Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE10 sluggish on wife's HP Folio 13 - Need help! - Round 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE10 sluggish on wife's HP Folio 13 - Need help! - Round 2

Unread postby Dave2U » August 24th, 2013, 1:20 pm

Hi There,

Work commitments prevented me from getting back within 72 hours - still need help...

My wife has been using her HP Folio 13 UltraBook for a couple of years now. We have generally kept it up to date with Windows 7 and Office 2010 updates. However, IE10 has become noticeably sluggish over the last several months when opening a browser window to go to a web site. There is a distinct pause of 2-4 seconds and sometimes the browser will hang.

We have been using MS Security Essentials for virus protection and our local area network is behind a WRVS4400N Gigabit Security Wireless Router. MS Security Essentials detected and quarantined a Rogue:JS/FakePAV Trojan on 5/3/2012 at 9:33pm but a full scan of this system today revealed no new malware.

The behaviour indicates there is something on our system and we'd appreciate any help you can offer in tracking it down. Updated DDS.txt file is below:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Shari Wright at 11:09:23.89 on Sat 08/24/2013
Internet Explorer: 9.10.9200.16660
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4041.1831 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shari Wright\Downloads\Malware Removal\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mWinlogon: Userinit=userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SkyDrive] "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
uRunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\SHARIW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\SHARIW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: google.ca
Trusted Zone: google.com
Trusted Zone: jacquielawson.com
Trusted Zone: live.com\login
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com
Trusted Zone: norton.com
Trusted Zone: symantec.com
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
TCP: {3A860B01-5127-41A0-9731-430627BACC4C} = 209.91.107.11 209.121.225.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
mRun-x64: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-10 65640]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe [2013-2-20 611400]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-9 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-9 2425960]
R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-2-9 184320]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2011-9-15 94208]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-9 2656536]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-2-9 26504]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-9-15 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-8-3 8604672]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-9 646248]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257416]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-9-20 50899608]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-4 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-9 339560]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-8-12 280064]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-7-22 199552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-4 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-24 16:27:14 941720 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{38D470A7-F2AF-4299-9D69-BF1E4F59192F}\gapaengine.dll
2013-08-24 16:27:00 9515512 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{DAEC28CE-221D-4E3A-8579-B718358BAD51}\mpengine.dll
2013-08-21 01:23:24 9515512 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-20 02:11:03 -------- d-----w- C:\Program Files (x86)\Belarc
2013-08-18 22:21:30 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{AEE6E5C0-817F-4B04-BD11-01949A7319E9}
2013-08-18 21:36:56 -------- d-----w- C:\Program Files\iPod
2013-08-18 21:36:55 -------- d-----w- C:\Program Files\iTunes
2013-08-18 21:36:55 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-18 21:36:55 -------- d-----w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 21:39:46 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{FB7A18A7-53BB-4793-AD7D-A73605DC7356}
2013-08-15 04:48:14 -------- d-----w- C:\36eb7cfcb217aaa09cc7d4bf6c72cf
2013-08-15 04:47:14 -------- d-----w- C:\Windows\System32\MRT
2013-08-12 22:07:59 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{5CE3E0F8-371E-4EA7-8F77-DA315062F80D}
2013-08-11 21:26:46 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{5BDDA525-1C5D-4BC3-9E2A-9A979CE82C0F}
2013-08-03 01:28:14 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{C9853925-F747-4D8B-8CC2-E39AB9CD094B}
2013-07-31 15:05:22 -------- d-----w- C:\Users\SHARIW~1\AppData\Local\{FA36D8FC-2445-46C5-A3E5-8903B576F4D9}
.
==================== Find3M ====================
.
2013-08-21 19:09:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 19:09:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 11:09:41.33 ===============

For what it's worth, I've run through the second set of instructions provided in my previous post for this issue.

Dave2U
You do not have the required permissions to view the files attached to this post.
Dave2U
Active Member
 
Posts: 7
Joined: July 22nd, 2007, 9:23 am
Location: Calgary
Advertisement
Register to Remove

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby pgmigg » August 24th, 2013, 2:04 pm

Hello Dave2U,

Welcome back to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed

=======================================
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby pgmigg » August 24th, 2013, 2:08 pm

Hello Dave2U,

Thank you for your patience... :)

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before
most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 3.
MiniToolBox
Please download MiniToolBox.exe ... by Farbar and save it to your Desktop.
  1. Right click MiniToolBox and select "Run As Administrator...", to run the tool.
  2. Check the following in the list:
    • Report IE Proxy Settings
    • List content of Hosts
    • List Installed Programs
    • List Restore Points
  3. Press the Go button.
    A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  4. Close the MiniToolBox window.
  5. Please post the contents of the Result.txt in your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of a Result.txt log file after MiniToolBox run
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby Dave2U » August 24th, 2013, 2:30 pm

Hi pgmigg,

Here is the result of my TDSSKiller.exe scan:

10:32:51.0781 4960 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:32:52.0592 4960 ============================================================
10:32:52.0592 4960 Current date / time: 2013/08/24 10:32:52.0592
10:32:52.0592 4960 SystemInfo:
10:32:52.0592 4960
10:32:52.0592 4960 OS Version: 6.1.7601 ServicePack: 1.0
10:32:52.0592 4960 Product type: Workstation
10:32:52.0592 4960 ComputerName: SDWLAP01
10:32:52.0592 4960 UserName: Shari Wright
10:32:52.0592 4960 Windows directory: C:\Windows
10:32:52.0592 4960 System windows directory: C:\Windows
10:32:52.0592 4960 Running under WOW64
10:32:52.0592 4960 Processor architecture: Intel x64
10:32:52.0592 4960 Number of processors: 4
10:32:52.0592 4960 Page size: 0x1000
10:32:52.0592 4960 Boot type: Normal boot
10:32:52.0592 4960 ============================================================
10:32:53.0200 4960 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:53.0216 4960 ============================================================
10:32:53.0216 4960 \Device\Harddisk0\DR0:
10:32:53.0216 4960 MBR partitions:
10:32:53.0216 4960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:32:53.0216 4960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0xD232000
10:32:53.0216 4960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD296000, BlocksNum 0x13B3000
10:32:53.0216 4960 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0xE649800, BlocksNum 0x32800
10:32:53.0216 4960 ============================================================
10:32:53.0216 4960 C: <-> \Device\Harddisk0\DR0\Partition2
10:32:53.0216 4960 D: <-> \Device\Harddisk0\DR0\Partition3
10:32:53.0216 4960 E: <-> \Device\Harddisk0\DR0\Partition4
10:32:53.0216 4960 ============================================================
10:32:53.0216 4960 Initialize success
10:32:53.0216 4960 ============================================================
10:32:59.0066 6808 ============================================================
10:32:59.0066 6808 Scan started
10:32:59.0066 6808 Mode: Manual;
10:32:59.0066 6808 ============================================================
10:32:59.0128 6808 ================ Scan system memory ========================
10:32:59.0128 6808 System memory - ok
10:32:59.0128 6808 ================ Scan services =============================
10:32:59.0175 6808 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:32:59.0175 6808 1394ohci - ok
10:32:59.0175 6808 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:32:59.0191 6808 ACPI - ok
10:32:59.0191 6808 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:32:59.0191 6808 AcpiPmi - ok
10:32:59.0191 6808 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:32:59.0206 6808 AdobeARMservice - ok
10:32:59.0222 6808 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:32:59.0222 6808 AdobeFlashPlayerUpdateSvc - ok
10:32:59.0237 6808 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:32:59.0237 6808 adp94xx - ok
10:32:59.0253 6808 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:32:59.0253 6808 adpahci - ok
10:32:59.0253 6808 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:32:59.0269 6808 adpu320 - ok
10:32:59.0269 6808 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:32:59.0269 6808 AeLookupSvc - ok
10:32:59.0284 6808 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:32:59.0284 6808 AFD - ok
10:32:59.0284 6808 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:32:59.0284 6808 agp440 - ok
10:32:59.0300 6808 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:32:59.0300 6808 ALG - ok
10:32:59.0300 6808 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:32:59.0300 6808 aliide - ok
10:32:59.0315 6808 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:32:59.0315 6808 amdide - ok
10:32:59.0315 6808 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:32:59.0315 6808 AmdK8 - ok
10:32:59.0315 6808 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:32:59.0315 6808 AmdPPM - ok
10:32:59.0331 6808 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:32:59.0331 6808 amdsata - ok
10:32:59.0331 6808 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:32:59.0347 6808 amdsbs - ok
10:32:59.0347 6808 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:32:59.0347 6808 amdxata - ok
10:32:59.0347 6808 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
10:32:59.0362 6808 AMPPAL - ok
10:32:59.0362 6808 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
10:32:59.0362 6808 AMPPALP - ok
10:32:59.0393 6808 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:32:59.0393 6808 AMPPALR3 - ok
10:32:59.0409 6808 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:32:59.0409 6808 AppID - ok
10:32:59.0409 6808 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:32:59.0409 6808 AppIDSvc - ok
10:32:59.0425 6808 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
10:32:59.0425 6808 Appinfo - ok
10:32:59.0425 6808 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:32:59.0425 6808 Apple Mobile Device - ok
10:32:59.0440 6808 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:32:59.0440 6808 AppMgmt - ok
10:32:59.0456 6808 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:32:59.0456 6808 arc - ok
10:32:59.0456 6808 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:32:59.0456 6808 arcsas - ok
10:32:59.0456 6808 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:59.0456 6808 AsyncMac - ok
10:32:59.0471 6808 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:32:59.0471 6808 atapi - ok
10:32:59.0487 6808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:32:59.0487 6808 AudioEndpointBuilder - ok
10:32:59.0503 6808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:32:59.0503 6808 AudioSrv - ok
10:32:59.0503 6808 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:32:59.0518 6808 AxInstSV - ok
10:32:59.0518 6808 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:32:59.0534 6808 b06bdrv - ok
10:32:59.0534 6808 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:32:59.0534 6808 b57nd60a - ok
10:32:59.0565 6808 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:32:59.0581 6808 BCM43XX - ok
10:32:59.0581 6808 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:32:59.0581 6808 BDESVC - ok
10:32:59.0581 6808 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:32:59.0581 6808 Beep - ok
10:32:59.0596 6808 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:32:59.0612 6808 BFE - ok
10:32:59.0627 6808 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:32:59.0627 6808 BITS - ok
10:32:59.0643 6808 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:32:59.0643 6808 blbdrive - ok
10:32:59.0659 6808 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:32:59.0659 6808 Bluetooth Device Monitor - ok
10:32:59.0674 6808 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:32:59.0690 6808 Bluetooth Media Service - ok
10:32:59.0705 6808 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:32:59.0705 6808 Bluetooth OBEX Service - ok
10:32:59.0721 6808 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:32:59.0721 6808 Bonjour Service - ok
10:32:59.0721 6808 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:32:59.0737 6808 bowser - ok
10:32:59.0737 6808 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:32:59.0737 6808 BrFiltLo - ok
10:32:59.0737 6808 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:32:59.0737 6808 BrFiltUp - ok
10:32:59.0752 6808 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:32:59.0752 6808 Browser - ok
10:32:59.0752 6808 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:32:59.0768 6808 Brserid - ok
10:32:59.0768 6808 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:32:59.0768 6808 BrSerWdm - ok
10:32:59.0768 6808 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:32:59.0768 6808 BrUsbMdm - ok
10:32:59.0783 6808 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:32:59.0783 6808 BrUsbSer - ok
10:32:59.0783 6808 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:32:59.0783 6808 BthEnum - ok
10:32:59.0783 6808 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:32:59.0799 6808 BTHMODEM - ok
10:32:59.0799 6808 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:32:59.0799 6808 BthPan - ok
10:32:59.0815 6808 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:32:59.0815 6808 BTHPORT - ok
10:32:59.0815 6808 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:32:59.0830 6808 bthserv - ok
10:32:59.0830 6808 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:32:59.0830 6808 BTHSSecurityMgr - ok
10:32:59.0830 6808 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:32:59.0830 6808 BTHUSB - ok
10:32:59.0846 6808 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\Windows\system32\drivers\btmaud.sys
10:32:59.0846 6808 btmaudio - ok
10:32:59.0846 6808 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
10:32:59.0846 6808 btmaux - ok
10:32:59.0861 6808 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
10:32:59.0861 6808 btmhsf - ok
10:32:59.0877 6808 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:32:59.0877 6808 cdfs - ok
10:32:59.0877 6808 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:32:59.0877 6808 cdrom - ok
10:32:59.0893 6808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:32:59.0893 6808 CertPropSvc - ok
10:32:59.0893 6808 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:32:59.0893 6808 circlass - ok
10:32:59.0908 6808 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:32:59.0908 6808 CLFS - ok
10:32:59.0924 6808 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:32:59.0924 6808 clr_optimization_v2.0.50727_32 - ok
10:32:59.0924 6808 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:32:59.0924 6808 clr_optimization_v2.0.50727_64 - ok
10:32:59.0939 6808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:32:59.0939 6808 clr_optimization_v4.0.30319_32 - ok
10:32:59.0955 6808 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:32:59.0955 6808 clr_optimization_v4.0.30319_64 - ok
10:32:59.0955 6808 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
10:32:59.0955 6808 clwvd - ok
10:32:59.0955 6808 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:32:59.0955 6808 CmBatt - ok
10:32:59.0971 6808 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:32:59.0971 6808 cmdide - ok
10:32:59.0971 6808 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:32:59.0986 6808 CNG - ok
10:32:59.0986 6808 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:32:59.0986 6808 Compbatt - ok
10:32:59.0986 6808 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:32:59.0986 6808 CompositeBus - ok
10:33:00.0002 6808 COMSysApp - ok
10:33:00.0002 6808 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:33:00.0002 6808 crcdisk - ok
10:33:00.0017 6808 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:33:00.0017 6808 CryptSvc - ok
10:33:00.0017 6808 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:33:00.0033 6808 CSC - ok
10:33:00.0049 6808 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:33:00.0049 6808 CscService - ok
10:33:00.0064 6808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:33:00.0064 6808 DcomLaunch - ok
10:33:00.0080 6808 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:33:00.0080 6808 defragsvc - ok
10:33:00.0095 6808 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:33:00.0095 6808 DfsC - ok
10:33:00.0095 6808 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:33:00.0095 6808 Dhcp - ok
10:33:00.0111 6808 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:33:00.0111 6808 discache - ok
10:33:00.0111 6808 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:33:00.0111 6808 Disk - ok
10:33:00.0127 6808 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:33:00.0127 6808 dmvsc - ok
10:33:00.0127 6808 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:33:00.0127 6808 Dnscache - ok
10:33:00.0142 6808 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:33:00.0142 6808 dot3svc - ok
10:33:00.0142 6808 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:33:00.0158 6808 DPS - ok
10:33:00.0158 6808 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:33:00.0158 6808 drmkaud - ok
10:33:00.0173 6808 [ 1A986E433B8EB2375F55961D993746B3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:33:00.0173 6808 DXGKrnl - ok
10:33:00.0189 6808 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:33:00.0189 6808 EapHost - ok
10:33:00.0220 6808 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:33:00.0251 6808 ebdrv - ok
10:33:00.0267 6808 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:33:00.0267 6808 EFS - ok
10:33:00.0283 6808 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:33:00.0283 6808 ehRecvr - ok
10:33:00.0298 6808 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:33:00.0298 6808 ehSched - ok
10:33:00.0298 6808 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:33:00.0314 6808 elxstor - ok
10:33:00.0314 6808 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:33:00.0314 6808 ErrDev - ok
10:33:00.0329 6808 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:33:00.0329 6808 EventSystem - ok
10:33:00.0361 6808 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:33:00.0376 6808 EvtEng - ok
10:33:00.0376 6808 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:33:00.0376 6808 exfat - ok
10:33:00.0392 6808 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:33:00.0392 6808 fastfat - ok
10:33:00.0407 6808 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:33:00.0407 6808 Fax - ok
10:33:00.0423 6808 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:33:00.0423 6808 fdc - ok
10:33:00.0423 6808 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:33:00.0423 6808 fdPHost - ok
10:33:00.0423 6808 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:33:00.0439 6808 FDResPub - ok
10:33:00.0439 6808 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:33:00.0439 6808 FileInfo - ok
10:33:00.0439 6808 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:33:00.0439 6808 Filetrace - ok
10:33:00.0454 6808 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:33:00.0454 6808 flpydisk - ok
10:33:00.0454 6808 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:33:00.0454 6808 FltMgr - ok
10:33:00.0470 6808 [ 5F3982B51A5DF6F7FF5FD3A4CE0BFF5D ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
10:33:00.0470 6808 FLxHCIc - ok
10:33:00.0470 6808 [ 1ACB3F124140A2EAB5A1E36286E37C0D ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
10:33:00.0470 6808 FLxHCIh - ok
10:33:00.0485 6808 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:33:00.0501 6808 FontCache - ok
10:33:00.0517 6808 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:33:00.0517 6808 FontCache3.0.0.0 - ok
10:33:00.0517 6808 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:33:00.0517 6808 FsDepends - ok
10:33:00.0517 6808 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:33:00.0517 6808 Fs_Rec - ok
10:33:00.0532 6808 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:33:00.0532 6808 fvevol - ok
10:33:00.0532 6808 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:33:00.0532 6808 gagp30kx - ok
10:33:00.0548 6808 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:33:00.0548 6808 GEARAspiWDM - ok
10:33:00.0563 6808 [ 1919A85051BBE1470EE24431E019B858 ] GoToAssist Remote Support Customer C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
10:33:00.0563 6808 GoToAssist Remote Support Customer - ok
10:33:00.0579 6808 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:33:00.0595 6808 gpsvc - ok
10:33:00.0595 6808 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:33:00.0595 6808 hcw85cir - ok
10:33:00.0610 6808 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:33:00.0610 6808 HdAudAddService - ok
10:33:00.0610 6808 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:33:00.0610 6808 HDAudBus - ok
10:33:00.0626 6808 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:33:00.0626 6808 HidBatt - ok
10:33:00.0626 6808 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:33:00.0626 6808 HidBth - ok
10:33:00.0626 6808 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:33:00.0641 6808 HidIr - ok
10:33:00.0641 6808 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:33:00.0641 6808 hidserv - ok
10:33:00.0641 6808 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:33:00.0641 6808 HidUsb - ok
10:33:00.0657 6808 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:33:00.0657 6808 hkmsvc - ok
10:33:00.0657 6808 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:33:00.0673 6808 HomeGroupListener - ok
10:33:00.0673 6808 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:33:00.0673 6808 HomeGroupProvider - ok
10:33:00.0688 6808 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:33:00.0688 6808 HP Support Assistant Service - ok
10:33:00.0704 6808 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
10:33:00.0704 6808 HPAuto - ok
10:33:00.0719 6808 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:33:00.0735 6808 hpqwmiex - ok
10:33:00.0735 6808 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:33:00.0735 6808 HpSAMD - ok
10:33:00.0751 6808 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:33:00.0751 6808 HPWMISVC - ok
10:33:00.0751 6808 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:33:00.0766 6808 HTTP - ok
10:33:00.0766 6808 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:33:00.0766 6808 hwpolicy - ok
10:33:00.0782 6808 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:33:00.0782 6808 i8042prt - ok
10:33:00.0797 6808 [ F981817D0BD03EAC4FA60D0B2551A310 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:33:00.0797 6808 iaStor - ok
10:33:00.0797 6808 [ B1CC71046A714E6A6AF0A09EB7E05299 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:33:00.0797 6808 IAStorDataMgrSvc - ok
10:33:00.0813 6808 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:33:00.0813 6808 iaStorV - ok
10:33:00.0813 6808 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:33:00.0813 6808 iBtFltCoex - ok
10:33:00.0844 6808 [ D3090576412EC63E0C6271D8B0974D73 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:33:00.0875 6808 IconMan_R - ok
10:33:00.0891 6808 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:33:00.0907 6808 idsvc - ok
10:33:01.0063 6808 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:33:01.0203 6808 igfx - ok
10:33:01.0203 6808 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:33:01.0219 6808 iirsp - ok
10:33:01.0219 6808 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:33:01.0234 6808 IKEEXT - ok
10:33:01.0234 6808 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
10:33:01.0250 6808 intaud_WaveExtensible - ok
10:33:01.0250 6808 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:33:01.0250 6808 IntcDAud - ok
10:33:01.0265 6808 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:33:01.0265 6808 intelide - ok
10:33:01.0265 6808 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:33:01.0265 6808 intelppm - ok
10:33:01.0265 6808 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:33:01.0281 6808 IPBusEnum - ok
10:33:01.0281 6808 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:01.0281 6808 IpFilterDriver - ok
10:33:01.0297 6808 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:33:01.0297 6808 iphlpsvc - ok
10:33:01.0297 6808 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:33:01.0312 6808 IPMIDRV - ok
10:33:01.0312 6808 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:33:01.0312 6808 IPNAT - ok
10:33:01.0328 6808 [ 78486992AC657AE5065C4A2135838570 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:33:01.0375 6808 iPod Service - ok
10:33:01.0390 6808 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:33:01.0390 6808 IRENUM - ok
10:33:01.0390 6808 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
10:33:01.0390 6808 irstrtdv - ok
10:33:01.0406 6808 [ 9877087146E094D790BB03ECA0FBC445 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
10:33:01.0468 6808 irstrtsv - ok
10:33:01.0468 6808 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:33:01.0468 6808 isapnp - ok
10:33:01.0484 6808 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:33:01.0484 6808 iScsiPrt - ok
10:33:01.0484 6808 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
10:33:01.0484 6808 ISCT - ok
10:33:01.0499 6808 [ 5F6399D3284725385DF0573FBC3F24C8 ] ISCTAgent C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
10:33:01.0546 6808 ISCTAgent - ok
10:33:01.0546 6808 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
10:33:01.0546 6808 iwdbus - ok
10:33:01.0562 6808 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
10:33:01.0593 6808 jhi_service - ok
10:33:01.0593 6808 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:33:01.0609 6808 kbdclass - ok
10:33:01.0609 6808 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:33:01.0609 6808 kbdhid - ok
10:33:01.0609 6808 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:33:01.0609 6808 KeyIso - ok
10:33:01.0624 6808 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:33:01.0624 6808 KSecDD - ok
10:33:01.0624 6808 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:33:01.0624 6808 KSecPkg - ok
10:33:01.0624 6808 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:33:01.0640 6808 ksthunk - ok
10:33:01.0640 6808 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:33:01.0655 6808 KtmRm - ok
10:33:01.0655 6808 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:33:01.0655 6808 LanmanServer - ok
10:33:01.0671 6808 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:33:01.0671 6808 LanmanWorkstation - ok
10:33:01.0671 6808 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:33:01.0671 6808 lltdio - ok
10:33:01.0687 6808 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:33:01.0687 6808 lltdsvc - ok
10:33:01.0687 6808 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:33:01.0702 6808 lmhosts - ok
10:33:01.0702 6808 [ 386FC27B5A07BFFD387CE0581BA8C061 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:33:01.0702 6808 LMS - ok
10:33:01.0718 6808 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:33:01.0718 6808 LSI_FC - ok
10:33:01.0718 6808 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:33:01.0718 6808 LSI_SAS - ok
10:33:01.0733 6808 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:33:01.0733 6808 LSI_SAS2 - ok
10:33:01.0733 6808 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:33:01.0733 6808 LSI_SCSI - ok
10:33:01.0749 6808 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:33:01.0749 6808 luafv - ok
10:33:01.0749 6808 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:33:01.0749 6808 Mcx2Svc - ok
10:33:01.0765 6808 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:33:01.0765 6808 megasas - ok
10:33:01.0765 6808 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:33:01.0780 6808 MegaSR - ok
10:33:01.0780 6808 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:33:01.0780 6808 MEIx64 - ok
10:33:01.0780 6808 Microsoft SharePoint Workspace Audit Service - ok
10:33:01.0796 6808 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:33:01.0796 6808 MMCSS - ok
10:33:01.0796 6808 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:33:01.0796 6808 Modem - ok
10:33:01.0796 6808 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:33:01.0796 6808 monitor - ok
10:33:01.0811 6808 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:33:01.0811 6808 mouclass - ok
10:33:01.0811 6808 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:33:01.0811 6808 mouhid - ok
10:33:01.0827 6808 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:33:01.0827 6808 mountmgr - ok
10:33:01.0827 6808 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:33:01.0827 6808 MpFilter - ok
10:33:01.0843 6808 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:33:01.0843 6808 mpio - ok
10:33:01.0843 6808 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:33:01.0843 6808 mpsdrv - ok
10:33:01.0858 6808 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:33:01.0874 6808 MpsSvc - ok
10:33:01.0874 6808 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:33:01.0889 6808 MRxDAV - ok
10:33:01.0889 6808 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:01.0889 6808 mrxsmb - ok
10:33:01.0905 6808 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:01.0905 6808 mrxsmb10 - ok
10:33:01.0905 6808 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:01.0905 6808 mrxsmb20 - ok
10:33:01.0921 6808 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:33:01.0921 6808 msahci - ok
10:33:01.0921 6808 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:33:01.0921 6808 msdsm - ok
10:33:01.0936 6808 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:33:01.0936 6808 MSDTC - ok
10:33:01.0936 6808 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:33:01.0952 6808 Msfs - ok
10:33:01.0952 6808 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:33:01.0952 6808 mshidkmdf - ok
10:33:01.0952 6808 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:33:01.0952 6808 msisadrv - ok
10:33:01.0967 6808 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:33:01.0967 6808 MSiSCSI - ok
10:33:01.0967 6808 msiserver - ok
10:33:01.0967 6808 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:33:01.0967 6808 MSKSSRV - ok
10:33:01.0983 6808 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:33:01.0983 6808 MsMpSvc - ok
10:33:01.0983 6808 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:33:01.0983 6808 MSPCLOCK - ok
10:33:01.0983 6808 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:33:01.0999 6808 MSPQM - ok
10:33:01.0999 6808 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:33:01.0999 6808 MsRPC - ok
10:33:02.0014 6808 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:33:02.0014 6808 mssmbios - ok
10:33:02.0014 6808 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:33:02.0014 6808 MSTEE - ok
10:33:02.0014 6808 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:33:02.0030 6808 MTConfig - ok
10:33:02.0030 6808 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:33:02.0030 6808 Mup - ok
10:33:02.0045 6808 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:33:02.0045 6808 MyWiFiDHCPDNS - ok
10:33:02.0045 6808 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:33:02.0061 6808 napagent - ok
10:33:02.0061 6808 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:33:02.0077 6808 NativeWifiP - ok
10:33:02.0092 6808 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:33:02.0092 6808 NDIS - ok
10:33:02.0108 6808 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:33:02.0108 6808 NdisCap - ok
10:33:02.0108 6808 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:33:02.0108 6808 NdisTapi - ok
10:33:02.0108 6808 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:33:02.0123 6808 Ndisuio - ok
10:33:02.0123 6808 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:33:02.0123 6808 NdisWan - ok
10:33:02.0123 6808 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:33:02.0139 6808 NDProxy - ok
10:33:02.0139 6808 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:33:02.0139 6808 NetBIOS - ok
10:33:02.0139 6808 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:33:02.0155 6808 NetBT - ok
10:33:02.0155 6808 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:33:02.0155 6808 Netlogon - ok
10:33:02.0170 6808 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:33:02.0170 6808 Netman - ok
10:33:02.0186 6808 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:33:02.0186 6808 netprofm - ok
10:33:02.0186 6808 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:33:02.0186 6808 NetTcpPortSharing - ok
10:33:02.0295 6808 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:33:02.0404 6808 NETwNs64 - ok
10:33:02.0420 6808 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:33:02.0420 6808 nfrd960 - ok
10:33:02.0420 6808 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:33:02.0435 6808 NisDrv - ok
10:33:02.0435 6808 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:33:02.0435 6808 NisSrv - ok
10:33:02.0451 6808 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:33:02.0451 6808 NlaSvc - ok
10:33:02.0451 6808 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:33:02.0467 6808 Npfs - ok
10:33:02.0467 6808 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:33:02.0467 6808 nsi - ok
10:33:02.0467 6808 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:33:02.0467 6808 nsiproxy - ok
10:33:02.0498 6808 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:33:02.0513 6808 Ntfs - ok
10:33:02.0513 6808 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:33:02.0513 6808 Null - ok
10:33:02.0529 6808 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
10:33:02.0529 6808 NVENETFD - ok
10:33:02.0545 6808 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:33:02.0545 6808 nvraid - ok
10:33:02.0545 6808 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:33:02.0560 6808 nvstor - ok
10:33:02.0560 6808 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:33:02.0560 6808 nv_agp - ok
10:33:02.0560 6808 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:33:02.0576 6808 ohci1394 - ok
10:33:02.0576 6808 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:33:02.0576 6808 ose64 - ok
10:33:02.0638 6808 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:33:02.0685 6808 osppsvc - ok
10:33:02.0701 6808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:33:02.0701 6808 p2pimsvc - ok
10:33:02.0716 6808 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:33:02.0716 6808 p2psvc - ok
10:33:02.0732 6808 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:33:02.0732 6808 Parport - ok
10:33:02.0732 6808 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:33:02.0732 6808 partmgr - ok
10:33:02.0747 6808 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:33:02.0747 6808 PcaSvc - ok
10:33:02.0747 6808 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:33:02.0747 6808 pci - ok
10:33:02.0763 6808 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:33:02.0763 6808 pciide - ok
10:33:02.0763 6808 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:33:02.0763 6808 pcmcia - ok
10:33:02.0779 6808 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:33:02.0779 6808 pcw - ok
10:33:02.0794 6808 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:33:02.0794 6808 PEAUTH - ok
10:33:02.0810 6808 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:33:02.0825 6808 PeerDistSvc - ok
10:33:02.0841 6808 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:33:02.0841 6808 PerfHost - ok
10:33:02.0857 6808 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:33:02.0888 6808 pla - ok
10:33:02.0888 6808 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:33:02.0903 6808 PlugPlay - ok
10:33:02.0903 6808 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:33:02.0903 6808 PNRPAutoReg - ok
10:33:02.0903 6808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:33:02.0919 6808 PNRPsvc - ok
10:33:02.0919 6808 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
10:33:02.0919 6808 Point64 - ok
10:33:02.0935 6808 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:33:02.0935 6808 PolicyAgent - ok
10:33:02.0950 6808 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:33:02.0950 6808 Power - ok
10:33:02.0950 6808 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:33:02.0950 6808 PptpMiniport - ok
10:33:02.0966 6808 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:33:02.0966 6808 Processor - ok
10:33:02.0966 6808 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:33:02.0981 6808 ProfSvc - ok
10:33:02.0981 6808 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:33:02.0981 6808 ProtectedStorage - ok
10:33:02.0981 6808 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:33:02.0981 6808 Psched - ok
10:33:03.0013 6808 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:33:03.0028 6808 ql2300 - ok
10:33:03.0028 6808 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:33:03.0044 6808 ql40xx - ok
10:33:03.0044 6808 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:33:03.0044 6808 QWAVE - ok
10:33:03.0059 6808 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:33:03.0059 6808 QWAVEdrv - ok
10:33:03.0059 6808 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:33:03.0059 6808 RasAcd - ok
10:33:03.0059 6808 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:33:03.0075 6808 RasAgileVpn - ok
10:33:03.0075 6808 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:33:03.0075 6808 RasAuto - ok
10:33:03.0075 6808 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:33:03.0091 6808 Rasl2tp - ok
10:33:03.0091 6808 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:33:03.0091 6808 RasMan - ok
10:33:03.0106 6808 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:33:03.0106 6808 RasPppoe - ok
10:33:03.0106 6808 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:33:03.0106 6808 RasSstp - ok
10:33:03.0122 6808 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:33:03.0122 6808 rdbss - ok
10:33:03.0122 6808 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:33:03.0122 6808 rdpbus - ok
10:33:03.0137 6808 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:33:03.0137 6808 RDPCDD - ok
10:33:03.0137 6808 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:33:03.0137 6808 RDPDR - ok
10:33:03.0153 6808 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:33:03.0153 6808 RDPENCDD - ok
10:33:03.0153 6808 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:33:03.0153 6808 RDPREFMP - ok
10:33:03.0169 6808 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:33:03.0169 6808 RdpVideoMiniport - ok
10:33:03.0169 6808 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:33:03.0169 6808 RDPWD - ok
10:33:03.0184 6808 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:33:03.0184 6808 rdyboost - ok
10:33:03.0200 6808 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:33:03.0215 6808 RegSrvc - ok
10:33:03.0215 6808 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:33:03.0215 6808 RemoteAccess - ok
10:33:03.0215 6808 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:33:03.0231 6808 RemoteRegistry - ok
10:33:03.0231 6808 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:33:03.0231 6808 RFCOMM - ok
10:33:03.0247 6808 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:33:03.0247 6808 RpcEptMapper - ok
10:33:03.0247 6808 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:33:03.0247 6808 RpcLocator - ok
10:33:03.0262 6808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:33:03.0262 6808 RpcSs - ok
10:33:03.0278 6808 [ AFD66FA973FBCD23BCD00B54CA5ABF61 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:33:03.0278 6808 RSPCIESTOR - ok
10:33:03.0278 6808 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:33:03.0278 6808 rspndr - ok
10:33:03.0293 6808 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:33:03.0293 6808 RTL8167 - ok
10:33:03.0293 6808 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:33:03.0309 6808 s3cap - ok
10:33:03.0309 6808 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:33:03.0309 6808 SamSs - ok
10:33:03.0309 6808 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:33:03.0309 6808 sbp2port - ok
10:33:03.0325 6808 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:33:03.0325 6808 SCardSvr - ok
10:33:03.0325 6808 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:33:03.0340 6808 scfilter - ok
10:33:03.0356 6808 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:33:03.0356 6808 Schedule - ok
10:33:03.0371 6808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:33:03.0371 6808 SCPolicySvc - ok
10:33:03.0371 6808 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:33:03.0371 6808 sdbus - ok
10:33:03.0387 6808 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:33:03.0387 6808 SDRSVC - ok
10:33:03.0387 6808 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:33:03.0387 6808 secdrv - ok
10:33:03.0403 6808 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:33:03.0403 6808 seclogon - ok
10:33:03.0403 6808 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:33:03.0403 6808 SENS - ok
10:33:03.0403 6808 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:33:03.0418 6808 SensrSvc - ok
10:33:03.0418 6808 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:33:03.0418 6808 Serenum - ok
10:33:03.0418 6808 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:33:03.0434 6808 Serial - ok
10:33:03.0434 6808 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:33:03.0434 6808 sermouse - ok
10:33:03.0449 6808 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:33:03.0449 6808 SessionEnv - ok
10:33:03.0449 6808 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:33:03.0449 6808 sffdisk - ok
10:33:03.0449 6808 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:33:03.0465 6808 sffp_mmc - ok
10:33:03.0465 6808 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:33:03.0465 6808 sffp_sd - ok
10:33:03.0465 6808 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:33:03.0465 6808 sfloppy - ok
10:33:03.0481 6808 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:33:03.0481 6808 SharedAccess - ok
10:33:03.0496 6808 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:33:03.0496 6808 ShellHWDetection - ok
10:33:03.0496 6808 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:33:03.0496 6808 SiSRaid2 - ok
10:33:03.0512 6808 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:33:03.0512 6808 SiSRaid4 - ok
10:33:03.0512 6808 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:33:03.0527 6808 SkypeUpdate - ok
10:33:03.0527 6808 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:33:03.0527 6808 Smb - ok
10:33:03.0543 6808 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:33:03.0543 6808 SNMPTRAP - ok
10:33:03.0543 6808 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:33:03.0543 6808 spldr - ok
10:33:03.0559 6808 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:33:03.0559 6808 Spooler - ok
10:33:03.0605 6808 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:33:03.0637 6808 sppsvc - ok
10:33:03.0652 6808 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:33:03.0652 6808 sppuinotify - ok
10:33:03.0668 6808 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:33:03.0668 6808 srv - ok
10:33:03.0683 6808 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:33:03.0683 6808 srv2 - ok
10:33:03.0683 6808 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:33:03.0699 6808 SrvHsfHDA - ok
10:33:03.0715 6808 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:33:03.0730 6808 SrvHsfV92 - ok
10:33:03.0746 6808 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:33:03.0746 6808 SrvHsfWinac - ok
10:33:03.0761 6808 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:33:03.0761 6808 srvnet - ok
10:33:03.0777 6808 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:33:03.0777 6808 SSDPSRV - ok
10:33:03.0777 6808 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:33:03.0777 6808 SstpSvc - ok
10:33:03.0793 6808 [ F5F2592EAF991348D655C482BCFD2B12 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:33:03.0808 6808 STacSV - ok
10:33:03.0808 6808 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:33:03.0808 6808 stexstor - ok
10:33:03.0824 6808 [ DCF0D5DB91B09FC456225352CDFD7DE7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:33:03.0824 6808 STHDA - ok
10:33:03.0839 6808 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:33:03.0839 6808 stisvc - ok
10:33:03.0855 6808 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:33:03.0855 6808 storflt - ok
10:33:03.0855 6808 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:33:03.0855 6808 StorSvc - ok
10:33:03.0871 6808 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:33:03.0871 6808 storvsc - ok
10:33:03.0871 6808 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:33:03.0871 6808 swenum - ok
10:33:03.0886 6808 [ C03779EC476F8F30A9CFCDE046BA6B28 ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
10:33:03.0886 6808 swmsflt - ok
10:33:03.0886 6808 [ 773A241E354DAAECFD0E716462C9BA43 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
10:33:03.0886 6808 SWNC8UA3 - ok
10:33:03.0902 6808 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:33:03.0917 6808 swprv - ok
10:33:03.0917 6808 SWUMX20 - ok
10:33:03.0917 6808 [ 6149B0691BEB390A0BDA3A8E90787FD4 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
10:33:03.0933 6808 SWUMXA3 - ok
10:33:03.0933 6808 [ 57B534A913E81E7CF91C3D5854D2F80E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:33:03.0933 6808 SynTP - ok
10:33:03.0964 6808 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:33:03.0980 6808 SysMain - ok
10:33:03.0995 6808 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:33:03.0995 6808 TabletInputService - ok
10:33:03.0995 6808 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:33:04.0011 6808 TapiSrv - ok
10:33:04.0011 6808 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:33:04.0011 6808 TBS - ok
10:33:04.0042 6808 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:33:04.0058 6808 Tcpip - ok
10:33:04.0089 6808 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:33:04.0089 6808 TCPIP6 - ok
10:33:04.0105 6808 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:33:04.0105 6808 tcpipreg - ok
10:33:04.0105 6808 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:33:04.0120 6808 TDPIPE - ok
10:33:04.0120 6808 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:33:04.0120 6808 TDTCP - ok
10:33:04.0120 6808 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:33:04.0120 6808 tdx - ok
10:33:04.0136 6808 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:33:04.0136 6808 TermDD - ok
10:33:04.0151 6808 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:33:04.0151 6808 TermService - ok
10:33:04.0151 6808 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:33:04.0167 6808 Themes - ok
10:33:04.0167 6808 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:33:04.0167 6808 THREADORDER - ok
10:33:04.0167 6808 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:33:04.0167 6808 TPM - ok
10:33:04.0183 6808 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:33:04.0183 6808 TrkWks - ok
10:33:04.0183 6808 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:33:04.0198 6808 TrustedInstaller - ok
10:33:04.0198 6808 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:33:04.0198 6808 tssecsrv - ok
10:33:04.0198 6808 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:33:04.0214 6808 TsUsbFlt - ok
10:33:04.0214 6808 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:33:04.0214 6808 TsUsbGD - ok
10:33:04.0214 6808 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:33:04.0214 6808 tunnel - ok
10:33:04.0229 6808 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:33:04.0229 6808 uagp35 - ok
10:33:04.0229 6808 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:33:04.0245 6808 udfs - ok
10:33:04.0245 6808 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:33:04.0245 6808 UI0Detect - ok
10:33:04.0261 6808 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:33:04.0261 6808 uliagpkx - ok
10:33:04.0261 6808 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:33:04.0261 6808 umbus - ok
10:33:04.0276 6808 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:33:04.0276 6808 UmPass - ok
10:33:04.0276 6808 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:33:04.0276 6808 UmRdpService - ok
10:33:04.0323 6808 [ B1719E9B50C48512FB51A0CC94DB5879 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:33:04.0339 6808 UNS - ok
10:33:04.0354 6808 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:33:04.0354 6808 upnphost - ok
10:33:04.0370 6808 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:33:04.0370 6808 USBAAPL64 - ok
10:33:04.0370 6808 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:33:04.0370 6808 usbccgp - ok
10:33:04.0385 6808 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:33:04.0385 6808 usbcir - ok
10:33:04.0385 6808 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:33:04.0385 6808 usbehci - ok
10:33:04.0401 6808 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
10:33:04.0401 6808 usbhub - ok
10:33:04.0401 6808 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:33:04.0401 6808 usbohci - ok
10:33:04.0417 6808 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:33:04.0417 6808 usbprint - ok
10:33:04.0417 6808 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:33:04.0417 6808 USBSTOR - ok
10:33:04.0432 6808 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:33:04.0432 6808 usbuhci - ok
10:33:04.0432 6808 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:33:04.0432 6808 usbvideo - ok
10:33:04.0448 6808 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:33:04.0448 6808 UxSms - ok
10:33:04.0448 6808 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:33:04.0448 6808 VaultSvc - ok
10:33:04.0448 6808 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:33:04.0448 6808 vdrvroot - ok
10:33:04.0463 6808 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:33:04.0479 6808 vds - ok
10:33:04.0479 6808 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:33:04.0479 6808 vga - ok
10:33:04.0479 6808 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:33:04.0479 6808 VgaSave - ok
10:33:04.0495 6808 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:33:04.0495 6808 vhdmp - ok
10:33:04.0495 6808 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:33:04.0495 6808 viaide - ok
10:33:04.0510 6808 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:33:04.0510 6808 vmbus - ok
10:33:04.0510 6808 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:33:04.0510 6808 VMBusHID - ok
10:33:04.0526 6808 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:33:04.0526 6808 volmgr - ok
10:33:04.0526 6808 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:33:04.0541 6808 volmgrx - ok
10:33:04.0541 6808 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:33:04.0541 6808 volsnap - ok
10:33:04.0557 6808 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:33:04.0557 6808 vsmraid - ok
10:33:04.0573 6808 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:33:04.0604 6808 VSS - ok
10:33:04.0604 6808 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:33:04.0604 6808 vwifibus - ok
10:33:04.0604 6808 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:33:04.0604 6808 vwififlt - ok
10:33:04.0619 6808 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:33:04.0619 6808 vwifimp - ok
10:33:04.0619 6808 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:33:04.0635 6808 W32Time - ok
10:33:04.0635 6808 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:33:04.0635 6808 WacomPen - ok
10:33:04.0651 6808 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:33:04.0651 6808 WANARP - ok
10:33:04.0651 6808 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:33:04.0651 6808 Wanarpv6 - ok
10:33:04.0666 6808 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:33:04.0682 6808 WatAdminSvc - ok
10:33:04.0713 6808 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:33:04.0729 6808 wbengine - ok
10:33:04.0744 6808 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:33:04.0744 6808 WbioSrvc - ok
10:33:04.0744 6808 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:33:04.0760 6808 wcncsvc - ok
10:33:04.0760 6808 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:33:04.0760 6808 WcsPlugInService - ok
10:33:04.0775 6808 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:33:04.0775 6808 Wd - ok
10:33:04.0775 6808 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:33:04.0791 6808 Wdf01000 - ok
10:33:04.0791 6808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:33:04.0807 6808 WdiServiceHost - ok
10:33:04.0807 6808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:33:04.0807 6808 WdiSystemHost - ok
10:33:04.0807 6808 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:33:04.0822 6808 WebClient - ok
10:33:04.0822 6808 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:33:04.0822 6808 Wecsvc - ok
10:33:04.0838 6808 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:33:04.0838 6808 wercplsupport - ok
10:33:04.0838 6808 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:33:04.0853 6808 WerSvc - ok
10:33:04.0853 6808 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:33:04.0853 6808 WfpLwf - ok
10:33:04.0853 6808 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:33:04.0853 6808 WIMMount - ok
10:33:04.0869 6808 WinDefend - ok
10:33:04.0869 6808 WinHttpAutoProxySvc - ok
10:33:04.0885 6808 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:33:04.0885 6808 Winmgmt - ok
10:33:04.0900 6808 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:33:04.0931 6808 WinRM - ok
10:33:04.0947 6808 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:33:04.0947 6808 WinUsb - ok
10:33:04.0963 6808 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:33:04.0963 6808 Wlansvc - ok
10:33:04.0978 6808 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:33:04.0978 6808 wlcrasvc - ok
10:33:05.0009 6808 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:33:05.0025 6808 wlidsvc - ok
10:33:05.0041 6808 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:33:05.0041 6808 WmiAcpi - ok
10:33:05.0041 6808 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:33:05.0056 6808 wmiApSrv - ok
10:33:05.0056 6808 WMPNetworkSvc - ok
10:33:05.0056 6808 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:33:05.0056 6808 WPCSvc - ok
10:33:05.0072 6808 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:33:05.0072 6808 WPDBusEnum - ok
10:33:05.0072 6808 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:33:05.0072 6808 ws2ifsl - ok
10:33:05.0087 6808 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:33:05.0087 6808 wscsvc - ok
10:33:05.0087 6808 WSearch - ok
10:33:05.0119 6808 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:33:05.0150 6808 wuauserv - ok
10:33:05.0165 6808 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:33:05.0165 6808 WudfPf - ok
10:33:05.0165 6808 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:05.0165 6808 WUDFRd - ok
10:33:05.0181 6808 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:33:05.0181 6808 wudfsvc - ok
10:33:05.0181 6808 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:33:05.0197 6808 WwanSvc - ok
10:33:05.0212 6808 ================ Scan global ===============================
10:33:05.0212 6808 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:33:05.0212 6808 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:33:05.0228 6808 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:33:05.0228 6808 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:33:05.0243 6808 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:33:05.0243 6808 [Global] - ok
10:33:05.0243 6808 ================ Scan MBR ==================================
10:33:05.0259 6808 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:33:05.0353 6808 \Device\Harddisk0\DR0 - ok
10:33:05.0353 6808 ================ Scan VBR ==================================
10:33:05.0353 6808 [ 1E9D4098A147C658CEEB430D430B7D0A ] \Device\Harddisk0\DR0\Partition1
10:33:05.0353 6808 \Device\Harddisk0\DR0\Partition1 - ok
10:33:05.0353 6808 [ BB31436FF4C49C4A34A8F9DD7C88EAC2 ] \Device\Harddisk0\DR0\Partition2
10:33:05.0368 6808 \Device\Harddisk0\DR0\Partition2 - ok
10:33:05.0368 6808 [ D93E1930A7372543B351F881A67DF1F1 ] \Device\Harddisk0\DR0\Partition3
10:33:05.0368 6808 \Device\Harddisk0\DR0\Partition3 - ok
10:33:05.0368 6808 [ C1ACB4675C140C6F42B91AFF21BAA0AC ] \Device\Harddisk0\DR0\Partition4
10:33:05.0368 6808 \Device\Harddisk0\DR0\Partition4 - ok
10:33:05.0384 6808 ============================================================
10:33:05.0384 6808 Scan finished
10:33:05.0384 6808 ============================================================
10:33:05.0384 3252 Detected object count: 0
10:33:05.0384 3252 Actual detected object count: 0
10:33:15.0321 6824 Deinitialize success

Here is the result of my MiniToolBox.exe scan:

MiniToolBox by Farbar Version: 13-07-2013
Ran by Shari Wright (administrator) on 24-08-2013 at 10:35:43
Running from "C:\Users\Shari Wright\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================




=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Belarc Advisor 8.3 (Version: 8.3.2.0)
Bonjour (Version: 3.0.0.10)
CyberLink YouCam (Version: 3.5.0.4606)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
ESU for Microsoft Windows 7 SP1 (Version: 3.1.4)
Evernote v. 4.2.3 (Version: 4.2.3.22)
Fresco Logic USB3.0 Host Controller (Version: 3.5.12.0)
GoToAssist Customer 1.6.0.498 (Version: 1.6.0.498)
HP Auto (Version: 1.0.12935.3667)
HP CoolSense (Version: 2.10.42)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.0.0)
HP On Screen Display (Version: 1.3.5)
HP Quick Launch (Version: 2.6.3)
HP Recovery Manager (Version: 2.0.0)
HP Setup (Version: 9.0.15109.3899)
HP Software Framework (Version: 4.5.4.1)
HP Support Assistant (Version: 7.0.39.15)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6370.0)
Intel PROSet Wireless
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2509)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.2.1.0608)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.2.0000)
Intel(R) Rapid Start Technology (Version: 1.0.0.1008)
Intel(R) Rapid Storage Technology (Version: 10.6.2.1001)
Intel(R) Smart Connect Technology 1.0 (Version: 1.0.717.0)
Intel(R) WiDi (Version: 2.1.42.0)
Intel(R) Wireless Display
iTunes (Version: 11.0.5.5)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
opensource (Version: 1.0.14960.3876)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.86)
Sierra Wireless 3G Watcher (Version: 5.0.2341.4602)
Skype™ 5.10 (Version: 5.10.116)
swMSM (Version: 12.0.0.1)
Synaptics ClickPad Driver (Version: 15.3.26.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VIP Access SDK (1.0.1.2) (Version: 1.0.1.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
========================= Restore Points ==================================

11-08-2013 17:36:51 Windows Update
15-08-2013 04:46:46 Windows Update
16-08-2013 01:58:27 Windows Update
16-08-2013 03:00:57 Windows Update
19-08-2013 23:59:40 Windows Update
24-08-2013 16:26:50 Windows Update
24-08-2013 16:30:52 pgmigg

**** End of log ****

Dave2U
Dave2U
Active Member
 
Posts: 7
Joined: July 22nd, 2007, 9:23 am
Location: Calgary

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby Dave2U » August 24th, 2013, 2:31 pm

Hi pgmigg,

Here are the results of my OTL Scan:

Results:
OTL logfile created on: 8/24/2013 10:50:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shari Wright\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.74% Memory free
7.89 Gb Paging File | 6.02 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105.10 Gb Total Space | 41.21 Gb Free Space | 39.21% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.15 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive E: | 97.00 Mb Total Space | 81.45 Mb Free Space | 83.97% Space Free | Partition Type: FAT32

Computer Name: SDWLAP01 | User Name: Shari Wright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/24 10:36:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shari Wright\Desktop\OTL.exe
PRC - [2013/08/14 13:45:00 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/02/20 16:51:08 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
PRC - [2013/02/20 16:51:08 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
PRC - [2013/02/20 16:51:08 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
PRC - [2013/02/20 16:51:08 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 13:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/10/06 21:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/15 16:29:04 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTHIDMonitor.exe
PRC - [2011/09/15 16:29:02 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
PRC - [2011/08/26 16:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/08/23 23:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/09 11:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/09 11:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/07/06 19:24:26 | 000,184,320 | R--- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2009/09/25 13:59:10 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
PRC - [2009/09/21 18:49:04 | 000,562,456 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/15 16:29:04 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTHIDMonitor.exe
MOD - [2009/09/21 18:46:02 | 000,242,968 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/10/23 07:50:28 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/08/31 20:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/21 13:09:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/20 16:51:08 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/09/15 16:29:02 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2011/08/31 07:11:40 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/08/23 23:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/09 11:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/09 11:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/06 19:24:26 | 000,184,320 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/08 02:52:06 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2012/11/08 02:42:06 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/20 12:17:10 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/20 12:17:10 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/24 01:47:28 | 000,339,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/10/23 07:50:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/03 01:34:04 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/29 03:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/09/15 16:20:52 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2011/09/01 05:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/29 18:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/23 23:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/05 14:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 14:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/15 17:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/20 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/08/12 15:52:54 | 000,280,064 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2009/07/22 16:47:06 | 000,199,552 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/14 15:20:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/7
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes,DefaultScope = {32CDC89A-5F52-4CD3-9BD4-C2295B9FE07C}
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{32CDC89A-5F52-4CD3-9BD4-C2295B9FE07C}: "URL" = http://www.google.ca/#hl=en&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=dbf67162ec385000
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={57B2A9C2-BD18-4D6D-BF31-EBF9312AA1C5}&mid=08995a4c3d2acd16ccebdaa786d6909b-221a3ee27185ab2114bc04e8d5749f187f260cf0&lang=us&ds=AVG&pr=fr&d=2011-12-12 07:29:31&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=1
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{C5744510-7A24-476D-B57A-8EB97830FD95}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\Run: [SkyDrive] C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001..\RunOnce: [Uninstall C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shari Wright\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - Startup: C:\Users\Shari Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = File not found
O4 - Startup: C:\Users\Shari Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: google.ca ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: google.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: jacquielawson.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: live.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: macromedia.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: norton.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: norton.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: symantec.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: symantec.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.133 64.59.128.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A860B01-5127-41A0-9731-430627BACC4C}: NameServer = 209.91.107.11 209.121.225.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B7D6DB8-6192-4DCC-9FF5-ACC3701FE511}: DhcpNameServer = 64.59.135.133 64.59.128.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9F6FFFB-FD86-4014-A05A-DE8E21729101}: DhcpNameServer = 64.59.135.133 64.59.128.120
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2608e78-6bc8-11e1-8136-4ceb421e1495}\Shell - "" = AutoRun
O33 - MountPoints2\{d2608e78-6bc8-11e1-8136-4ceb421e1495}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/24 10:36:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shari Wright\Desktop\OTL.exe
[2013/08/24 10:34:13 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Shari Wright\Desktop\MiniToolBox.exe
[2013/08/24 10:31:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shari Wright\Desktop\tdsskiller.exe
[2013/08/19 20:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013/08/18 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{AEE6E5C0-817F-4B04-BD11-01949A7319E9}
[2013/08/18 15:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/18 15:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/18 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/18 15:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/08/18 15:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/08/17 15:39:46 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{FB7A18A7-53BB-4793-AD7D-A73605DC7356}
[2013/08/15 21:03:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 21:03:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 21:03:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 21:03:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 21:03:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 21:03:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 21:03:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 21:03:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 21:03:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 21:03:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 21:03:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 21:03:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 21:03:54 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/15 21:03:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 21:03:54 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 22:48:14 | 000,000,000 | ---D | C] -- C:\36eb7cfcb217aaa09cc7d4bf6c72cf
[2013/08/14 22:47:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 10:28:23 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 10:28:23 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 10:28:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 10:28:16 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 10:28:16 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 10:28:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 10:28:15 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 10:28:15 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 10:28:14 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 10:28:14 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 10:28:14 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 10:28:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 10:28:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 10:28:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 10:28:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 10:28:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/12 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{5CE3E0F8-371E-4EA7-8F77-DA315062F80D}
[2013/08/12 16:00:17 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\Documents\Bank of Nova Scotia
[2013/08/11 15:26:46 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{5BDDA525-1C5D-4BC3-9E2A-9A979CE82C0F}
[2013/08/02 19:28:14 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{C9853925-F747-4D8B-8CC2-E39AB9CD094B}
[2013/07/31 09:05:22 | 000,000,000 | ---D | C] -- C:\Users\Shari Wright\AppData\Local\{FA36D8FC-2445-46C5-A3E5-8903B576F4D9}

========== Files - Modified Within 30 Days ==========

[2013/08/24 10:37:41 | 000,035,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 10:37:41 | 000,035,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 10:36:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shari Wright\Desktop\OTL.exe
[2013/08/24 10:34:13 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Shari Wright\Desktop\MiniToolBox.exe
[2013/08/24 10:31:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shari Wright\Desktop\tdsskiller.exe
[2013/08/24 10:23:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/24 10:23:38 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/24 10:23:38 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/24 10:16:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/24 10:16:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 13:48:46 | 000,000,584 | ---- | M] () -- C:\Users\Shari Wright\Desktop\Tennis - ATP World Tour - Home.website
[2013/08/21 13:09:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 13:09:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/19 20:11:04 | 000,002,144 | ---- | M] () -- C:\Users\Shari Wright\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/19 20:11:04 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/18 15:37:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/16 10:50:08 | 000,000,409 | ---- | M] () -- C:\Users\Shari Wright\Desktop\Pinterest.website
[2013/08/09 20:17:16 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSDWLAP01$.job
[2013/07/25 23:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/25 23:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/25 23:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 23:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/25 23:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/25 23:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/25 23:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/25 23:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/25 21:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/25 21:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/25 21:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/25 21:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/25 21:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/25 20:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 19:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

========== Files Created - No Company Name ==========

[2013/08/19 20:11:04 | 000,002,144 | ---- | C] () -- C:\Users\Shari Wright\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/19 20:11:04 | 000,002,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/08/19 20:11:04 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/18 15:37:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/14 22:09:29 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/01/01 15:23:18 | 000,110,456 | ---- | C] () -- C:\Users\Shari Wright\g2ax_customer_downloadhelper_win32_x86.exe
[2011/12/20 12:28:56 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/01 05:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/01 05:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/01 05:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/09/01 05:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/09/01 05:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010/07/25 12:07:40 | 000,000,164 | ---- | C] () -- C:\Users\Shari Wright\default.pls
[2010/04/19 23:25:03 | 000,001,024 | ---- | C] () -- C:\Users\Shari Wright\.rnd

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/20 10:22:15 | 000,000,000 | ---D | M] -- C:\Users\Admin01_STS\AppData\Roaming\Sierra Wireless
[2012/03/06 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Admin01_STS\AppData\Roaming\Synaptics
[2012/06/19 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\Dave Fulton\AppData\Roaming\Sierra Wireless
[2012/03/08 13:04:54 | 000,000,000 | ---D | M] -- C:\Users\Dave Fulton\AppData\Roaming\Synaptics
[2012/04/20 10:28:58 | 000,000,000 | ---D | M] -- C:\Users\Shari Wright\AppData\Roaming\Sierra Wireless
[2012/03/08 13:33:13 | 000,000,000 | ---D | M] -- C:\Users\Shari Wright\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >
Extras:
OTL Extras logfile created on: 8/24/2013 10:50:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shari Wright\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.74% Memory free
7.89 Gb Paging File | 6.02 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 105.10 Gb Total Space | 41.21 Gb Free Space | 39.21% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.15 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive E: | 97.00 Mb Total Space | 81.45 Mb Free Space | 83.97% Space Free | Partition Type: FAT32

Computer Name: SDWLAP01 | User Name: Shari Wright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000A990A-0284-4C4F-85F0-D791602F9CCB}" = lport=445 | protocol=6 | dir=in | app=system |
"{02660104-5135-4AD9-9209-D20C8B615B0F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{093D57AB-12F8-45D5-9956-6FC3DE492F49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E56CB77-6645-4708-87D2-651E3E2E2E90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{128E57CB-CBBB-48A3-94F5-2222CA9B1391}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1CE958BB-9AC1-49F8-8CA6-6475DF27E6E9}" = rport=139 | protocol=6 | dir=out | app=system |
"{49F7ADBF-20AE-4A10-9F1A-C2BBF6C52C9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{56E30E0E-A42D-4765-87D8-FFDC113F6081}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E2F4B31-3ADB-4B56-BFE9-DDBC8B59AF52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5EDE4851-7B84-4C73-BD90-B35F0ED607BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76FF8BFE-6BAD-4ABC-8600-BA2A891788C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B6AEEE0-2D12-4F1B-880D-6326B8986EEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83AD7298-B0B3-43FB-86D7-558D4FFE5D10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9174F337-F984-4895-8BBC-A27DEAA35592}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA81F839-8AFC-4340-BA53-57239C3FF985}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAA48C27-39F0-4BBF-81E2-5D2F308DEAA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2C1CB42-D9E0-4812-B0D3-0790EC5228E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA84BBB3-4562-4FA3-9764-EE96AFBEC570}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB26FB3E-C7B2-4358-BBF8-A6D32B16CF9A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDB10CB8-D9F2-4FAB-AE57-4B3A0210A1EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6BBBE10-ED0D-4848-AA86-15FAED436DEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DBAF415C-6CF4-4406-A0DD-3DF68912F1FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD6B63F1-7FA5-4D60-9722-023DAD2A15E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F82142AD-9713-4AD8-B869-377CCFBFEF42}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D4A012-BB8D-41D1-AF83-39953DECAC84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11DE14A0-EC22-4DE8-80D5-9C920C68CB00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{239775F0-6FF2-4AB8-BD7F-CA591FC99AAC}" = dir=in | app=c:\users\shari wright\appdata\local\microsoft\skydrive\skydrive.exe |
"{263612DC-5691-46B4-BFF2-15CA89553823}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34963316-82CA-49EC-A64D-09349BC4755E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A895CB8-F22D-4AC9-82D6-5E150E3F690D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45B07D31-9D3F-480F-B1CE-E922F72C327F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4CD17B-2195-46FF-99C5-0E956A4F97BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C863599-491E-405B-855F-AACE0C6212F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{644B84E1-5EDD-4BBE-84F2-D47B4FB8FC8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B31A2FE-D00E-4D62-84EE-21CE9FE6BDC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{702F5EDF-675E-4072-92DE-B7C288E53A18}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{75EBECAE-123D-4021-9DED-BF515DBD0DA5}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{819931A2-53E9-474B-BDB6-7A5EE2A0C12E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{857946B8-5E22-45E6-B5A6-C7380E436B8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8A77A968-4ED6-47AD-9D78-FB577975E064}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8AA09D34-3647-4A07-9664-A7701414C04C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9214299B-992D-4A3D-A77A-8426C65EB07F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A402712A-9B7C-4FDB-9514-E03B5153D97E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AA65CA69-2BD6-40D4-A688-8293DF69C8EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AA97DCB0-F6EF-4A3D-A7F8-D76CF0F69F97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC92244-C802-484D-A030-F7033497BE7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AEFBC493-35A4-431F-B08B-C42F55223C27}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B192C4B0-9DC3-44B1-BEFA-5E0A2EAC7702}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B598F32F-A0A6-44AE-817C-E453D27517BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7C0C238-94E0-4C64-9625-0AC39116B38F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8586EFC-5EF8-4B0B-AABF-84A0A53027DD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{C11B9DC5-C89B-4F0C-91F9-D29D14BC3E33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9EBFB61-8FD8-4E26-8786-1542D57D8523}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6C03060-3A50-4B63-84F8-F5C1FFBFC0E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D97352B5-3079-4803-AEB2-171FF96E7D1E}" = protocol=6 | dir=out | app=system |
"{DF7FB294-520E-47FF-BFB9-4E06843B8EC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E0FA2FA5-380D-4A2C-AA0A-6548852CFEC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE2C1588-74BD-4A16-AE96-595F2BAE878E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EE659230-DC20-4F28-B119-1C661A6D31EA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FF488B5A-08DC-4344-8758-CF679479C190}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{D3ECFEB8-4D89-41B9-A68B-3F9EF63D1690}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"UDP Query User{217EB819-726A-4957-9AFC-1053D32A27E6}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BC9A5A7-97C2-43C3-BF97-DA0FAB2B6A1D}" = Fresco Logic USB3.0 Host Controller
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics ClickPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14903540-BCF8-4054-8DFB-847DAA5301DA}" = Intel(R) Smart Connect Technology 1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F0BBD5-7AFF-4219-99C3-CB8C8F140C61}" = Sierra Wireless 3G Watcher
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DE80866-EF92-47C1-80F5-1EA83B7A0AA2}" = HP Software Framework
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel(R) WiDi
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}" = HP CoolSense
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B22049E9-C7B6-4DB7-99E4-749968127376}" = HP Documentation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1311ACE-E2BB-41BC-A02C-7256E11E3A33}" = ESU for Microsoft Windows 7 SP1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belarc Advisor" = Belarc Advisor 8.3
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.498
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"ProInst" = Intel PROSet Wireless
"VIP Access SDK" = VIP Access SDK (1.0.1.2)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2013 8:19:28 PM | Computer Name = SDWLAP01 | Source = WinMgmt | ID = 10
Description =

Error - 1/20/2013 4:54:08 PM | Computer Name = SDWLAP01 | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x00000000001729ac
Faulting
process id: 0xc94 Faulting application start time: 0x01cdf2b6027bafd7 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\ole32.dll
Report
Id: 888d9c7f-6343-11e2-a01f-4ceb421e1495

Error - 1/20/2013 8:19:22 PM | Computer Name = SDWLAP01 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8d8 Start
Time: 01cdf76ce71bf1dc Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 1/24/2013 12:01:41 AM | Computer Name = SDWLAP01 | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ffc Start
Time: 01cdf9e77583dc87 Termination Time: 19 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: bc351fda-65da-11e2-a01f-4ceb421e1495

Error - 1/25/2013 3:03:08 PM | Computer Name = SDWLAP01 | Source = ISCT Agent | ID = 1003
Description =

Error - 1/25/2013 3:03:10 PM | Computer Name = SDWLAP01 | Source = WinMgmt | ID = 10
Description =

Error - 2/5/2013 2:38:21 PM | Computer Name = SDWLAP01 | Source = ISCT Agent | ID = 1003
Description =

Error - 2/5/2013 2:38:23 PM | Computer Name = SDWLAP01 | Source = WinMgmt | ID = 10
Description =

Error - 2/6/2013 10:22:08 AM | Computer Name = SDWLAP01 | Source = ISCT Agent | ID = 1003
Description =

Error - 2/6/2013 10:22:10 AM | Computer Name = SDWLAP01 | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 6/14/2012 11:03:34 PM | Computer Name = SDWLAP01 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/aeb9d78c_0367_4370_96b0_7b1940a88d24/rp0iv2rykpxdgw8jkmy4jeur_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 4041 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 6/14/2012 11:03:37 PM | Computer Name = SDWLAP01 | Source = HPSF.exe | ID = 4000
Description =

Error - 7/27/2012 3:41:48 PM | Computer Name = SDWLAP01 | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 5/22/2013 8:16:47 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 6:16:46 AM - Error connecting to the internet. 6:16:46 AM - Unable
to contact server..

Error - 5/22/2013 9:17:41 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 7:17:40 AM - Error connecting to the internet. 7:17:40 AM - Unable
to contact server..

Error - 5/22/2013 10:18:35 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 8:18:34 AM - Error connecting to the internet. 8:18:34 AM - Unable
to contact server..

Error - 5/23/2013 7:28:54 PM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 5:28:51 PM - Error connecting to the internet. 5:28:51 PM - Unable
to contact server..

Error - 6/8/2013 7:36:37 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 5:36:34 AM - Error connecting to the internet. 5:36:34 AM - Unable
to contact server..

Error - 6/8/2013 8:37:19 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 6:37:19 AM - Error connecting to the internet. 6:37:19 AM - Unable
to contact server..

Error - 6/8/2013 9:38:10 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 7:38:09 AM - Error connecting to the internet. 7:38:09 AM - Unable
to contact server..

Error - 6/8/2013 10:38:52 AM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 8:38:52 AM - Error connecting to the internet. 8:38:52 AM - Unable
to contact server..

Error - 6/15/2013 4:06:25 PM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 2:06:25 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 6/16/2013 10:55:28 PM | Computer Name = SDWLAP01 | Source = MCUpdate | ID = 0
Description = 8:55:28 PM - Error connecting to the internet. 8:55:28 PM - Unable
to contact server..

[ System Events ]
Error - 8/18/2013 5:41:20 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/18/2013 6:03:46 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/19/2013 7:48:59 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/19/2013 9:48:26 PM | Computer Name = SDWLAP01 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:45:25 PM on ?19/?08/?2013 was unexpected.

Error - 8/19/2013 9:48:40 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/19/2013 11:59:55 PM | Computer Name = SDWLAP01 | Source = DCOM | ID = 10016
Description =

Error - 8/19/2013 11:59:55 PM | Computer Name = SDWLAP01 | Source = DCOM | ID = 10016
Description =

Error - 8/20/2013 9:12:41 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/21/2013 3:03:21 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/24/2013 12:16:35 PM | Computer Name = SDWLAP01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

No changes in behaviour since forum item was initially posted.

Dave2U
Dave2U
Active Member
 
Posts: 7
Joined: July 22nd, 2007, 9:23 am
Location: Calgary

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby pgmigg » August 24th, 2013, 11:32 pm

Hello Dave2U,

Nice job! :D Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid= {57B2A9C2-BD18-4D6D-BF31-EBF9312AA1C5}&mid=08995a4c3d2acd16ccebdaa786d6909b-221a3ee27185ab2114bc04e8d5749f187f260cf0&lang=us&ds=AVG&pr=fr&d=2011-12-12 07:29:31&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q= {SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=1
    O15 - HKU\S-1-5-21-279879359-3202000496-1275337671-1001\..Trusted Domains: jacquielawson.com ([]http in Trusted sites)
    
    :Commands
    [emptytemp]
    [emptyflash]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Sweet*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    smartbar
    Sweetpack
    Tarma
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Then
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

And finally today
Many people just like you suffer experiencing discomfort when using IE10 under Windows 7 - they are having difficulty with the functionality of IE10. I could recommend you to return back to IE9 because Microsoft cannot clearly explain and fix such problems. Please let me know if you prefer to do such step back and I will give you instruction how to do it properly because IE is not a regular application but is installed as an Windows update.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Answers for my questions related to type of using of your computer
  5. Response to my proposal about IE10.
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby Dave2U » August 25th, 2013, 5:29 pm

Hi pgmigg,

Here is the output from OTL-FixScript and SystemLook scans:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jacquielawson.com\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin01_STS
->Temp folder emptied: 4109607 bytes
->Temporary Internet Files folder emptied: 6324226 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Dave Fulton
->Temp folder emptied: 2380401 bytes
->Temporary Internet Files folder emptied: 56042616 bytes
->Flash cache emptied: 976 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shari Wright
->Temp folder emptied: 491705890 bytes
->Temporary Internet Files folder emptied: 1561949931 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 518172551 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95397 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,518.00 mb


[EMPTYFLASH]

User: Admin01_STS
->Flash cache emptied: 0 bytes

User: All Users

User: Dave Fulton
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Shari Wright
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08252013_095830

Files\Folders moved on Reboot...
C:\Users\Shari Wright\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Shari Wright\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Remote Support Customer\498\log5974.tmp\GoToAssist Remote Support Customer_01.LOG moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Remote Support Customer\498\log5974.tmp\mgn_service-service_00.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



SystemLook 30.07.11 by jpshortstuff
Log created at 15:07 on 25/08/2013 by Shari Wright
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Users\Shari Wright\Music\iTunes\iTunes Media\Mobile Applications\Ask.com 1839.ipa --a---- 4941506 bytes [17:28 23/05/2013] [17:29 23/05/2013] FC8AB73424211C3B5209951B60A87371

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [19:43 06/12/2012] [19:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Sweet*"
C:\Users\Shari Wright\Music\Music\Engelbert Humperdinck\Gold Disc 2\09 Sweetheart.mp3 --a---- 7126648 bytes [23:23 07/04/2012] [19:31 03/01/2010] C0EDA59994E613B7165AEA17A5F9167B
C:\Users\Shari Wright\Music\Music\Henry Mancini\All-Time Greatest Hits, Vol. 1\08 The Sweetheart Tree.mp3 --a---- 4741108 bytes [23:22 07/04/2012] [22:56 03/01/2010] 4280CAA5CFB76B5ADC0E9AA7858D6D67
C:\Users\Shari Wright\Music\Music\Neil Diamond\His Very Best\18 Sweet Caroline (Good Times Never Seemed So Good).mp3 --a---- 9829564 bytes [23:30 07/04/2012] [20:49 03/01/2010] FF520EAD5E5CDAF8832D26A9447E46EA
C:\Users\Shari Wright\Music\Music\Neil Diamond\The Essential Neil Diamond [Sony] Disc 1\10 Sweet Caroline.mp3 --a---- 8066248 bytes [23:24 07/04/2012] [05:44 03/01/2010] 6CB669AD4DD0B4E87DF1205D6D39ADE8
C:\Users\Shari Wright\Music\Music\Neil Diamond\Up on the Roof- Songs from the Brill Building\13 Sweets for My Sweet.mp3 --a---- 6954388 bytes [23:27 07/04/2012] [05:44 03/01/2010] 3C4ACD9A01BB1F8C7C6A84A7D2D5CA86
C:\Users\Shari Wright\Music\Music\Neil Diamond\Up on the Roof- Songs from the Brill Building\14 Happy Birthday, Sweet Sixteen.mp3 --a---- 8788696 bytes [23:27 07/04/2012] [05:44 03/01/2010] 24355E3336577C6B7FC9CE16F6C79075
C:\Users\Shari Wright\Music\Music\Neil Sedaka\The Definitive Collection\05 Happy Birthday Sweet Sixteen.mp3 --a---- 6374180 bytes [23:18 07/04/2012] [23:08 10/01/2010] 27CE285713AAE935EA570E22DC8EF447

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\045F27F206F16624596059B2126D46D0]
"File"="iSyncConduit.dll"

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "smartbar"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
No data found.

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-

This laptop is primarily used for personal use by my wife. However, I have a profile on it that I use from time to time for business and we share a home network (wired 1GBe and 801.11N w/l with WPA2-Personal encryption). If, after addressing malware concerns, the hesitancy continues, we may consider rolling back the IE update from IE10 back to IE9. However, we would like to ensure the machine is clean and behaviour persists before doing so. I'm still seeing some delay/hesitancy when opening IE10. One other thing we can check is which add-ins are enabled in IE and try disabling ALL add-ins to see if the hesitancy persists.

Thanks for your help on this to date.

Cheers,
Dave2U
Dave2U
Active Member
 
Posts: 7
Joined: July 22nd, 2007, 9:23 am
Location: Calgary

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby pgmigg » August 26th, 2013, 12:43 am

Hello Dave2U,

If, after addressing malware concerns, the hesitancy continues, we may consider rolling back the IE update from IE10 back to IE9.
We are not finished yet. :)
When the cleaning part will be done, I will post an instruction how to return back from IE10 to IE9 - it will be up to you to use it or not.

Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy by clicking on "Select all" and Paste the following code into the Image text box.
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\Shari Wright\Music\iTunes\iTunes Media\Mobile Applications\Ask.com
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    
    :Commands
    [emptytemp]
    [emptyflash]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the JRT.txt log file
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby Dave2U » August 26th, 2013, 12:42 pm

Hi pgmigg,

I am able to report I had no problems executing the instructions other than my wife inadvertently using IE during the ESET scan. I let the scan finish and re-ran it per your instructions - receiving the same result. 2 Threat Files identified.

Here is the result of my OTL-Fix run...

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-279879359-3202000496-1275337671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jacquielawson.com\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin01_STS
->Temp folder emptied: 4109607 bytes
->Temporary Internet Files folder emptied: 6324226 bytes
->Flash cache emptied: 470 bytes

User: All Users

User: Dave Fulton
->Temp folder emptied: 2380401 bytes
->Temporary Internet Files folder emptied: 56042616 bytes
->Flash cache emptied: 976 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shari Wright
->Temp folder emptied: 491705890 bytes
->Temporary Internet Files folder emptied: 1561949931 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 518172551 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95397 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,518.00 mb


[EMPTYFLASH]

User: Admin01_STS
->Flash cache emptied: 0 bytes

User: All Users

User: Dave Fulton
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: Shari Wright
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08252013_095830

Files\Folders moved on Reboot...
C:\Users\Shari Wright\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Shari Wright\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Remote Support Customer\498\log5974.tmp\GoToAssist Remote Support Customer_01.LOG moved successfully.
C:\Windows\temp\CitrixLogs\GoToAssist Remote Support Customer\498\log5974.tmp\mgn_service-service_00.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


====================================================================================
====================================================================================

Here is the output from the final ESET scan identifying 2 potential malware files...

C:\Users\Shari Wright\Documents\Downloads\CuteWriter.zip a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Shari Wright\Documents\Downloads\CuteWriter\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

============================================================================================
============================================================================================

Interesting note:

At the root of the system drive, I notice a folder call "dell" containing driver files....

I do not recall installing dell drivers on this system (since it is an HP Folio 13 laptop). The scans report these driver files as "clean" but I find it suspicious that Dell driver files are showing up on this laptop when everything on the network is HP, Cisco and/or Xerox.

Finally, As for the CuteWriter software - I downloaded and installed it, declining the "Ask Toolbar" installation. I believe these files were packaged as part of the free download.

Hope this helps!
Dave2U
Dave2U
Active Member
 
Posts: 7
Joined: July 22nd, 2007, 9:23 am
Location: Calgary

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby pgmigg » August 26th, 2013, 5:25 pm

Hello Dave2U,

At the root of the system drive, I notice a folder call "dell" containing driver files....

I do not recall installing dell drivers on this system (since it is an HP Folio 13 laptop). The scans report these driver files as "clean" but I find it suspicious that Dell driver files are showing up on this laptop when everything on the network is HP, Cisco and/or Xerox.
Actually the Dell is much more then simple computer manufacture. They produce monitors, keyboards, and many many other different real and virtual devices and all of them required drivers. You cannot be 100% sure that if you simply remove that folder some "third party" program will not crashed. You can try to find the date-time of creation of \Dell folder in the list of installed software getting by Programs and Features from Control Panel. Probably you could get relationship between questionable folder and some installed stuff.

Finally, As for the CuteWriter software - I downloaded and installed it, declining the "Ask Toolbar" installation. I believe these files were packaged as part of the free download.
I agree and it is up to you to remove or not C:\Users\Shari Wright\Documents\Downloads\CuteWriter.zip file.

After all your latest set of logs appear to be clean! :cheers:

This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u25) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x64 and click on the associated file name jre-7u25-windows-x64.exe , save the file to your desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From desktop please double-click on jre-7u25-windows-x64.exe to install the newest version.
  3. Follow the on-screen directions and when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK. Then close the Java Control Panel. Close and exit Control Panel.

Step 2.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader XI - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 3.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 4.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Double-click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 5 - Optional.
Remove Internet Explorer 10
  1. Go to Start > Control Panel > Programs and Features.
  2. In the left column, click on 'View Installed Updates'
  3. Scroll down until you come to the blue subtitle 'Microsoft Windows'
  4. Under this category you will see 'Windows Internet Explorer 10' listed as an update.
  5. Highlight it and choose Uninstall. This definitely will take a while, so don't interrupt it until it's done.
  6. When you are through, please prevent IE10 from being installed automatically again later by downloading and running the IE10 blocker:
    1. Please download IE10 blocker form Here
      and save IE10_BlockerToolkit.EXE to your Desktop.
    2. Right click on IE10_BlockerToolkit.EXE, select 'Run As Administrator...' to run it. If prompted by UAC, please allow it.
      You will be asked to accept the end-user license agreement (EULA) before you gain access to the package contents.
      The package contains 4 different files.
    3. Pick a location where you would like to place the 4 files above by clicking on 'Browse'. Once you have specified the location to place the extracted files,
      click ‘OK’.
    4. Launch an elevated Command Prompt by navigating to Start -> All Programs -> Accessories -> and then
      right click on “Command Prompt” and select “Run as Administrator”.
    5. Type “CD ” including one space followed by the path to where you have extracted the 4 files in the previous step.
    6. In the Command Prompt, type “ie10_blocker.cmd /B” and hit Enter to set the blocker on the machine.
    7. You have to wait confirmation in the Command Prompt: “Blocking deployment of Internet Explorer 10 on the local machine. The operation completed successfully.
    8. Please close the Command Prompt window.

Then:
Please don't forget to enable all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: IE10 sluggish on wife's HP Folio 13 - Need help! - Round

Unread postby NonSuch » August 30th, 2013, 2:02 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware