software Removal Tool - June 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				6/12/2013  Update for Windows 7 (KB2836502)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				6/12/2013  Security Update for Windows 7 (KB2839229)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				6/12/2013  Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2838727)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				6/12/2013  Security Update for Windows 7 (KB2845690)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/17/2013  Update for Windows 7 (KB2813956)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				5/17/2013  Security Update for Windows 7 (KB2829361)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/17/2013  Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2829530)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/16/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2804579)
					A security issue has been identified that could allow an attacker
					to misrepresent a system action or behavior without the knowledge
					of the user. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				5/16/2013  Update for Windows 7 (KB2820331)
					Install this update to resolve a set of known application compatibility
					issues with Windows. For a complete listing of the issues that
					are included in this update, see the associated Microsoft Knowledge
					Base article for more information. After you install this item,
					you may have to restart your computer.
				5/16/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2804576)
					A security issue has been identified that could allow an attacker
					to misrepresent a system action or behavior without the knowledge
					of the user. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				5/16/2013  Security Update for Windows 7 (KB2830290)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/16/2013  Windows Malicious Software Removal Tool - May 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				5/16/2013  Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/16/2013  Update for Windows 7 (KB2798162)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				5/16/2013  Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/16/2013  Update for Windows 7 (KB2798162)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				5/15/2013  Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2829530)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/15/2013  Update for Windows 7 (KB2813956)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				5/15/2013  Security Update for Windows 7 (KB2829361)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				5/1/2013  Internet Explorer 10 for Windows 7
					Internet Explorer 10 is fast and fluid, and lets your websites
					shine and perform just like native apps on your PC.
 Internet
					Explorer 10. Fast and fluid for Windows 7.
 • Fast. Internet
					Explorer 10 harnesses the untapped power of your PC, delivering
					pages full of vivid graphics, smoother video, and interactive
					content.
 • Easy. Experience the web the way you want to with
					pinned sites, built-in Spellcheck, and seamless integration with
					your PC running Windows 7.
 • Safer. Improved features like SmartScreen
					Filter and Tracking Protection let you be more aware of threats
					to your PC and your privacy.
				4/24/2013  Security Update for Windows 7 (KB2840149)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/13/2013  Security Update for Windows 7 (KB2808735)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/12/2013  Update for Windows 7 (KB2799926)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				4/12/2013  Security Update for Windows 7 (KB2813170)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/12/2013  Security Update for Windows 7 (KB2813347)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/12/2013  Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2817183)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/12/2013  Windows Malicious Software Removal Tool - April 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				4/12/2013  Security Update for Windows 7 (KB2808735)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/11/2013  Security Update for Windows 7 (KB2808735)
					A security issue has been identified in a Microsoft software
					product that could affect your system. You can help protect your
					system by installing this update from Microsoft. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article. After you install
					this update, you may have to restart your system.
				4/11/2013  Update for Windows 7 (KB2799926)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				3/26/2013  Security Update for Windows 7 (KB2807986)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				3/13/2013  Windows Malicious Software Removal Tool - March 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				3/13/2013  Update for Microsoft Office 2007 suites (KB2687493)
					Microsoft has released an update for Microsoft Office 2007 suites
					. This update provides the latest fixes to Microsoft Office 2007
					suites . Additionally, this update contains stability and performance
					improvements.
				3/13/2013  Security Update for Microsoft Silverlight (KB2814124)
					This security update to Silverlight includes fixes outlined in
					KB 2814124. This update is backward compatible with web applications
					built using previous versions of Silverlight.
				3/13/2013  Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2809289)
					Security issues have been identified that could allow an attacker
					to compromise a system that is running Microsoft Internet Explorer
					and gain control over it. You can help protect your system by
					installing this update from Microsoft. After you install this
					item, you may have to restart your computer.
				3/13/2013  Update for Windows 7 (KB2791765)
					Install this update to resolve a set of known application compatibility
					issues with Windows. For a complete listing of the issues that
					are included in this update, see the associated Microsoft Knowledge
					Base article for more information. After you install this item,
					you may have to restart your computer.
				2/27/2013  Platform Update for Windows 7 (KB2670838)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				2/15/2013  Update for Microsoft Office 2007 suites (KB2767916)
					Microsoft has released an update for Microsoft Office 2007 suites
					. This update provides the latest fixes to Microsoft Office 2007
					suites . Additionally, this update contains stability and performance
					improvements.
				2/15/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/15/2013  Security Update for Windows 7 (KB2790113)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/14/2013  Windows Malicious Software Removal Tool - February 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				2/14/2013  Security Update for Windows 7 (KB2778344)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/14/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2789645)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/14/2013  Update for Microsoft Office 2007 suites (KB2596620)
					Microsoft has released an update for Microsoft Office 2007 suites
					. This update provides the latest fixes to Microsoft Office 2007
					suites . Additionally, this update contains stability and performance
					improvements.
				2/14/2013  Security Update for Windows 7 (KB2799494)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/14/2013  Security Update for Windows 7 (KB2790655)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to cause the affected system to stop responding.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
				2/14/2013  Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2792100)
					Security issues have been identified that could allow an attacker
					to compromise a system that is running Microsoft Internet Explorer
					and gain control over it. You can help protect your system by
					installing this update from Microsoft. After you install this
					item, you may have to restart your computer.
				2/14/2013  Security Update for Internet Explorer 9 for Windows 7 (KB2797052)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/13/2013  Update for Microsoft Office 2007 suites (KB2767916)
					Microsoft has released an update for Microsoft Office 2007 suites
					. This update provides the latest fixes to Microsoft Office 2007
					suites . Additionally, this update contains stability and performance
					improvements.
				2/13/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				2/13/2013  Security Update for Windows 7 (KB2790113)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Update for Windows 7 (KB2786400)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/16/2013  Security Update for Windows 7 (KB2778930)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Security Update for Windows 7 (KB2769369)
					A security issue has been identified that could allow an authenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Security Update for Microsoft Office 2007 suites (KB2687499)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				1/16/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Security Update for Windows 7 (KB2757638)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Update for Windows 7 (KB2726535)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/16/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/16/2013  Update for Windows 7 (KB2773072)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/16/2013  Security Update for Windows 7 (KB2785220)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain access to
					information. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				1/16/2013  Update for Windows 7 (KB2786081)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/16/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to cause the affected application to stop responding.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
				1/16/2013  Windows Malicious Software Removal Tool - January 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				1/11/2013  Security Update for Windows 7 (KB2757638)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Update for Windows 7 (KB2786400)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/11/2013  Security Update for Windows 7 (KB2778930)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Security Update for Windows 7 (KB2769369)
					A security issue has been identified that could allow an authenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Security Update for Microsoft Office 2007 suites (KB2687499)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				1/11/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Security Update for Windows 7 (KB2757638)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Update for Windows 7 (KB2726535)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/11/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/11/2013  Update for Windows 7 (KB2773072)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/11/2013  Security Update for Windows 7 (KB2785220)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain access to
					information. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				1/11/2013  Update for Windows 7 (KB2786081)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/11/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to cause the affected application to stop responding.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
				1/10/2013  Security Update for Microsoft Office 2007 suites (KB2687499)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				1/10/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Windows 7 (KB2676562)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Windows 7 (KB2724197)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain access to information.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
				1/10/2013  Update for Windows 7 (KB2679255)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Update for Windows 7 (KB2786400)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Security Update for Windows 7 (KB2778930)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Windows 7 (KB2769369)
					A security issue has been identified that could allow an authenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Microsoft Office 2007 suites (KB2687499)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				1/10/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Windows 7 (KB2757638)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Update for Windows 7 (KB2726535)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Update for Windows 7 (KB2773072)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Security Update for Windows 7 (KB2785220)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain access to
					information. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				1/10/2013  Update for Windows 7 (KB2786081)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to cause the affected application to stop responding.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
				1/10/2013  Windows Malicious Software Removal Tool - January 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				1/10/2013  Windows Malicious Software Removal Tool - January 2013 (KB890830)
					After the download, this tool runs one time to check your computer
					for infection by specific, prevalent malicious software (including
					Blaster, Sasser, and Mydoom) and helps remove any infection that
					is found. If an infection is found, the tool will display a status
					report the next time that you start your computer. A new version
					of the tool will be offered every month. If you want to manually
					run the tool on your computer, you can download a copy from the
					Microsoft Download Center, or you can run an online version from
					microsoft.com. This tool is not a replacement for an antivirus
					product. To help protect your computer, you should use an antivirus
					product.
				1/10/2013  Update for Windows 7 (KB2786400)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/10/2013  Security Update for Windows 7 (KB2778930)
					A security issue has been identified that could allow an authenticated
					local attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Windows 7 (KB2769369)
					A security issue has been identified that could allow an authenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/10/2013  Security Update for Microsoft Office 2007 suites (KB2687499)
					A security vulnerability exists in Microsoft Office 2007 suites
					that could allow arbitrary code to run when a maliciously modified
					file is opened. This update resolves that vulnerability.
				1/10/2013  Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/9/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2756921)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/9/2013  Security Update for Windows 7 (KB2757638)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/9/2013  Update for Windows 7 (KB2726535)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/9/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain control over
					it. You can help protect your system by installing this update
					from Microsoft. After you install this update, you may have to
					restart your system.
				1/9/2013  Update for Windows 7 (KB2773072)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/9/2013  Security Update for Windows 7 (KB2785220)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to compromise your system and gain access to
					information. You can help protect your system by installing this
					update from Microsoft. After you install this update, you may
					have to restart your system.
				1/9/2013  Update for Windows 7 (KB2786081)
					Install this update to resolve issues in Windows. For a complete
					listing of the issues that are included in this update, see the
					associated Microsoft Knowledge Base article for more information.
					After you install this item, you may have to restart your computer.
				1/9/2013  Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422)
					A security issue has been identified that could allow an unauthenticated
					remote attacker to cause the affected application to stop responding.
					You can help protect your system by installing this update from
					Microsoft. After you install this update, you may have to restart
					your system.
		System Folders
			Path for burning CD	C:\Users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\Burn\Burn
			Application Data	C:\ProgramData
			Public Desktop	C:\Users\Public\Desktop
			Documents	C:\Users\Public\Documents
			Global Favorites	C:\Users\K Man's Travel Pal\Favorites
			Music	C:\Users\Public\Music
			Pictures	C:\Users\Public\Pictures
			Start Menu Programs	C:\ProgramData\Microsoft\Windows\Start Menu\Programs
			Start Menu	C:\ProgramData\Microsoft\Windows\Start Menu
			Startup	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
			Templates	C:\ProgramData\Microsoft\Windows\Templates
			Videos	C:\Users\Public\Videos
			Cookies	C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Cookies
			Desktop	C:\Users\K Man's Travel Pal\Desktop
			Physical Desktop	C:\Users\K Man's Travel Pal\Desktop
			User Favorites	C:\Users\K Man's Travel Pal\Favorites
			Fonts	C:\Windows\Fonts
			Internet History	C:\Users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\History
			Temporary Internet Files	C:\Users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\Temporary Internet Files
			Local Application Data	C:\Users\K Man's Travel Pal\AppData\Local
			Windows Directory	C:\Windows
			Windows/System	C:\Windows\system32
			Program Files	C:\Program Files
		Services
			Running	Acer ePower Service
			Running	Adobe Acrobat Update Service
			Running	Application Experience
			Running	Application Information
			Running	Base Filtering Engine
			Running	CNG Key Isolation
			Running	COM+ Event System
			Running	Computer Browser
			Running	Cryptographic Services
			Running	DCOM Server Process Launcher
			Running	Desktop Window Manager Session Manager
			Running	DHCP Client
			Running	Diagnostic Policy Service
			Running	Diagnostic Service Host
			Running	Distributed Link Tracking Client
			Running	DNS Client
			Running	Dritek WMI Service
			Running	Encrypting File System (EFS)
			Running	Extensible Authentication Protocol
			Running	Function Discovery Provider Host
			Running	Function Discovery Resource Publication
			Running	GREGService
			Running	Group Policy Client
			Running	HomeGroup Provider
			Running	HP CUE DeviceDiscovery Service
			Running	HP Network Devices Support
			Running	hpqcxs08
			Running	Human Interface Device Access
			Running	IKE and AuthIP IPsec Keying Modules
			Running	Intel Matrix Storage Event Monitor
			Running	IP Helper
			Running	IPsec Policy Agent
			Running	McAfee Anti-Malware Core
			Running	McAfee Anti-Spam Service
			Running	McAfee Firewall Core Service
			Running	McAfee Home Network
			Running	McAfee Online Backup
			Running	McAfee Personal Firewall Service
			Running	McAfee Platform Services
			Running	McAfee Proxy Service
			Running	McAfee SiteAdvisor Service
			Running	McAfee Validation Trust Protection Service
			Running	McAfee VirusScan Announcer
			Running	Multimedia Class Scheduler
			Running	MyWinLocker Service
			Running	Network Connections
			Running	Network List Service
			Running	Network Location Awareness
			Running	Network Store Interface Service
			Running	Peer Name Resolution Protocol
			Running	Peer Networking Identity Manager
			Running	Plug and Play
			Running	Power
			Running	Print Spooler
			Running	Program Compatibility Assistant Service
			Running	Raw Socket Service
			Running	Remote Access Connection Manager
			Running	Remote Procedure Call (RPC)
			Running	RPC Endpoint Mapper
			Running	Secondary Logon
			Running	Secure Socket Tunneling Protocol Service
			Running	Security Accounts Manager
			Running	Security Center
			Running	Server
			Running	Shell Hardware Detection
			Running	SSDP Discovery
			Running	Superfetch
			Running	System Event Notification Service
			Running	Task Scheduler
			Running	TCP/IP NetBIOS Helper
			Running	Telephony
			Running	Themes
			Running	Updater Service
			Running	User Profile Service
			Running	Windows Audio
			Running	Windows Audio Endpoint Builder
			Running	Windows Event Log
			Running	Windows Firewall
			Running	Windows Font Cache Service
			Running	Windows Image Acquisition (WIA)
			Running	Windows Live ID Sign-in Assistant
			Running	Windows Management Instrumentation
			Running	Windows Media Player Network Sharing Service
			Running	Windows Search
			Running	Windows Update
			Running	WLAN AutoConfig
			Running	Workstation
			Stopped	ActiveX Installer (AxInstSV)
			Stopped	Adobe Flash Player Update Service
			Stopped	Application Identity
			Stopped	Application Layer Gateway Service
			Stopped	Background Intelligent Transfer Service
			Stopped	BitLocker Drive Encryption Service
			Stopped	Block Level Backup Engine Service
			Stopped	Bluetooth Support Service
			Stopped	Certificate Propagation
			Stopped	COM+ System Application
			Stopped	Credential Manager
			Stopped	Diagnostic System Host
			Stopped	Disk Defragmenter
			Stopped	Distributed Transaction Coordinator
			Stopped	Fax
			Stopped	GameConsoleService
			Stopped	Google Software Updater
			Stopped	Google Update Service (gupdate)
			Stopped	Google Update Service (gupdatem)
			Stopped	Health Key and Certificate Management
			Stopped	HomeGroup Listener
			Stopped	Interactive Services Detection
			Stopped	Internet Connection Sharing (ICS)
			Stopped	KtmRm for Distributed Transaction Coordinator
			Stopped	Link-Layer Topology Discovery Mapper
			Stopped	McAfee Scanner
			Stopped	Microsoft .NET Framework NGEN v2.0.50727_X86
			Stopped	Microsoft .NET Framework NGEN v4.0.30319_X86
			Stopped	Microsoft iSCSI Initiator Service
			Stopped	Microsoft Office Diagnostics Service
			Stopped	Microsoft Software Shadow Copy Provider
			Stopped	Net Driver HPZ12
			Stopped	Net.Tcp Port Sharing Service
			Stopped	Netlogon
			Stopped	Network Access Protection Agent
			Stopped	Office Source Engine
			Stopped	Parental Controls
			Stopped	Partner Service
			Stopped	Peer Networking Grouping
			Stopped	Performance Logs & Alerts
			Stopped	Pml Driver HPZ12
			Stopped	PnP-X IP Bus Enumerator
			Stopped	PNRP Machine Name Publication Service
			Stopped	Portable Device Enumerator Service
			Stopped	Problem Reports and Solutions Control Panel Support
			Stopped	Protected Storage
			Stopped	Quality Windows Audio Video Experience
			Stopped	Remote Access Auto Connection Manager
			Stopped	Remote Desktop Configuration
			Stopped	Remote Desktop Services
			Stopped	Remote Procedure Call (RPC) Locator
			Stopped	Remote Registry
			Stopped	Routing and Remote Access
			Stopped	Smart Card
			Stopped	Smart Card Removal Policy
			Stopped	SNMP Trap
			Stopped	Software Protection
			Stopped	SPP Notification Service
			Stopped	Tablet PC Input Service
			Stopped	Thread Ordering Server
			Stopped	TPM Base Services
			Stopped	UPnP Device Host
			Stopped	Virtual Disk
			Stopped	Volume Shadow Copy
			Stopped	WebClient
			Stopped	Windows Backup
			Stopped	Windows Biometric Service
			Stopped	Windows CardSpace
			Stopped	Windows Color System
			Stopped	Windows Connect Now - Config Registrar
			Stopped	Windows Defender
			Stopped	Windows Driver Foundation - User-mode Driver Framework
			Stopped	Windows Error Reporting Service
			Stopped	Windows Event Collector
			Stopped	Windows Installer
			Stopped	Windows Live Family Safety Service
			Stopped	Windows Live Mesh remote connections service
			Stopped	Windows Modules Installer
			Stopped	Windows Presentation Foundation Font Cache 3.0.0.0
			Stopped	Windows Remote Management (WS-Management)
			Stopped	Windows Time
			Stopped	WinHTTP Web Proxy Auto-Discovery Service
			Stopped	Wired AutoConfig
			Stopped	WMI Performance Adapter
			Stopped	WWAN AutoConfig
		Security Options
			Accounts: Administrator account status	Disabled
			Accounts: Guest account status	Disabled
			Accounts: Limit local account use of blank passwords to console logon only	Enabled
			Accounts: Rename administrator account	Administrator
			Accounts: Rename guest account	Guest
			Audit: Audit the access of global system objects	Disabled
			Audit: Audit the use of Backup and Restore privilege	Disabled
			Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings	Not Defined
			Audit: Shut down system immediately if unable to log security audits	Disabled
			DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not Defined
			DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax	Not Defined
			Devices: Allow undock without having to log on	Enabled
			Devices: Allowed to format and eject removable media	Not Defined
			Devices: Prevent users from installing printer drivers	Disabled
			Devices: Restrict CD-ROM access to locally logged-on user only	Not Defined
			Devices: Restrict floppy access to locally logged-on user only	Not Defined
			Domain controller: Allow server operators to schedule tasks	Not Defined
			Domain controller: LDAP server signing requirements	Not Defined
			Domain controller: Refuse machine account password changes	Not Defined
			Domain member: Digitally encrypt or sign secure channel data (always)	Enabled
			Domain member: Digitally encrypt secure channel data (when possible)	Enabled
			Domain member: Digitally sign secure channel data (when possible)	Enabled
			Domain member: Disable machine account password changes	Disabled
			Domain member: Maximum machine account password age	30 days
			Domain member: Require strong (Windows 2000 or later) session key	Enabled
			Interactive logon: Display user information when the session is locked	Not Defined
			Interactive logon: Do not display last user name	Disabled
			Interactive logon: Do not require CTRL+ALT+DEL	Not Defined
			Interactive logon: Message text for users attempting to log on
			Interactive logon: Message title for users attempting to log on
			Interactive logon: Number of previous logons to cache (in case domain controller is not available)	10 logons
			Interactive logon: Prompt user to change password before expiration	5 days
			Interactive logon: Require Domain Controller authentication to unlock workstation	Disabled
			Interactive logon: Require smart card	Disabled
			Interactive logon: Smart card removal behavior	No Action
			Microsoft network client: Digitally sign communications (always)	Disabled
			Microsoft network client: Digitally sign communications (if server agrees)	Enabled
			Microsoft network client: Send unencrypted password to third-party SMB servers	Disabled
			Microsoft network server: Amount of idle time required before suspending session	15 minutes
			Microsoft network server: Digitally sign communications (always)	Disabled
			Microsoft network server: Digitally sign communications (if client agrees)	Disabled
			Microsoft network server: Disconnect clients when logon hours expire	Enabled
			Microsoft network server: Server SPN target name validation level	Not Defined
			Network access: Allow anonymous SID/Name translation	Disabled
			Network access: Do not allow anonymous enumeration of SAM accounts	Enabled
			Network access: Do not allow anonymous enumeration of SAM accounts and shares	Disabled
			Network access: Do not allow storage of passwords and credentials for network authentication	Disabled
			Network access: Let Everyone permissions apply to anonymous users	Disabled
			Network access: Named Pipes that can be accessed anonymously
			Network access: Remotely accessible registry paths	System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
			Network access: Remotely accessible registry paths and sub-paths	System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
			Network access: Restrict anonymous access to Named Pipes and Shares	Enabled
			Network access: Shares that can be accessed anonymously	Not Defined
			Network access: Sharing and security model for local accounts	Classic - local users authenticate as themselves
			Network security: Allow Local System to use computer identity for NTLM	Not Defined
			Network security: Allow LocalSystem NULL session fallback	Not Defined
			Network Security: Allow PKU2U authentication requests to this computer to use online identities	Not Defined
			Network security: Configure encryption types allowed for Kerberos	Not Defined
			Network security: Do not store LAN Manager hash value on next password change	Enabled
			Network security: Force logoff when logon hours expire	Disabled
			Network security: LAN Manager authentication level	Not Defined
			Network security: LDAP client signing requirements	Negotiate signing
			Network security: Minimum session security for NTLM SSP based (including secure RPC) clients	Require 128-bit encryption
			Network security: Minimum session security for NTLM SSP based (including secure RPC) servers	Require 128-bit encryption
			Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication	Not Defined
			Network security: Restrict NTLM: Add server exceptions in this domain	Not Defined
			Network security: Restrict NTLM: Audit Incoming NTLM Traffic	Not Defined
			Network security: Restrict NTLM: Audit NTLM authentication in this domain	Not Defined
			Network security: Restrict NTLM: Incoming NTLM traffic	Not Defined
			Network security: Restrict NTLM: NTLM authentication in this domain	Not Defined
			Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers	Not Defined
			Recovery console: Allow automatic administrative logon	Disabled
			Recovery console: Allow floppy copy and access to all drives and all folders	Disabled
			Shutdown: Allow system to be shut down without having to log on	Enabled
			Shutdown: Clear virtual memory pagefile	Disabled
			System cryptography: Force strong key protection for user keys stored on the computer	Not Defined
			System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing	Disabled
			System objects: Require case insensitivity for non-Windows subsystems	Enabled
			System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)	Enabled
			System settings: Optional subsystems	Posix
			System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies	Disabled
			User Account Control: Admin Approval Mode for the Built-in Administrator account	Disabled
			User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop	Disabled
			User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode	Prompt for consent for non-Windows binaries
			User Account Control: Behavior of the elevation prompt for standard users	Prompt for credentials
			User Account Control: Detect application installations and prompt for elevation	Enabled
			User Account Control: Only elevate executables that are signed and validated	Disabled
			User Account Control: Only elevate UIAccess applications that are installed in secure locations	Enabled
			User Account Control: Run all administrators in Admin Approval Mode	Enabled
			User Account Control: Switch to the secure desktop when prompting for elevation	Enabled
			User Account Control: Virtualize file and registry write failures to per-user locations	Enabled
		Device Tree
				ACPI x86-based PC
					Microsoft Watchdog Timer
						Microsoft ACPI-Compliant System
							Intel Atom CPU N475 @ 1.83GHz
							Intel Atom CPU N475 @ 1.83GHz
							ACPI Fan
							ACPI Thermal Zone
							ACPI Power Button
							ACPI Sleep Button
							ACPI Lid
							ACPI Fixed Feature Button
								PCI bus
									Intel N10 Family DMI Bridge - A010
									Intel Graphics Media Accelerator 3150
									Intel 82801 PCI Bridge - 2448
									Intel N10/ICH7 Family SMBus Controller - 27DA
									Microsoft Windows Management Interface for ACPI
										Intel(R) Graphics Media Accelerator 3150
											Generic PnP Monitor
										High Definition Audio Controller
											Realtek High Definition Audio
										Intel(R) N10/ICH7 Family PCI Express Root Port - 27D0
											Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
										Intel(R) N10/ICH7 Family PCI Express Root Port - 27D2
											Atheros AR5B95 Wireless Network Adapter
										Intel(R) N10/ICH7 Family USB Universal Host Controller - 27C8
												USB Root Hub
														USB Composite Device
																USB Input Device
																	HID-compliant mouse
																USB Input Device
																	HID-compliant consumer control device
																	HID-compliant device
																	HID-compliant device
										Intel(R) N10/ICH7 Family USB Universal Host Controller - 27C9
											USB Root Hub
										Intel(R) N10/ICH7 Family USB Universal Host Controller - 27CA
											USB Root Hub
										Intel(R) N10/ICH7 Family USB Universal Host Controller - 27CB
											USB Root Hub
										Intel(R) N10/ICH7 Family USB2 Enhanced Host Controller - 27CC
												USB Root Hub
														USB Composite Device
															1.3M WebCam
										Intel(R) NM10 Family LPC Interface Controller - 27BC
											Microsoft ACPI-Compliant Control Method Battery
											Microsoft AC Adapter
											Motherboard resources
											Direct memory access controller
											System CMOS/real time clock
											High precision event timer
											Programmable interrupt controller
											Numeric data processor
											System timer
											Intel 82802 Firmware Hub Device
											Microsoft ACPI-Compliant Embedded Controller
											Standard PS/2 Keyboard
										Intel(R) NM10 Express Chipset
											WDC WD1600BEVT-22A23T0
CPU
		Intel Atom N470
			Cores	1
			Threads	2
			Name	Intel Atom N470
			Code Name	Pineview-N
			Package	Socket 559 FCBGA8
			Technology	45nm
			Specification	Intel Atom CPU N475 @ 1.83GHz
			Family	6
			Extended Family	6
			Model	C
			Extended Model	1C
			Stepping	A
			Revision	B0
			Instructions	MMX, SSE, SSE2, SSE3, SSSE3, Intel 64, NX
			Virtualization	Not supported
			Hyperthreading	Supported, Enabled
			Bus Speed	166.3 MHz
			Rated Bus Speed	665.1 MHz
			Stock Core Speed	1833 MHz
			Stock Bus Speed	166 MHz
			Average Temperature	62 °C
				Caches
					L1 Data Cache Size	24 KBytes
					L1 Instructions Cache Size	32 KBytes
					L2 Unified Cache Size	512 KBytes
				Core 0
					Core Speed	1829.1 MHz
					Multiplier	x 11.0
					Bus Speed	166.3 MHz
					Rated Bus Speed	665.1 MHz
					Temperature	62 °C
						Thread 1
							APIC ID	0
						Thread 2
							APIC ID	1
RAM
		Memory slots
			Total memory slots	2
			Used memory slots	1
			Free memory slots	1
		Memory
			Type	DDR3
			Size	1024 MBytes
			Channels #	Single
			CAS# Latency (CL)	5 clocks
			RAS# to CAS# Delay (tRCD)	5 clocks
			RAS# Precharge (tRP)	5 clocks
			Cycle Time (tRAS)	12 clocks
			Command Rate (CR)	2T
		Physical Memory
			Memory Usage	75 %
			Total Physical	MB
			Available Physical	252 MB
			Total Virtual	1.99 GB
			Available Virtual	803 MB
		SPD
			Number Of SPD Modules	1
				Slot #1
					Type	DDR3
					Size	1024 MBytes
					Manufacturer	Kingston
					Max Bandwidth	PC3-10700 (667 MHz)
					Part Number	ACR128X64D3S1333C9
					Serial Number	943EF0EA
					Week/year	12 / 10
					SPD Ext.	EPP
						JEDEC #5
							Frequency	685.7 MHz
							CAS# Latency	9.0
							RAS# To CAS#	10
							RAS# Precharge	10
							tRAS	25
							tRC	34
							Voltage	1.500 V
						JEDEC #4
							Frequency	609.5 MHz
							CAS# Latency	8.0
							RAS# To CAS#	8
							RAS# Precharge	8
							tRAS	22
							tRC	30
							Voltage	1.500 V
						JEDEC #3
							Frequency	533.3 MHz
							CAS# Latency	7.0
							RAS# To CAS#	7
							RAS# Precharge	7
							tRAS	20
							tRC	27
							Voltage	1.500 V
						JEDEC #2
							Frequency	457.1 MHz
							CAS# Latency	6.0
							RAS# To CAS#	6
							RAS# Precharge	6
							tRAS	17
							tRC	23
							Voltage	1.500 V
						JEDEC #1
							Frequency	381.0 MHz
							CAS# Latency	5.0
							RAS# To CAS#	6
							RAS# Precharge	6
							tRAS	14
							tRC	19
							Voltage	1.500 V
Motherboard
	Manufacturer	Acer
	Version	V1.02
	Chipset Vendor	Intel
	Chipset Model	Atom Host Bridge
	Chipset Revision	00
	Southbridge Vendor	Intel
	Southbridge Model	NM10
	Southbridge Revision	02
	System Temperature	47 °C
		BIOS
			Brand	Acer
			Version	V1.02
			Date	5/7/2010
		PCI Data
				Slot Unknown
					Slot Type	Unknown
					Slot Usage	Available
					Bus Width	Unknown
					Slot Designation	J7
					Slot Number	0
Graphics
		Monitor
			Name	Generic PnP Monitor on Intel Graphics Media Accelerator 3150
			Current Resolution	1024x600 pixels
			Work Resolution	1024x560 pixels
			State	Enabled, Primary
			Monitor Width	1024
			Monitor Height	600
			Monitor BPP	32 bits per pixel
			Monitor Frequency	60 Hz
			Device	\\.\DISPLAY1\Monitor0
		Intel Graphics Media Accelerator 3150
			Manufacturer	Intel
			Model	Graphics Media Accelerator 3150
			Device ID	8086-A011
			Subvendor	Acer Incorporated [ALI] (1025)
			Current Performance Level	Level 0
			Driver version	8.14.10.2117
				Count of performance levels : 1
					Level 1
		Intel Graphics Media Accelerator 3150
			Manufacturer	Intel
			Model	Graphics Media Accelerator 3150
			Device ID	8086-A012
			Subvendor	Acer Incorporated [ALI] (1025)
			Current Performance Level	Level 0
			Driver version	8.14.10.2117
				Count of performance levels : 1
					Level 1
Hard Drives
		WDC WD1600BEVT-22A23T0
			Manufacturer	Western Digital
			Form Factor	GB/2.5-inch
			Business Unit/Brand	Mobile/WD Scorpio
			Heads	16
			Cylinders	16,383
			SATA type	SATA-II 3.0Gb/s
			Device type	Fixed
			ATA Standard	ATA8-ACS
			Serial Number	WD-WX61A50P7086
			LBA Size	48-bit LBA
			Power On Count	7432 times
			Power On Time	218.6 days
			Speed	5400 RPM
			Features	S.M.A.R.T., APM, AAM, NCQ
			Transfer Mode	SATA II
			Interface	SATA
			Capacity	149 GB
			Real size	160,041,885,696 bytes
			RAID Type	None
				S.M.A.R.T
					Status	Good
					Temperature	38 °C
					Temperature Range	OK (less than 50 °C)
					01 Read Error Rate	200 (200) Data 0000000000
					03 Spin-Up Time	155 (129) Data 00000004E2
					04 Start/Stop Count	071 (071) Data 0000007164
					05 Reallocated Sectors Count	200 (200) Data 0000000000
					07 Seek Error Rate	100 (253) Data 0000000000
					09 Power-On Hours (POH)	093 (093) Data 000000147F
					0A Spin Retry Count	100 (100) Data 0000000000
					0B Recalibration Retries	100 (100) Data 0000000000
					0C Device Power Cycle Count	093 (093) Data 0000001D08
					BF G-sense error rate	001 (001) Data 0000000297
					C0 Power-off Retract Count	200 (200) Data 000000010C
					C1 Load/Unload Cycle Count	061 (061) Data 0000065DB4
					C2 Temperature	103 (098) Data 0000000028
					C4 Reallocation Event Count	200 (200) Data 0000000000
					C5 Current Pending Sector Count	200 (200) Data 0000000000
					C6 Uncorrectable Sector Count	100 (253) Data 0000000000
					C7 UltraDMA CRC Error Count	200 (200) Data 0000000000
					C8 Write Error Rate / Multi-Zone Error Rate	100 (253) Data 0000000000
				Partition 0
					Partition ID	Disk #0, Partition #0
					Size	13.0 GB
				Partition 1
					Partition ID	Disk #0, Partition #1
					Size	101 MB
				Partition 2
					Partition ID	Disk #0, Partition #2
					Disk Letter	C:
					File System	NTFS
					Volume Serial Number	6C4B14F1
					Size	136 GB
					Used Space	40 GB (30%)
					Free Space	95 GB (70%)
Optical Drives
	No optical disk drives detected
Audio
		Sound Card
			Realtek High Definition Audio
		Playback Device
			Speakers (Realtek High Definition Audio)
		Recording Device
			Microphone (Realtek High Definition Audio)
		Speaker Configuration
			Speaker type	Stereo
Peripherals
		Standard PS/2 Keyboard
			Device Kind	Keyboard
			Device Name	Standard PS/2 Keyboard
			Vendor	(Standard keyboards)
			Location	plugged into keyboard port
				Driver
					Date	6-21-2006
					Version	6.1.7601.17514
					File	C:\Windows\system32\DRIVERS\i8042prt.sys
					File	C:\Windows\system32\DRIVERS\kbdclass.sys
		HID-compliant mouse
			Device Kind	Mouse
			Device Name	HID-compliant mouse
			Vendor	Logitech
			Location	USB Input Device
				Driver
					Date	6-21-2006
					Version	6.1.7600.16385
					File	C:\Windows\system32\DRIVERS\mouhid.sys
					File	C:\Windows\system32\DRIVERS\mouclass.sys
		USB Video Device
			Device Kind	Camera/scanner
			Device Name	USB Video Device
			Vendor	Chicony Electronics Co Ltd
			Comment	1.3M WebCam
			Location	0000.001d.0007.004.000.000.000.000.000
				Driver
					Date	6-21-2006
					Version	6.1.7601.17514
					File	C:\Windows\system32\drivers\usbvideo.sys
		Photosmart 3300 series
			Device Kind	Camera/scanner
			Device Name	Photosmart 3300 series
			Vendor	HP
			Location	ip:10.0.0.4,subnet:10.0.0.0/24
				Driver
					Date	11-10-2006
					Version	8.0.0.1
					File	C:\Windows\system32\DRIVERS\serscan.sys
		Printers
				Fax
					Printer Port	SHRFAX:
					Print Processor	winprint
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	200 * 200 dpi Monochrome
					Status	Unknown
						Driver
							Driver Name	Microsoft Shared Fax Driver (v4.00)
							Driver Path	C:\Windows\system32\spool\DRIVERS\W32X86\3\FXSDRV.DLL
				HP Photosmart 3300 series (Default Printer)
					Printer Port	HP_10.0.0.6_MY65GB40C9045M
					Print Processor	hpzppwn7
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	600 * 600 dpi Color
					Status	Unknown
						Driver
							Driver Name	HP Photosmart 3300 series (v6.00)
							Driver Path	C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
				HP Photosmart 3300 series fax
					Printer Port	HP_10.0.0.6_MY65GB40C9045M
					Print Processor	winprint
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	200 * 200 dpi Color
					Status	Unknown
						Driver
							Driver Name	HP Photosmart 3300 series fax (v6.00)
							Driver Path	C:\Windows\system32\spool\DRIVERS\W32X86\3\unidrv.dll
				Microsoft XPS Document Writer
					Printer Port	XPSPort:
					Print Processor	winprint
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	600 * 600 dpi Color
					Status	Unknown
						Driver
							Driver Name	Microsoft XPS Document Writer (v6.00)
							Driver Path	C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
				Send To OneNote 2007
					Printer Port	Send To Microsoft OneNote Port:
					Print Processor	OneNotePrint2007
					Availability	Always
					Priority	1
					Duplex	None
					Print Quality	300 * 300 dpi Color
					Status	Unknown
						Driver
							Driver Name	Send To Microsoft OneNote Driver (v4.00)
							Driver Path	C:\Windows\system32\spool\DRIVERS\W32X86\3\msonpdrv.dll
Network
	You are connected to the internet
	Connected through	Atheros AR5B95 Wireless Network Adapter
	IP Address	10.0.0.5
	Subnet mask	255.255.255.0
	Gateway server	10.0.0.1
	Preferred DNS server	10.0.0.1
	DHCP	Enabled
	DHCP server	10.0.0.1
	External IP Address	99.142.36.15
	Adapter Type	IEEE 802.11 wireless
	NetBIOS over TCP/IP	Enabled via DHCP
	NETBIOS Node Type	Hybrid node
	Link Speed	0 Bps
		Computer Name
			NetBIOS Name	KMANSTRAVELPAL
			DNS Name	KMansTravelPal
			Membership	Part of workgroup
			Workgroup	WORKGROUP
		Remote Desktop
			Disabled
				Console
					State	Active
					Domain	KMansTravelPal
		WinInet Info
			LAN Connection
			Local system uses a local area network to connect to the Internet
			Local system has RAS to connect to the Internet
		Wi-Fi Info
			Using native Wi-Fi API version	2
			Available access points count	1
				Wi-Fi (doublecross)
					SSID	doublecross
					Frequency	2462000 kHz
					Channel Number	11
					Name	doublecross
					Signal Strength/Quality	100
					Security	Enabled
					State	The interface is connected to a network
					Dot11 Type	Infrastructure BSS network
					Network	Connectible
					Network Flags	Currently Connected to this network
					Cipher Algorithm to be used when joining this network	AES-CCMP algorithm
					Default Auth used to join this network for the first time	802.11i RSNA algorithm that uses PSK
		WinHTTPInfo
			WinHTTPSessionProxyType	No proxy
			Session Proxy
			Session Proxy Bypass
			Connect Retries	5
			Connect Timeout (ms)	60,000
			HTTP Version	HTTP 1.1
			Max Connects Per 1.0 Servers	INFINITE
			Max Connects Per Servers	INFINITE
			Max HTTP automatic redirects	10
			Max HTTP status continue	10
			Send Timeout (ms)	30,000
			IEProxy Auto Detect	No
			IEProxy Auto Config
			IEProxy
			IEProxy Bypass
			Default Proxy Config Access Type	No proxy
			Default Config Proxy
			Default Config Proxy Bypass
		Sharing and Discovery
			Network Discovery	Enabled
			File and Printer Sharing	Disabled
			File and printer sharing service	Enabled
			Simple File Sharing	Enabled
			Administrative Shares	Enabled
			Network access: Sharing and security model for local accounts	Classic - local users authenticate as themselves
		Adapters List
				Atheros AR5B95 Wireless Network Adapter
					IP Address	10.0.0.5
					Subnet mask	255.255.255.0
					Gateway server	10.0.0.1
					MAC Address	78-E4-00-77-05-26
				Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
					IP Address	0.0.0.0
					Subnet mask	0.0.0.0
					Gateway server	0.0.0.0
					MAC Address	00-13-74-00-00-00
		Network Shares
			No network shares
		Current TCP Connections
				C:\Program Files\Internet Explorer\iexplore.exe (4460)
					Local 10.0.0.5:49662	ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49663	ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
				C:\Program Files\Internet Explorer\iexplore.exe (4572)
					Local 10.0.0.5:49665	ESTABLISHED Remote 74.125.193.95:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49659	ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49660	ESTABLISHED Remote 108.171.164.204:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49661	ESTABLISHED Remote 173.194.46.39:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49666	ESTABLISHED Remote 54.230.88.188:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49667	SYN-SENT Remote 54.230.88.188:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49668	ESTABLISHED Remote 54.230.88.188:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49669	ESTABLISHED Remote 54.230.88.188:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49671	ESTABLISHED Remote 54.230.88.188:80 (Querying... ) (HTTP)
				C:\Program Files\Internet Explorer\iexplore.exe (5288)
					Local 10.0.0.5:49591	ESTABLISHED Remote 173.194.46.47:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49592	ESTABLISHED Remote 74.125.225.122:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49593	ESTABLISHED Remote 74.125.225.124:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49601	CLOSE-WAIT Remote 69.171.242.27:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49603	ESTABLISHED Remote 23.61.65.224:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49604	CLOSE-WAIT Remote 23.61.65.224:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49606	ESTABLISHED Remote 74.125.225.123:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49607	ESTABLISHED Remote 23.61.65.224:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49612	ESTABLISHED Remote 207.152.125.128:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49632	CLOSE-WAIT Remote 199.59.150.7:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49634	ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49635	ESTABLISHED Remote 74.125.225.124:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49638	ESTABLISHED Remote 173.194.46.47:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49639	ESTABLISHED Remote 74.125.225.178:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49640	ESTABLISHED Remote 74.125.225.121:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49641	ESTABLISHED Remote 173.194.46.36:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49642	ESTABLISHED Remote 173.194.46.36:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49643	ESTABLISHED Remote 74.125.225.131:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49644	ESTABLISHED Remote 74.125.225.131:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49645	ESTABLISHED Remote 67.228.177.87:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49646	ESTABLISHED Remote 74.125.225.37:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49647	ESTABLISHED Remote 74.125.225.37:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49648	CLOSE-WAIT Remote 173.194.55.73:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49649	CLOSE-WAIT Remote 173.194.55.73:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49629	CLOSE-WAIT Remote 54.230.88.33:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49628	CLOSE-WAIT Remote 54.230.88.33:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49617	CLOSE-WAIT Remote 54.243.163.73:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49616	ESTABLISHED Remote 23.60.79.231:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49566	ESTABLISHED Remote 74.125.193.95:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49573	ESTABLISHED Remote 23.61.65.224:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49575	CLOSE-WAIT Remote 54.230.88.33:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49580	ESTABLISHED Remote 173.194.46.46:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49630	CLOSE-WAIT Remote 54.230.88.33:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49631	ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49613	CLOSE-WAIT Remote 23.61.65.224:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49581	CLOSE-WAIT Remote 23.64.255.139:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49583	ESTABLISHED Remote 74.125.225.109:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49587	ESTABLISHED Remote 74.125.225.121:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49588	ESTABLISHED Remote 173.194.46.34:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49590	ESTABLISHED Remote 173.194.46.34:443 (Querying... ) (HTTPS)
					Local 10.0.0.5:49652	CLOSE-WAIT Remote 173.194.55.73:80 (Querying... ) (HTTP)
				McSvHost.exe (2528)
					Local 10.0.0.5:49658	ESTABLISHED Remote 161.69.13.35:80 (Querying... ) (HTTP)
				RS_Service.exe (2052)
					Local 127.0.0.1:3826	LISTEN
				System Process
					Local 10.0.0.5:49654	TIME-WAIT Remote 199.7.54.72:80 (Querying... ) (HTTP)
					Local 10.0.0.5:49653	TIME-WAIT Remote 199.7.54.72:80 (Querying... ) (HTTP)
				System Process
					Local 0.0.0.0:445 (Windows shares)	LISTEN
					Local 0.0.0.0:5357	LISTEN
					Local 10.0.0.5:139 (NetBIOS session service)	LISTEN
				lsass.exe (740)
					Local 0.0.0.0:49155	LISTEN
				mcshield.exe (2316)
					Local 10.0.0.5:49656	ESTABLISHED Remote 8.21.161.6:443 (Querying... ) (HTTPS)
				services.exe (704)
					Local 0.0.0.0:49156	LISTEN
				svchost.exe (1004)
					Local 0.0.0.0:49153	LISTEN
				svchost.exe (1148)
					Local 0.0.0.0:49154	LISTEN
				svchost.exe (3132)
					Local 0.0.0.0:49157	LISTEN
				svchost.exe (936)
					Local 0.0.0.0:135 (DCE)	LISTEN
				wininit.exe (652)
					Local 0.0.0.0:49152	LISTEN
Generated with Speccy v1.22.536




aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-26 16:21:58
-----------------------------
16:21:58.364 OS Version: Windows 6.1.7601 Service Pack 1
16:21:58.364 Number of processors: 2 586 0x1C0A
16:21:58.379 ComputerName: KMANSTRAVELPAL UserName:
16:22:02.248 Initialize success
16:26:36.568 AVAST engine defs: 13072601
16:26:54.368 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:26:54.383 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
16:26:54.602 Disk 0 MBR read successfully
16:26:54.602 Disk 0 MBR scan
16:26:54.992 Disk 0 Windows 7 default MBR code
16:26:55.023 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13319 MB offset 63
16:26:55.148 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 27278370
16:26:55.241 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 139205 MB offset 27487215
16:26:55.350 Disk 0 scanning sectors +312579760
16:26:55.662 Disk 0 scanning C:\Windows\system32\drivers
16:28:22.055 Service scanning
16:30:44.515 Modules scanning
16:31:09.709 AVAST engine scan C:\Windows
16:31:18.258 AVAST engine scan C:\Windows\system32
16:48:13.820 AVAST engine scan C:\Windows\system32\drivers
16:50:06.982 AVAST engine scan C:\Users\K Man's Travel Pal
19:28:07.952 Disk 0 MBR has been saved successfully to "C:\Users\K Man's Travel Pal\Desktop\MBR.dat"
19:28:08.046 The log file has been saved successfully to "C:\Users\K Man's Travel Pal\Desktop\aswMBR.txt"







ComboFix 13-07-25.02 - K Man's Travel Pal 07/26/2013 19:40:57.3.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.286 [GMT -5:00]
Running from: c:\users\K Man's Travel Pal\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-27 to 2013-07-27 )))))))))))))))))))))))))))))))
.
.
2013-07-27 01:22 . 2013-07-27 01:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-27 01:22 . 2013-07-27 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 21:07 . 2013-07-26 21:07 -------- d-----w- C:\_OTL
2013-07-26 16:09 . 2013-07-26 16:10 -------- d-----w- c:\program files\Speccy
2013-07-12 10:44 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-12 00:52 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 00:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 00:52 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 00:51 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 00:51 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 20:59 . 2013-07-11 21:07 -------- d-----w- C:\1f8db849cf79cb411304c7cc9508fe95
2013-07-11 11:51 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 11:50 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 11:50 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-04 18:15 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-04 18:15 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-04 18:15 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-04 18:15 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-07-04 18:15 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-07-04 18:15 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-07-04 18:15 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-07-04 18:15 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-04 18:15 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-04 18:15 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-07-04 18:13 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-04 18:13 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 18:13 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 18:13 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-04 18:13 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-04 18:13 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-04 18:10 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-07-04 18:10 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-07-04 18:10 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-07-04 18:09 . 2012-05-28 15:28 147472 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 17:46 . 2012-04-12 01:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-04 17:46 . 2011-07-06 10:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-01 01:12 . 2013-05-01 01:12 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 01:12 . 2013-05-01 01:12 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 01:12 . 2013-05-01 01:12 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 01:12 . 2013-05-01 01:11 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 01:11 . 2013-05-01 01:11 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 01:11 . 2013-05-01 01:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 01:11 . 2013-05-01 01:11 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 01:11 . 2013-05-01 01:11 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 01:11 . 2013-05-01 01:11 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 01:11 . 2013-05-01 01:11 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 01:11 . 2013-05-01 01:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 01:11 . 2013-05-01 01:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 01:11 . 2013-05-01 01:11 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 01:11 . 2013-05-01 01:11 361984 ----a-w- c:\windows\system32\html.iec
2013-05-01 01:11 . 2013-05-01 01:11 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 01:11 . 2013-05-01 01:11 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 01:11 . 2013-05-01 01:11 23040 ----a-w- c:\windows\system32\licmgr10.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 515888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^K Man's Travel Pal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-04-23 15:46 715296 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2010-03-11 05:11 407920 ----a-w- c:\program files\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2010-03-11 05:11 201584 ----a-w- c:\program files\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-04-22 17:16 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-23 00:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 02:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-22 17:16 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe]
2013-02-28 18:33 515888 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2010-04-17 05:57 349552 ----a-w- c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-04-22 17:16 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2011-06-12 21:21 206208 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-12 21:54 8546848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-04-17 06:28 337264 ----a-w- c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-12 03:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R3 cpuz136;cpuz136;c:\users\KMAN'S~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [x]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [2010-03-02 82384]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 147472]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2013-02-18 80592]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-12 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-04-03 212432]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 735776]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-03-05 184728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-03-05 184728]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-03-05 184728]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-03-05 184728]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2013-02-28 638976]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-04-03 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-04-03 172416]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-04-03 60920]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-21 68208]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-04-03 363432]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2013-02-18 257496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:46]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 21:10]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 21:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4564)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Completion time: 2013-07-26 20:34:56
ComboFix-quarantined-files.txt 2013-07-27 01:34
.
Pre-Run: 102,136,180,736 bytes free
Post-Run: 103,211,290,624 bytes free
.
- - End Of File - - 297A8EB751A2C10167293DA1C023ABC9
A36C5E4F47E84449FF07ED3517B43A31





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.27.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
K Man's Travel Pal :: KMANSTRAVELPAL [administrator]

7/27/2013 6:07:13 AM
mbam-log-2013-07-27 (06-07-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209676
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





# AdwCleaner v2.306 - Logfile created 08/01/2013 at 19:32:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : K Man's Travel Pal - KMANSTRAVELPAL
# Boot Mode : Normal
# Running from : C:\Users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3129DM4\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Partner Service

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1335 octets] - [01/08/2013 19:32:20]

########## EOF - C:\AdwCleaner[S1].txt - [1395 octets] ##########






# AdwCleaner v2.306 - Logfile created 08/01/2013 at 19:32:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : K Man's Travel Pal - KMANSTRAVELPAL
# Boot Mode : Normal
# Running from : C:\Users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3129DM4\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Partner Service

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1335 octets] - [01/08/2013 19:32:20]

########## EOF - C:\AdwCleaner[S1].txt - [1395 octets] ##########





Farbar Service Scanner Version: 26-07-2013
Ran by K Man's Travel Pal (administrator) on 02-08-2013 at 21:39:45
Running from "C:\Users\K Man's Travel Pal\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 06:51] - [2013-05-26 23:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Thanks for all you help!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
Apparently you were not able to run the Run Fix OTL. Could you tell me what happened? Let's try it again with a very simple fix to just remove the obvious malware:

:OTL
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl

:Commands
[Reboot]

Copy the text in the above code box and then run OTL by Right clicking and Run As Admin. Paste the text into the Custom Scan/Fix box then hit the RUN FIX button.


You have part of McAfee turned off in MSCONFIG:

MsConfig - StartUpReg: mcpltui_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

Don't think that helps it any.

Speccy says the Hard drive is good but it's running a bit warm. 62. Uninstall Speccy. Get speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents).

You have some files missing that are slowing down the boot. Let's see if there are any copies:


Copy the text in the code box:

/md5start
shsvcs.dl
athExt.dll
cdrom.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

If the McAfee scan is still unbearably slow then it may need to be uninstalled and reinstalled.

Download a new copy of McAfee and Save it to your desktop.

Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(You want to reinstall McAfee later so follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot.
Right click on McAfee install program and Run As Admin.

If your McAfee subscription is near the end you might want to cancel it and install the free Avast instead:
Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
  • 0

#7
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Once again, when I try to run the scan on OTL, it freezes up. Uninstalled/installed McAfee--didn't seem to change anything.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
Did both OTL runs fail or just the Run Fix?

Copy the next 4 lines:

attrib -r -h -s "C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"
attrib -r -h -s "C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"
del "C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"
del "C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Close the command window.

Did you get any error messages when doing the above?
  • 0

#9
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I got this log when running OTL:

Error: Unable to interpret <attrib -r -h -s "C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"> in the current context!
Error: Unable to interpret <attrib -r -h -s "C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"> in the current context!
Error: Unable to interpret <del "C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"> in the current context!
Error: Unable to interpret <del "C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl"> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 08042013_104907


but no error messages when I ran the command prompt.

Thanks!
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
You weren't supposed to copy and paste the 4 lines into OTL. Just into the Command Window. Then just run OTL and hit the Quickscan button so I can see if the Commands removed the malware.
  • 0

Advertisements


#11
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hopefully, I didn't screw this one up:

OTL logfile created on: 8/4/2013 11:33:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 385.22 Mb Available Physical Memory | 38.02% Memory free
1.99 Gb Paging File | 1.39 Gb Available in Paging File | 70.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 95.81 Gb Free Space | 70.48% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 11:34:22 | 000,257,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
PRC - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/28 13:33:06 | 000,140,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/08/02 21:59:10 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/15 14:22:52 | 000,287,752 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/03 13:50:34 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/04/03 13:47:22 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/02/28 09:46:46 | 000,638,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KMAN'S~1\AppData\Local\Temp\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KMAN'S~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/03 13:53:24 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/04/03 13:50:44 | 000,212,432 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/04/03 13:48:22 | 000,566,656 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/04/03 13:47:32 | 000,363,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/04/03 13:47:10 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/04/03 13:46:52 | 000,235,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/04/03 13:46:22 | 000,133,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/18 07:46:38 | 000,080,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2013/02/18 07:46:34 | 000,257,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/07/04 14:08:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/08/03 06:51:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/07/04 12:15:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/04 11:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/03 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\Conduit
[2013/08/03 19:50:42 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\SwvUpdater
[2013/07/26 20:31:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/26 19:35:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/26 19:35:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/26 19:35:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/26 19:35:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/26 19:34:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/26 16:07:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/24 05:46:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/11 15:59:27 | 000,000,000 | ---D | C] -- C:\1f8db849cf79cb411304c7cc9508fe95
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/04 16:29:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/04 16:12:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/04 11:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 11:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 11:31:39 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/24 05:46:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/07/12 05:52:13 | 000,351,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/11 16:10:42 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/11 16:10:42 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/26 19:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/26 19:35:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/26 19:35:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/26 19:35:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/26 19:35:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/25 22:34:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\.minecraft
[2013/07/04 12:28:46 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Audacity
[2013/03/15 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2012/02/25 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\MakeMusic
[2013/03/15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2011/08/06 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\WildTangent
[2011/08/30 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
That seemed to work OK. Is it still slow?

Will McAfee still not scan with any speed?
  • 0

#13
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I uninstalled McAfee, and now it won't let me reinstall. I'll try the Avast for now. I get Symantec free at work. Is that program any good?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,023 posts
  • MVP
I am not a big fan of Symantec. Bit of a CPU hog. Go with Avast for now. It's what I use on all my PCs.
  • 0

#15
876Darnoc

876Darnoc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
K-I'll use that for now. Everything seems to be working much better. Thanks for all your help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP