Jump to content

imposs

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by imposs

  1. Thank you for your quick and positive response. However I have suddenly lost interest in these items in spite of your assurance so i shall probably leave them where they are! Keep up the good work. All good wishes.
  2. I carried out a manual scan of my laptop with Windows 7 using your marvellous free Malwarebytes which found two files with Backdoor.bots. After quarantining them and rescanning they did not reappear. What horrified me the most was the files that they were found in; they were BBC iplayer downloads files. Should the BBC be notified that their iplayer download system is spreading malware or perhaps more to the point, should the public be made aware of the danger? I attach the scan result (with my user name removed)bot.txt Click to ch
  3. OK. I shall leave it there and let you know if there are any problems. Thank you very much for your help again.
  4. I suspect that the ZoneAlarm Support team will not be very interested in helping me to uninstall their product! The question really is does it matter if there are some leftovers from their program? Can I just leave them on my computer and forget them or will they cause trouble?
  5. As I am trying to get rid of all parts of ZoneAlarm, I do not understand the logic of your suggestion that I should reinstall it. However I have full trust in your judgment and I have done what you said. I reinstalled its firewall and toolbar and I uninstalled them through the Control Panel. I then ran the cleaning tool which you suggested. I am now back at the same situation as I was before with significant ZoneAlarm entries showing up in SystemLook. Could I ask you to write me just one more piece of special text to try to get rid of as much of what is left as possible. I show below the latest SystemLook log. SystemLook 30.07.11 by jpshortstuff Log created at 18:41 on 04/01/2013 by MPOSSENER Administrator - Elevation successful ========== filefind ========== Searching for "*zonealarm*" C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121029.ZoneAlarm-Facebook-Wild-Child1[1].png --a---- 1444419 bytes [21:49 03/01/2013] [21:49 03/01/2013] 0E109D16119ECBFF2196687748C4CF79 C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121220.ZoneAlarm-Lost-Personal-Devices1[1].png --a---- 397658 bytes [21:49 03/01/2013] [21:49 03/01/2013] 9A8EA22435FC4F7A7781C7D2BC62CB2C C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121221.ZoneAlarm-Facebook-Gifts[1].png --a---- 234688 bytes [21:49 03/01/2013] [21:49 03/01/2013] 97097519E3BE76DB3CB6660BD03B46A0 C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV1GJUWR\search_zonealarm_com[1].htm --a---- 9436 bytes [23:17 03/01/2013] [23:17 03/01/2013] 37430B7967410073A16BFB897110B1AF C:\Users\MPOSSENER\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\ZoneAlarm.log --a---- 278492 bytes [21:46 03/01/2013] [21:46 03/01/2013] 3F082BAC3FBB8F4EA44113E828EC355B C:\Users\MPOSSENER\AppData\Roaming\Microsoft\Office\Recent\remove ZoneAlarm.LNK --a---- 1102 bytes [23:54 24/12/2012] [23:56 03/01/2013] 3E5CCBD7B86074889A9454BC11B6028E C:\Users\MPOSSENER\AppData\Roaming\Microsoft\Windows\Recent\remove ZoneAlarm.lnk --a---- 2593 bytes [23:54 24/12/2012] [23:56 03/01/2013] FB6F9A96856DF0BFB17DD6C43EF95743 C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 28160 bytes [00:18 03/12/2012] [20:40 26/12/2012] B612838A00397F43103B29810FC99E62 Searching for "*checkpoint*" No files found. ========== folderfind ========== Searching for "*zonealarm*" C:\Users\MPOSSENER\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm d------ [21:25 03/01/2013] C:\Users\MPOSSENER\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar d------ [21:46 03/01/2013] Searching for "*checkpoint*" C:\ProgramData\CheckPoint d------ [21:22 03/01/2013] C:\Users\All Users\CheckPoint d------ [21:22 03/01/2013] C:\Users\MPOSSENER\AppData\Roaming\CheckPoint d------ [21:46 03/01/2013] C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012] ========== regfind ========== Searching for "zonealarm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "DisplayName"="Search By ZoneAlarm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "URL"="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116244659838270-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ea4e98ba000000000000ec55f92d1c69&q={searchTerms}&r=716" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "OSDFileURL"="file:///C:/Users/MPOSSE~1/AppData/Local/Temp/Check%20Point%20Software%20Technologies%20LTD/zonealarm/1.6.7.4/zonealarm.xml" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "FaviconURL"="http://search.zonealarm.com/favicon.ico" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url4"="http://www.zonealarm.com/" [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU] "Item 1"="[F00000000][T01CDEA0E04E439C0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\Help\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi] "Description"="ZoneAlarm LTD Toolbar Api" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi] "Product"="ZoneAlarm LTD Toolbar" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "DisplayName"="Search By ZoneAlarm" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "URL"="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116244659838270-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ea4e98ba000000000000ec55f92d1c69&q={searchTerms}&r=716" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "OSDFileURL"="file:///C:/Users/MPOSSE~1/AppData/Local/Temp/Check%20Point%20Software%20Technologies%20LTD/zonealarm/1.6.7.4/zonealarm.xml" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}] "FaviconURL"="http://search.zonealarm.com/favicon.ico" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url4"="http://www.zonealarm.com/" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU] "Item 1"="[F00000000][T01CDEA0E04E439C0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" Searching for "checkpoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url22"="http://users/All%20Users/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url23"="http://users/AllUsers/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\Help\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex] "CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions] "{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi] "Path"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url22"="http://users/All%20Users/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url23"="http://users/AllUsers/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" -= EOF =-
  6. Happy New Year! I hope you had a good holiday. What do you mean when you say I should reinstalled ZoneAlarm and uninstall it "the right way"? Do you mean that I should uninstall it through my Control Panel because, if so, surely this will leave the same extra bits that I have already which were left last time I did it? Alternatively do you think I should use a special tool to uninstall it? Please let me know what you have in mind.
  7. I understand that manual cleaning is long and tedious but each stage removes more. I have tried your suggested tool and show below the SystemLook log with the special text which you wrote previously for me. SystemLook 30.07.11 by jpshortstuff Log created at 17:17 on 24/12/2012 by MPOSSENER Administrator - Elevation successful ========== filefind ========== Searching for "*zonealarm*" C:\Users\MPOSSENER\Desktop\Resume ZoneAlarm Security Install.lnk --a---- 2010 bytes [12:47 24/12/2012] [12:47 24/12/2012] 389BE640890AB575A74D79A598342D83 C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0 Searching for "*checkpoint*" No files found. ========== folderfind ========== Searching for "*zonealarm*" No folders found. Searching for "*checkpoint*" C:\Program Files (x86)\CheckPoint d------ [12:46 24/12/2012] C:\ProgramData\CheckPoint d------ [12:46 24/12/2012] C:\Users\All Users\CheckPoint d------ [12:46 24/12/2012] C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012] ========== regfind ========== Searching for "zonealarm" [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU] "Item 19"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] @="ZoneAlarm Security Engine Registrar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Installer"=""C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security] "DisplayName"="ZoneAlarm Security" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU] "Item 19"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" Searching for "checkpoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url5"="http://users/All%20Users/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url6"="http://users/AllUsers/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer] @="CheckPoint.ForceFieldToolbarRegistrar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer] @="CheckPoint.IEVirtualDownloader.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex] "CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Installer"=""C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security] "UninstallString"=""C:\Program Files (x86)\CheckPoint\Install\Install.exe" /s uninstall" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security] "DisplayIcon"="C:\Program Files (x86)\CheckPoint\Install\Install.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url5"="http://users/All%20Users/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url6"="http://users/AllUsers/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" -= EOF =-
  8. I hope you will not be angry but shortly after my last posting to you, I thought I would like to find out what happened to those two folders which you wanted me to delete. I therefore went back a step and reran SystemLook with the same special text which you wrote then. The folders had disappeared but there were still several references to ZoneAlarm, much to my surprise. Can these just be ignored? I show the log below. SystemLook 30.07.11 by jpshortstuff Log created at 18:43 on 23/12/2012 by MPOSSENER Administrator - Elevation successful ========== filefind ========== Searching for "*zonealarm*" C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8QJKR65\71571-2-ZoneAlarm-Firewall-files-in-registry-won-t-delete[1].htm --a---- 50465 bytes [22:05 22/12/2012] [22:05 22/12/2012] 6BA59DD8593B2CDD10FB62AE3E38EE87 C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121029.ZoneAlarm-Facebook-Wild-Child1[1].png --a---- 1444419 bytes [21:54 22/12/2012] [21:54 22/12/2012] 0E109D16119ECBFF2196687748C4CF79 C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121221.ZoneAlarm-Facebook-Gifts[1].png --a---- 234688 bytes [21:54 22/12/2012] [21:54 22/12/2012] 97097519E3BE76DB3CB6660BD03B46A0 C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\78291-FIXED-Delete-tmp-files-in-C-CheckPoint-ZoneAlarm-Data-avsys-tem-p[1].htm --a---- 37053 bytes [21:43 22/12/2012] [21:43 22/12/2012] 3C58A04CC0CBDB190E6907C8CDAB2980 C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0 Searching for "*checkpoint*" C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\78291-FIXED-Delete-tmp-files-in-C-CheckPoint-ZoneAlarm-Data-avsys-tem-p[1].htm --a---- 37053 bytes [21:43 22/12/2012] [21:43 22/12/2012] 3C58A04CC0CBDB190E6907C8CDAB2980 ========== folderfind ========== Searching for "*zonealarm*" No folders found. Searching for "*checkpoint*" C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012] ========== regfind ========== Searching for "zonealarm" [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU] "Item 18"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] @="ZoneAlarm Security Engine Registrar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU] "Item 18"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" Searching for "checkpoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url3"="http://users/All%20Users/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url4"="http://users/AllUsers/CheckPoint" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer] @="CheckPoint.ForceFieldToolbarRegistrar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer] @="CheckPoint.IEVirtualDownloader.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex] "CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url3"="http://users/All%20Users/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs] "url4"="http://users/AllUsers/CheckPoint" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "h"="C:\ProgramData\CheckPoint\1" -= EOF =-
  9. I located and deleted the ProgramData folder even though it was empty. However I could not locate the Users\All Users folder even when searching hidden files and folders so I left it. Thank you for preparing the specially written sequence. It worked perfectly. My HP scanner is working properly now and has no reference to a ZoneAlarm Firewall and I have not found any mention of ZoneAlarm in a DDS scan. I show the DDS logs below so that you can see how good your work is! Thank you very much again for all your help. You deserve a very good Christmas so I hope you have one, and a Happy New Year. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 04/05/2011 01:26:34 System Uptime: 23/12/2012 17:30:24 (0 hours ago) . Motherboard: Acer | | JE50_HR Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 987/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 203.418 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart B110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart B110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . ==== System Restore Points =================== . RP130: 21/11/2012 14:36:19 - Windows Update RP131: 27/11/2012 12:00:20 - Restore Operation RP132: 28/11/2012 17:22:13 - Windows Update RP133: 13/12/2012 15:36:03 - Windows Update RP134: 13/12/2012 16:08:06 - Windows Update RP135: 20/12/2012 16:45:47 - Installed Network64 RP136: 21/12/2012 10:00:14 - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Airport Mania First Flight Amazonia Apple Application Support Apple Mobile Device Support Apple Software Update Audible Download Manager AVG 2013 B110 Backup Manager V3 Bing Bar Bonjour Broadcom Card Reader Driver Installer Broadcom Gigabit NetLink Controller BufferChm Cake Mania clear.fi clear.fi Client D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Dream Day First Home DriverUpdate eBay Worldwide eSobi v2 ETDWare PS/2-X64 8.0.6.0_WHQL Farm Frenzy 2 ffdshow v1.2.4422 [2012-04-09] Galapago Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Heroes of Hellas Hewlett-Packard ACLM.NET v1.1.0.0 HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart Essential 3.5 HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IsoBuster 3.0 iTunes Java 7 Update 9 Java Auto Updater Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaEspresso MediaPlayerLite 0.3 Merriam Websters Spell Jam Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker 4 MyWinLocker Suite Network64 NTI Media Maker 9 Picasa 3 Poker 25 Version 1.0 Poker Pop PS_AIO_07_B110_SW_Min QuickTime QuickTransfer RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Renesas Electronics USB 3.0 Host Controller Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shop for HP Supplies Shredder Skype™ 5.10 SlimDrivers SmartWebPrinting SolSuite SolutionCenter Spin & Win Status Sudoku SuDoku Solver v 1.0 SUPERAntiSpyware SUPERAntiSpyware Free Edition System Checkup 3.0 Ten Thumbs 4.7 Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 23/12/2012 17:32:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23/12/2012 17:31:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon 23/12/2012 17:31:11, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 21/12/2012 17:30:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4. 21/12/2012 10:18:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. 21/12/2012 10:18:14, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 20/12/2012 16:04:32, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 19/12/2012 10:49:13, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 18/12/2012 23:27:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 18/12/2012 21:42:38, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by MPOSSENER at 17:40:01 on 2012-12-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2552 [GMT 0:00] . . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.yahoo.com/ uWindow Title = Microsoft Internet Explorer provided by Tiscali uSearch Bar = hxxp://www.lycos.co.uk/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.tiscali.co.uk/ mStart Page = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}\243534 : DHCPNameServer = 192.168.0.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-19 31080] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2656280] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-6 243232] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112] R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496] R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368] R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-6 138024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912] S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-10 15712] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-22 20:56:50 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-12-22 20:56:48 -------- d-----w- C:\ProgramData\RealNetworks 2012-12-22 20:56:43 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-12-22 20:56:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-12-22 20:56:16 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-12-21 10:00:39 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 10:00:39 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 10:00:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 10:00:38 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-20 17:18:26 -------- d-----w- C:\Program Files (x86)\SlimDrivers 2012-12-19 10:49:13 -------- d-----w- C:\_OTL 2012-12-17 17:19:10 -------- d-----w- C:\ProgramData\boost_interprocess 2012-12-17 17:00:47 -------- d-----w- C:\Windows\ERUNT 2012-12-17 16:47:18 -------- d-----w- C:\JRT 2012-12-12 16:09:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-30 23:17:22 -------- d-----w- C:\Program Files\iPod 2012-11-30 23:17:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-30 23:17:21 -------- d-----w- C:\Program Files\iTunes 2012-11-30 23:17:21 -------- d-----w- C:\Program Files (x86)\iTunes 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-12-23 17:31:23 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-12-14 12:18:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 12:18:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 16:03:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 16:03:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll . ============= FINISH: 17:40:29.48 ===============
  10. Thanks for writing the special text. Log is as below. SystemLook 30.07.11 by jpshortstuff Log created at 16:49 on 21/12/2012 by MPOSSENER Administrator - Elevation successful ========== filefind ========== Searching for "*zonealarm*" C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0 Searching for "*checkpoint*" No files found. ========== folderfind ========== Searching for "*zonealarm*" No folders found. Searching for "*checkpoint*" C:\ProgramData\CheckPoint d------ [19:52 31/07/2012] C:\Users\All Users\CheckPoint d------ [19:52 31/07/2012] C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012] ========== regfind ========== Searching for "zonealarm" [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU] "Item 17"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar] @="ZoneAlarm Security Engine" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar.1] @="ZoneAlarm Security Engine" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] @="ZoneAlarm Security Engine Registrar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar.1] @="ZoneAlarm Security Engine Registrar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}\InprocServer32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar] "DisplayName"="ZoneAlarm LTD Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar] "URLInfoAbout"="http://www.zonealarm.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed] "ProductName"="ZoneAlarm Free Firewall" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus Definitions Light] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus Installer] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Firewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security Toolbar] "TBServices"="[{"appName": "zonealarm"}]" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Web Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm Toolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm Toolbar] "TBServices"="[{"appName": "zonealarm"}]" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000] "DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU] "Item 17"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com] [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com] Searching for "checkpoint" [HKEY_CURRENT_USER\Software\CheckPoint] [HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar\CurVer] @="CheckPoint.ForceFieldToolbar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer] @="CheckPoint.ForceFieldToolbarRegistrar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer] @="CheckPoint.IEVirtualDownloader.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}\InprocServer32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar] "InstallLocation"="C:\Program Files\CheckPoint\ZAForceField" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar] "DisplayIcon"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex] "CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage] "Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID] @="CheckPoint.IEVirtualDownloader .1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID] @="CheckPoint.IEVirtualDownloader " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR] @="C:\Program Files (x86)\CheckPoint\ZoneAlarm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32] @="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64] @="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll" [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\CheckPoint] -= EOF =-
  11. For completeness I give below the first part of the DDS scan in case it is of help. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by MPOSSENER at 16:17:54 on 2012-12-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2512 [GMT 0:00] . . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.yahoo.com/ uWindow Title = Microsoft Internet Explorer provided by Tiscali uSearch Bar = hxxp://www.lycos.co.uk/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.tiscali.co.uk/ mStart Page = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}\243534 : DHCPNameServer = 192.168.0.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-19 31080] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2656280] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-6 243232] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112] R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368] R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-6 138024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912] S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-10 15712] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-19 10:49:13 -------- d-----w- C:\_OTL 2012-12-17 17:19:10 -------- d-----w- C:\ProgramData\boost_interprocess 2012-12-17 17:00:47 -------- d-----w- C:\Windows\ERUNT 2012-12-17 16:47:18 -------- d-----w- C:\JRT 2012-12-12 16:09:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-30 23:17:22 -------- d-----w- C:\Program Files\iPod 2012-11-30 23:17:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-30 23:17:21 -------- d-----w- C:\Program Files\iTunes 2012-11-30 23:17:21 -------- d-----w- C:\Program Files (x86)\iTunes 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-21 14:49:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-21 14:49:42 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-21 14:49:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-21 14:49:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-21 14:38:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-21 14:38:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-21 14:38:16 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-21 14:38:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-21 14:38:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-21 14:38:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-21 14:38:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe . ==================== Find3M ==================== . 2012-12-20 12:26:43 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-12-14 12:18:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 12:18:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 16:03:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 16:03:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll . ============= FINISH: 16:18:26.43 ===============
  12. I am sorry to say that ZoneAlarm is still around. The latest DDS scan shows ZoneAlarm LTD Toolbar is still there (near end of Attach shown below) and my HP test for firewalls says that ZoneAlarm Pro Firewall is there. Can anything more be done to remove them? . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 04/05/2011 01:26:34 System Uptime: 20/12/2012 14:46:23 (2 hours ago) . Motherboard: Acer | | JE50_HR Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 202.673 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart B110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart B110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . ==== System Restore Points =================== . RP129: 01/11/2012 16:03:33 - Installed Java 7 Update 9 RP130: 21/11/2012 14:36:19 - Windows Update RP131: 27/11/2012 12:00:20 - Restore Operation RP132: 28/11/2012 17:22:13 - Windows Update RP133: 13/12/2012 15:36:03 - Windows Update RP134: 13/12/2012 16:08:06 - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Airport Mania First Flight Amazonia Apple Application Support Apple Mobile Device Support Apple Software Update Audible Download Manager AVG 2013 B110 Backup Manager V3 Bing Bar Bonjour Broadcom Card Reader Driver Installer Broadcom Gigabit NetLink Controller BufferChm Cake Mania clear.fi clear.fi Client D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Dream Day First Home DriverUpdate eBay Worldwide eSobi v2 ETDWare PS/2-X64 8.0.6.0_WHQL Farm Frenzy 2 ffdshow v1.2.4422 [2012-04-09] Galapago Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Heroes of Hellas Hewlett-Packard ACLM.NET v1.1.0.0 HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart Essential 3.5 HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IsoBuster 3.0 iTunes Java 7 Update 9 Java Auto Updater Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaEspresso MediaPlayerLite 0.3 Merriam Websters Spell Jam Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker 4 MyWinLocker Suite Network64 NTI Media Maker 9 Picasa 3 Poker 25 Version 1.0 Poker Pop PS_AIO_07_B110_SW_Min QuickTime QuickTransfer RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Renesas Electronics USB 3.0 Host Controller Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shop for HP Supplies Shredder Skype™ 5.10 SlimDrivers SmartWebPrinting SolSuite SolutionCenter Spin & Win Status Sudoku SuDoku Solver v 1.0 SUPERAntiSpyware SUPERAntiSpyware Free Edition System Checkup 3.0 Ten Thumbs 4.7 Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZoneAlarm LTD Toolbar . ==== Event Viewer Messages From Past Week ======== . 20/12/2012 16:04:32, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 20/12/2012 12:27:36, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 20/12/2012 12:26:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon 20/12/2012 12:26:28, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 19/12/2012 10:49:13, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 18/12/2012 23:27:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 18/12/2012 21:42:38, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. . ==== End Of File ===========================
  13. Thank you for the Custom Scans/Fixes. The OTL fix log follows. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Installer deleted successfully. ========== FILES ========== C:\Program Files (x86)\CheckPoint folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\MPOSSENER\Documents\cmd.bat deleted successfully. C:\Users\MPOSSENER\Documents\cmd.txt deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ZoneAlarm LTD Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: MAUREEN ->Temp folder emptied: 6154218 bytes ->Temporary Internet Files folder emptied: 65943113 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 998 bytes User: MPOSSENER ->Temp folder emptied: 1111038063 bytes ->Temporary Internet Files folder emptied: 147342778 bytes ->Java cache emptied: 1880 bytes ->Flash cache emptied: 8566 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 60252772 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 60744278 bytes Total Files Cleaned = 1,384.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12192012_104913 Files\Folders moved on Reboot... File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_9701237F-B442-4FDC-9DAA-BF112D7574AF.0\9F5723B9. not found! File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_6948D345-8890-4FB7-A2D7-022C9B12BB8A.0\EC6CC5AD. not found! File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_3008DCD4-7B22-4E41-A95C-EBEBA936BC51.0\CC8DA538. not found! C:\Users\MPOSSENER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  14. The Extras.txt log now follows. OTL Extras logfile created on: 17/12/2012 18:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MPOSSENER\Documents 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.22% Memory free 7.71 Gb Paging File | 5.93 Gb Available in Paging File | 76.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.99 Gb Total Space | 202.16 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: MPOSSENER-PC | User Name: MPOSSENER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{093721BF-3354-4214-9B25-3ABEB38D5C2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0AA7B0E7-C8D4-4E1E-B3BF-E715B08C05E1}" = rport=139 | protocol=6 | dir=out | app=system | "{178206B2-1612-4F1C-BC5A-4B438D7ECDA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{19B3935D-12BB-45AB-B95B-65E554512DA4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{1B3A4857-D366-4E98-BA82-B0722BED583A}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port | "{1E993B08-EC88-4C0F-B405-35F5B83E8E1A}" = lport=139 | protocol=6 | dir=in | app=system | "{23FC2562-C95E-47BE-BA4F-3876BD3A7DC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35F1C1C3-673D-4E91-8505-B30EDA2FFFE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3698B677-9CE5-4A31-A98F-9E0AC30D04C5}" = lport=10243 | protocol=6 | dir=in | app=system | "{434F8A02-6490-4C89-B2BF-F2824FBE77A1}" = rport=445 | protocol=6 | dir=out | app=system | "{4BC39D6A-95EC-4EF3-AE09-883872812A04}" = rport=10243 | protocol=6 | dir=out | app=system | "{4C59F3DC-6C6B-49DC-A71D-DEA2E46AD2DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5192B47E-F049-456F-A8D5-86B7DA5D4BE0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{58F18191-27F0-4151-A103-7D502330DFA4}" = rport=138 | protocol=17 | dir=out | app=system | "{5D9C745D-3795-4A0C-BC88-308568531B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{76AD0C7C-2535-41E8-9A8F-FA1D63D6D0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8EC4465E-64C8-4A2E-A8E9-7A2B9C14DD72}" = lport=138 | protocol=17 | dir=in | app=system | "{A8AB6679-79D4-446D-9233-4EC46413FEE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{ADE7A1B0-F2E0-460A-B7E4-86C70DB5AC6D}" = rport=137 | protocol=17 | dir=out | app=system | "{B09AEF43-07C8-49B8-8D0D-5BC563BD0D08}" = lport=137 | protocol=17 | dir=in | app=system | "{B292F8AE-B6F4-401A-96F7-F4B35E2CC334}" = lport=2869 | protocol=6 | dir=in | app=system | "{B4E4A890-DAD4-40E3-88E2-774288B07EC8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CAAF864D-36F6-47F2-9F98-50A5CBE09D68}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEAE7F6C-D929-457D-858E-239B87F88CDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D07DD956-2CF0-4FE6-B607-B2854F82A7C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6A4054A-7C5B-4B6E-8C84-00AED4DEE966}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port | "{E93F3872-7F70-4916-8D1B-2588314154C3}" = lport=445 | protocol=6 | dir=in | app=system | "{F8BAF858-3E2D-46D9-A4AA-3907851FE03A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C548DD-BCE1-4E4E-99D5-3E93BB44E256}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{03BE3905-1B96-48EE-88C2-D29D585AAD4F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs651d\hpdiagnosticcoreui.exe | "{062C1A7F-06C8-41DA-9C24-B894C6E17E93}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs67d7.tmp\symnrt.exe | "{108BB41A-F678-4543-825C-1B8BB191DDE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{10D7F2E5-A9CF-4CAE-82C7-D464B4D6851F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs79a6\hpdiagnosticcoreui.exe | "{160C7C41-6F7D-4934-85FB-36A2C76A52E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{18DFB74B-B820-4279-9078-17680B7FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1C8543E0-BF9F-4CB4-BA7D-FB37761AB4CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{23E52400-2966-4E39-B428-520781A06782}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{2565A7FE-044C-4000-A730-A80E4F2CFE82}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0883\hpdiagnosticcoreui.exe | "{2634E888-1CA0-4DB4-B611-2AED1B0EA105}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5a44\hpdiagnosticcoreui.exe | "{28D9BF1C-E52F-4A40-AEA1-65DE827EF4E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{2AC11A58-56DE-48A6-B18A-6416B5F5E9EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{2B570D82-00B7-4A2C-8085-8FC02F32093B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2C135918-60A3-4CCB-83F4-A60280F92C55}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{2DC82E5B-C70D-4B3A-819C-2ECE8F2FBAD0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5a44\hpdiagnosticcoreui.exe | "{2F106E70-1525-41F6-9B25-093ADB2296EB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{31123E59-C060-49CE-A04E-D2B8E757699F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0702\hpdiagnosticcoreui.exe | "{31759D58-3953-477A-80FD-BA6AB17D00D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{319B5563-C0DC-4D62-8C40-AA31233325EB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs6958\hpdiagnosticcoreui.exe | "{33BA5C61-68AA-4627-AA3D-465D6AB027C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{350AA2D3-5C05-418E-AB21-0A91AE2BC471}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3841ABAD-8DE8-4663-977C-588279E88378}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs79a6\hpdiagnosticcoreui.exe | "{3BA954A4-1563-439C-9D96-F6D3F174D29B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3C448EE8-C279-4483-8936-038A924488F9}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs52a9\hpdiagnosticcoreui.exe | "{3D33B908-CC48-4694-B716-E8A206B831F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4005D4F9-4824-4A0B-ADCA-339EDF3940E6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{41514CBF-F2A3-4247-9974-CAEFEDB1185B}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d41\hpdiagnosticcoreui.exe | "{427676B8-4B72-4CC6-BEF3-A60332960619}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{42B3D5EA-655E-4A41-92B2-2401CE6BDA5F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{42C5C017-FA1C-4C15-AF09-7A2F4863CA56}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7d25\hpdiagnosticcoreui.exe | "{44E796A6-AAB1-4949-9A47-2FB0D75F580F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{45CBFBE3-F070-4A42-AD99-78E383D76A49}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7444\hpdiagnosticcoreui.exe | "{46785496-1DCF-46ED-A19A-044FD7541305}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4689AF1A-1441-4428-8D2A-E36114D93D32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4A7DB4C9-ABF6-41E5-A70C-4B8ECD9356C3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4faa\hpdiagnosticcoreui.exe | "{4C3E76B2-5B87-45D1-84E7-9F88779F019F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs1335\hpdiagnosticcoreui.exe | "{4C8AA58A-7979-4020-936E-14CCB86E8B74}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20d1\hpdiagnosticcoreui.exe | "{4CA9148E-7970-4F25-BF3B-0FCD73CAABC0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs52a9\hpdiagnosticcoreui.exe | "{4CCA4F2E-E60B-4C2E-87D3-FF37BE65E9CA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4b22\hppiw.exe | "{4D1E62DB-1FE0-4CC3-B8E2-0B13982B3DA4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{4E04F59A-F709-4D4F-BC37-5B462851BD69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{4EDBD70A-45D1-4F2E-98EF-5EBB050D808F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{50D34476-58F9-4F9E-B4D7-0F1854BE82CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5344E624-1080-4D05-9D6F-329AE8C985C1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs712b.tmp\symnrt.exe | "{54AAD907-8223-4F77-AB00-5C22B5DA03B0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs67d7.tmp\symnrt.exe | "{5511D2F6-8798-4EDA-8342-9CE652861F6A}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs1335\hpdiagnosticcoreui.exe | "{56557F6E-88A7-4E84-AD03-139D77973FF6}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs6958\hpdiagnosticcoreui.exe | "{58B1887C-29C3-4E8F-9C08-B56FF3FDD937}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3689\hpdiagnosticcoreui.exe | "{5F73685D-3D2D-45B6-8558-C6366F093728}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6349ED48-6766-4813-8F74-26EE04AA265F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{683A639D-3D24-420E-8618-B934A426BC7F}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsee59.tmp\symnrt.exe | "{68459CE0-FCD3-401E-94C4-51F372141ED4}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs01e3\hpdiagnosticcoreui.exe | "{6B3831A8-BFCB-4477-8AD5-92FA33EB6922}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs74d0\hpdiagnosticcoreui.exe | "{6C2F087D-963D-4954-ABD0-186790CC48AD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{6DA726B7-D875-4DE7-B9C8-C6AE27514651}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76b6\hpdiagnosticcoreui.exe | "{6E79A9E3-90A2-413B-A434-ACEEDC9CDEA6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6FDF4F7C-5551-4394-99C5-11382BA28528}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0702\hpdiagnosticcoreui.exe | "{750EF6DE-C9F3-4DF2-A448-995C606829DB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7d25\hpdiagnosticcoreui.exe | "{755FA91E-7EC3-49A5-A2B6-0BA657060296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{757FCD0C-B577-41BC-9753-34CBF566C078}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20f4\hpdiagnosticcoreui.exe | "{78CFD71A-BF94-4524-808F-13FB44149993}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{7A30FCBF-EF8C-40A7-8661-C077C7DBC6C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7B78168F-3A4A-4DDC-B047-55C33779C7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7EF23E2E-AFEB-4BDE-84E2-D91F9E39DA16}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d57\hpdiagnosticcoreui.exe | "{7FB314FA-96E2-4033-9C22-873114F482DA}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3b62\hpdiagnosticcoreui.exe | "{814FDC29-7588-4173-B510-2FDBCD5CE650}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{82046FA8-22E8-4CFB-A919-40AF5C1E53F3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{823381BB-2F81-4226-9469-510CF2DA19CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{84A037FA-79C6-454D-BBCC-F871D12D18D1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs57e4\hpdiagnosticcoreui.exe | "{8532F53C-B537-4819-96AC-6CE9A37946A3}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3b62\hpdiagnosticcoreui.exe | "{87A2FC26-7094-4569-B86B-A59BF3B92BEB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0418\hpdiagnosticcoreui.exe | "{8A3F4184-ECC4-49E6-9063-595134489839}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs651d\hpdiagnosticcoreui.exe | "{8AD15415-B4B0-4635-BB0C-932C68859A4C}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d41\hpdiagnosticcoreui.exe | "{8B1D4068-392B-4C17-8408-AF912EBD9806}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8BDB2D5B-34B4-4771-806A-FFABEA2FB306}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs01e3\hpdiagnosticcoreui.exe | "{91D6705F-3E40-4151-BEFC-0CD8D75C0CEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{9399A508-1B17-46D2-BD24-CF97F38554D7}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs00b7\hpdiagnosticcoreui.exe | "{94C4D640-3AC5-44F1-AE90-B8B9954890F8}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsd92f.tmp\symnrt.exe | "{977D7D62-F192-424B-9B0D-83451A98EFA6}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76b6\hpdiagnosticcoreui.exe | "{991AE99F-F166-495F-996A-CD9FB34F76AE}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7444\hpdiagnosticcoreui.exe | "{9AB73AFC-ED16-42DE-BDDD-F6A80CD2DC5F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs2044\hpdiagnosticcoreui.exe | "{9ABC01F8-104D-468D-98C3-74E9A13A1CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{9B57A88D-3ABE-4DC9-9FAB-D0C028B6ADFC}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0327\hppiw.exe | "{9FF4E547-791A-41FE-9076-D714710A65EC}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs712b.tmp\symnrt.exe | "{A0CA8043-6404-48FD-B39F-6CD87D9F29F2}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs2044\hpdiagnosticcoreui.exe | "{A1AC8A9C-286B-4C3D-B20F-54B719C4C445}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A49BB26F-1862-4ADB-994A-42A10496ACBA}" = dir=in | app=d:\setup\hpznui40.exe | "{A5829765-266E-44E0-A8B2-06F8FFEDB94A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A68D0BC6-B1DB-4941-873C-C520FE459498}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{A924985F-40BF-48DD-B5B0-C8D922717437}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d57\hpdiagnosticcoreui.exe | "{A9C910B9-46FA-4FB9-B564-F844B7AEAA29}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4f65\hpdiagnosticcoreui.exe | "{AAA59833-2854-4CD7-826D-0F6CFDF3E48E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | "{AEA861B2-0FC8-41DF-89A2-E6672689DA84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{B401F193-1E53-495C-B3A7-8587F6CF8901}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{B4C350CC-FE23-4B00-B485-76873F9F3EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{B5AD15B8-E68A-489F-9346-A42FF973DE93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{BE7DFD6E-B24D-43DB-A69A-79E11E859A90}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe | "{C0853455-69D7-4AF3-A464-6826476489F4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsee59.tmp\symnrt.exe | "{C171408C-B824-45EE-A731-B3511B2883A8}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{C2AAA3AE-8139-4518-9BB3-767E1E77425D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{CA564430-39D5-4409-B6A4-778A64A31A32}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe | "{CD95A56C-AACF-4EBF-AD29-F5FD2647C4D9}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0418\hpdiagnosticcoreui.exe | "{D06FC4AE-AEA1-4DC2-BE2D-6EC26C6FCD7D}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20d1\hpdiagnosticcoreui.exe | "{D0F04099-E862-4328-8A14-8EB1F974BD4B}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs57e4\hpdiagnosticcoreui.exe | "{D1A71CF3-8AC0-46FB-AF0C-38DB09013C96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{D4A0AF72-D518-4419-A7D6-E276B560DB57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{D677FDDC-D99F-4A55-821C-3B0D12E1D1BA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3689\hpdiagnosticcoreui.exe | "{D6B0CAF2-4BFA-45D1-8B8E-65D1D86FF154}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D828F879-453E-431C-B045-30E7CFDD43B4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsd92f.tmp\symnrt.exe | "{D893423F-91E7-40E7-AECC-2BC776896EAA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0883\hpdiagnosticcoreui.exe | "{D99BC86F-5BEB-4B1A-AD4C-19DEC72AA9A7}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76f3\hpdiagnosticcoreui.exe | "{D9AA1982-2DCD-460D-ABAF-775E9DD15AD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{DA931DA2-4D47-4923-AE90-D2FA95FE3FC3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4f65\hpdiagnosticcoreui.exe | "{DB7798E6-5E5F-46FC-9A0D-B7DDFF74AAC3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0327\hppiw.exe | "{E0530619-0F69-4516-A4E0-5DBBED8B4B19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E13F0F7F-1939-4ADB-9F3A-88CB931DC248}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7058277-D04F-42AB-8C85-6841A0F18CE7}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4b22\hppiw.exe | "{E761E50E-C4BA-4368-B80A-98F156868E9D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{E8EDA90F-204A-46FE-B98E-F505C60B0BEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{E9007D10-7EA7-496E-A9C5-F1051CFC562D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{EA55CA98-DB6F-46C6-8ED2-AAAFD87BF6CE}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs74d0\hpdiagnosticcoreui.exe | "{EB27A5E6-168F-4D95-8352-C5A2EAD41ED4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4faa\hpdiagnosticcoreui.exe | "{EB4F4B8A-1CCC-4883-AFEC-019C4F134152}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe | "{EBC5813C-16A6-4BD7-BBBA-5338E4539F88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{F1004797-42BA-47C9-AB44-EE8727798CA0}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76f3\hpdiagnosticcoreui.exe | "{F1DB5D75-B929-4DA8-90D9-00D191C475D1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs00b7\hpdiagnosticcoreui.exe | "{F4E13088-CFED-479D-B91A-5A82E418530A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F6497A3E-46FD-4DD2-94A5-A29691F0F87E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6501F44-FDB0-475E-8136-B3269A70D618}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{F749C372-FAD3-4A58-9056-EAE4154C2C71}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20f4\hpdiagnosticcoreui.exe | "{FA99D4F0-3C15-4CB1-80A7-BED388A5C908}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{FFEAB067-7A3E-4DC6-856B-73D3B3DA1739}" = protocol=6 | dir=out | app=system | "TCP Query User{D0A6BD87-D97D-4AB2-B459-9D900E294270}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{F4C01D6A-7489-4A65-8D67-2E1708DBC590}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "TCP Query User{F7812055-7FA0-4211-B8DE-63B30AE72B38}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{11916FE6-C078-4ADC-8B07-68519D294C2D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{A1B51985-4D58-4F47-AFF7-E16BFC1A4EAE}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{F8B0A1E9-CB5A-4CD1-8B1E-E4626F6D80CA}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "AVG" = AVG 2013 "Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Recuva" = Recuva "Shop for HP Supplies" = Shop for HP Supplies "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1E91951D-0114-4692-8F55-F95E1B2F3542}" = SlimDrivers "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3C22981C-5C14-4176-B0E8-C2BE71174C41}" = HP Product Detection "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF87AB0F-2AC7-4C3F-AE8E-59F0BD0A6360}" = DriverUpdate "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FB5055E4-9BE1-425F-B40A-33E43E9460DA}" = Sudoku "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AudibleDownloadManager" = Audible Download Manager "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "Google Chrome Frame" = Google Chrome Frame "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "IsoBuster_is1" = IsoBuster 3.0 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "MediaPlayerLite" = MediaPlayerLite 0.3 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Picasa 3" = Picasa 3 "Poker 25_is1" = Poker 25 Version 1.0 "RealPlayer 15.0" = RealPlayer "SolSuite" = SolSuite "Sudoku" = Sudoku "SuDoku Solver v 1.0" = SuDoku Solver v 1.0 "Ten Thumbs_is1" = Ten Thumbs 4.7 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ System Events ] Error - 17/12/2012 13:57:36 | Computer Name = MPOSSENER-PC | Source = DCOM | ID = 10010 Description = < End of report >
  15. I uninstalled Coupon Printer for Windows but I could not do so for ZoneAlarm. As I mentioned before, there is no indication of ZoneAlarm anywhere on my system but it is still around somewhere. That is what I am hoping to get rid of. I give below the JRT.txt log and the OTL.txt log. The Extra.txt log follows shortly after. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.7 (12.16.2012:1) OS: Windows 7 Home Premium x64 Ran by MPOSSENER on 17/12/2012 at 17:00:49.74 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 ~~~ Files Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc" Successfully deleted: [Folder] "C:\ProgramData\speedypc software" Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\pcpro" Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\speedmaxpc" Successfully deleted: [Folder] "C:\Users\MPOSSENER\appdata\locallow\datamngr" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/12/2012 at 17:08:55.26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL logfile created on: 17/12/2012 18:17:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MPOSSENER\Documents 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.22% Memory free 7.71 Gb Paging File | 5.93 Gb Available in Paging File | 76.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.99 Gb Total Space | 202.16 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: MPOSSENER-PC | User Name: MPOSSENER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Users\MPOSSENER\My Documents\OTL.exe PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012/09/03 17:04:24 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012/08/19 20:14:14 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/08/07 11:31:06 | 028,551,040 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/25 11:57:08 | 029,357,952 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2010/12/23 14:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2010/12/23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2010/12/22 20:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/22 20:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/12/09 05:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/12/09 05:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/12/09 05:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/11/12 01:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/11/12 01:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/09/28 03:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe PRC - [2010/09/18 00:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/09/18 00:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/04/27 02:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012/11/21 22:05:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\54d19fac3bfc693f87db68571844895a\IAStorCommon.ni.dll MOD - [2012/11/21 22:05:11 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d1a34ee93168657925ce2cfc68d8b63c\IAStorUtil.ni.dll MOD - [2012/11/21 18:52:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/21 18:52:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/21 18:52:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/21 18:51:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/21 18:51:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/21 18:51:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/21 18:51:47 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/21 18:51:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/12/23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2010/12/23 14:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2010/11/12 01:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/08 10:03:31 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010/10/29 10:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/09/03 17:04:24 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/03/08 02:20:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/12/22 20:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/22 20:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/12/09 05:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/11/12 01:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/09/28 02:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/17 14:39:04 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/03 17:04:26 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/05/30 21:54:32 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/15 19:42:08 | 000,035,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2010/12/11 20:43:54 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2010/12/11 08:12:54 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2010/12/11 08:12:50 | 000,067,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010/12/06 10:14:40 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2010/12/06 10:14:40 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2010/12/06 10:14:40 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2010/12/01 22:36:04 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/12 06:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/09 10:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 08:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/09/30 05:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/09/30 05:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/ IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.co.uk/ IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 16:04:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 16:04:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/29 21:47:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/29 21:47:00 | 000,000,000 | ---D | M] [2012/08/19 17:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..Trusted Domains: avg.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{88fc7b61-6c35-11e1-98e4-1c7508df53a2}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/17 18:15:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MPOSSENER\Documents\OTL.exe [2012/12/17 17:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/12/17 17:00:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/12/17 16:47:18 | 000,000,000 | ---D | C] -- C:\JRT [2012/12/17 16:45:54 | 000,496,028 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\MPOSSENER\Documents\JRT.exe [2012/12/16 21:39:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\MPOSSENER\Documents\dds.com [2012/12/13 16:54:30 | 011,563,944 | ---- | C] (OPSWAT, Inc.) -- C:\Users\MPOSSENER\Desktop\AppRemover.exe [2012/12/09 19:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/11/30 23:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/11/30 23:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/11/29 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012/11/24 01:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/24 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime ========== Files - Modified Within 30 Days ========== [2012/12/17 18:15:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MPOSSENER\Documents\OTL.exe [2012/12/17 17:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/17 17:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/17 16:45:55 | 000,496,028 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\MPOSSENER\Documents\JRT.exe [2012/12/17 14:46:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/17 14:46:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/17 14:39:15 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2012/12/17 14:39:04 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2012/12/17 14:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/17 14:38:44 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2012/12/16 21:39:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\MPOSSENER\Documents\dds.com [2012/12/14 16:22:51 | 000,000,009 | ---- | M] () -- C:\end [2012/12/13 21:55:06 | 003,121,727 | ---- | M] () -- C:\Users\MPOSSENER\Documents\WhichRetired.pdf [2012/12/13 16:53:58 | 011,563,944 | ---- | M] (OPSWAT, Inc.) -- C:\Users\MPOSSENER\Desktop\AppRemover.exe [2012/12/13 16:53:07 | 016,216,128 | ---- | M] () -- C:\Users\MPOSSENER\Desktop\OPSWATAppRemover.exe [2012/12/13 16:00:13 | 000,366,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/09 19:54:45 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/12/08 18:27:24 | 000,208,137 | ---- | M] () -- C:\Windows\hpoins47.dat [2012/12/08 18:22:08 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/12/08 18:21:15 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk [2012/12/05 21:55:19 | 000,196,637 | ---- | M] () -- C:\Users\MPOSSENER\Documents\Watfordbuses602.pdf [2012/12/01 16:30:12 | 000,977,145 | ---- | M] () -- C:\Users\MPOSSENER\Documents\MrsA.pdf [2012/11/30 23:17:46 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/29 21:46:54 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk [2012/11/29 21:46:26 | 000,002,103 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/11/29 00:10:33 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/29 00:10:33 | 000,633,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/29 00:10:33 | 000,112,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/25 23:13:52 | 005,077,800 | ---- | M] () -- C:\Users\MPOSSENER\Documents\HPPSdrPrinter.exe [2012/11/24 01:04:44 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2012/12/13 21:55:05 | 003,121,727 | ---- | C] () -- C:\Users\MPOSSENER\Documents\WhichRetired.pdf [2012/12/13 16:53:07 | 016,216,128 | ---- | C] () -- C:\Users\MPOSSENER\Desktop\OPSWATAppRemover.exe [2012/12/08 18:21:15 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk [2012/12/08 18:17:25 | 000,208,137 | ---- | C] () -- C:\Windows\hpoins47.dat [2012/12/05 21:55:19 | 000,196,637 | ---- | C] () -- C:\Users\MPOSSENER\Documents\Watfordbuses602.pdf [2012/12/01 16:06:17 | 000,977,145 | ---- | C] () -- C:\Users\MPOSSENER\Documents\MrsA.pdf [2012/11/30 23:17:46 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/11/29 21:46:54 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk [2012/11/29 21:46:32 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/11/29 21:46:26 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/11/24 01:04:44 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/21 14:49:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/21 14:38:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/09/30 23:51:28 | 000,069,788 | ---- | C] () -- C:\ProgramData\jxxvlxmfsejeoaz [2012/08/01 17:31:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/07/31 23:37:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad [2012/07/22 21:20:11 | 000,000,055 | ---- | C] () -- C:\Users\MPOSSENER\AppData\Roaming\mbam.context.scan [2012/07/08 14:13:58 | 000,208,198 | ---- | C] () -- C:\Windows\hpoins47.dat.temp [2012/07/08 14:13:58 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2012/05/30 21:54:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/05/30 21:54:32 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/05/07 21:37:55 | 000,034,814 | ---- | C] () -- C:\Users\MPOSSENER\AppData\Local\dt.dat [2011/08/23 20:10:29 | 000,019,529 | ---- | C] () -- C:\Windows\hpqins13.dat [2011/06/05 17:47:00 | 000,000,258 | RHS- | C] () -- C:\Users\MPOSSENER\ntuser.pol [2011/05/09 14:10:39 | 000,000,944 | ---- | C] () -- C:\Users\MPOSSENER\Windows Easy Transfer.lnk [2011/05/09 14:10:39 | 000,000,706 | ---- | C] () -- C:\Users\MPOSSENER\autorun.inf [2011/01/06 04:09:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2010/12/06 10:01:33 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2008/04/02 20:52:04 | 000,000,108 | ---- | C] () -- C:\Users\MPOSSENER\default.pls [2008/03/26 18:16:49 | 000,001,024 | ---- | C] () -- C:\Users\MPOSSENER\.rnd ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\MPOSSENER\AppData\Local\{0475e131-5bbb-6a7d-9dde-0ced762d5f8b}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/15 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/10/15 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/10/07 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\MAUREEN\AppData\Roaming\AVG2013 [2012/09/27 17:48:24 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\AVG2013 [2012/03/23 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\GetRightToGo [2012/03/22 17:15:06 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\gizza [2012/04/03 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\iolo [2012/07/25 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Media Player Lite [2012/08/19 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\PowerCinema [2012/06/04 09:58:47 | 000,000,000 | -H-D | M] -- C:\Users\MPOSSENER\AppData\Roaming\RPPrivate [2012/06/12 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Simple Sudoku [2011/05/09 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\SolSuite [2012/04/27 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Tific [2012/03/02 17:26:14 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\TuneUp Software [2011/07/09 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Uniblue [2011/09/12 20:01:38 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E00596C @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report >
  16. This is the second DDS log. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 04/05/2011 01:26:34 System Uptime: 16/12/2012 20:21:24 (1 hours ago) . Motherboard: Acer | | JE50_HR Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 1386/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 202.397 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart B110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart B110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . ==== System Restore Points =================== . RP129: 01/11/2012 16:03:33 - Installed Java 7 Update 9 RP130: 21/11/2012 14:36:19 - Windows Update RP131: 27/11/2012 12:00:20 - Restore Operation RP132: 28/11/2012 17:22:13 - Windows Update RP133: 13/12/2012 15:36:03 - Windows Update RP134: 13/12/2012 16:08:06 - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Airport Mania First Flight Amazonia Apple Application Support Apple Mobile Device Support Apple Software Update Audible Download Manager AVG 2013 B110 Backup Manager V3 Bing Bar Bonjour Broadcom Card Reader Driver Installer Broadcom Gigabit NetLink Controller BufferChm Cake Mania clear.fi clear.fi Client Coupon Printer for Windows D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Dream Day First Home DriverUpdate eBay Worldwide eSobi v2 ETDWare PS/2-X64 8.0.6.0_WHQL Farm Frenzy 2 ffdshow v1.2.4422 [2012-04-09] Galapago Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Heroes of Hellas Hewlett-Packard ACLM.NET v1.1.0.0 HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart Essential 3.5 HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IsoBuster 3.0 iTunes Java 7 Update 9 Java Auto Updater Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MediaEspresso MediaPlayerLite 0.3 Merriam Websters Spell Jam Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker MyWinLocker 4 MyWinLocker Suite Network64 NTI Media Maker 9 Picasa 3 Poker 25 Version 1.0 Poker Pop PS_AIO_07_B110_SW_Min QuickTime QuickTransfer RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Renesas Electronics USB 3.0 Host Controller Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shop for HP Supplies Shredder Skype™ 5.10 SlimDrivers SmartWebPrinting SolSuite SolutionCenter Spin & Win Status Sudoku SuDoku Solver v 1.0 SUPERAntiSpyware SUPERAntiSpyware Free Edition System Checkup 3.0 Ten Thumbs 4.7 Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables WebReg Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ZoneAlarm LTD Toolbar . ==== Event Viewer Messages From Past Week ======== . 16/12/2012 20:23:28, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 16/12/2012 20:22:24, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon 16/12/2012 20:22:21, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 13/12/2012 16:58:21, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  17. I show one DDS log below and send the second one immediately after. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by MPOSSENER at 21:41:08 on 2012-12-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2591 [GMT 0:00] . . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.yahoo.com/ uWindow Title = Microsoft Internet Explorer provided by Tiscali uSearch Bar = hxxp://www.lycos.co.uk/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.tiscali.co.uk/ mStart Page = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}\243534 : DHCPNameServer = 192.168.0.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned> x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-19 31080] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2656280] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-6 243232] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112] R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368] R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-6 138024] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912] S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-10 15712] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-12 16:09:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-30 23:17:22 -------- d-----w- C:\Program Files\iPod 2012-11-30 23:17:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-30 23:17:21 -------- d-----w- C:\Program Files\iTunes 2012-11-30 23:17:21 -------- d-----w- C:\Program Files (x86)\iTunes 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-21 14:49:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-21 14:49:42 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-21 14:49:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-21 14:49:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-21 14:38:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-21 14:38:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-21 14:38:16 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-21 14:38:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-21 14:38:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-21 14:38:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-21 14:38:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe . ==================== Find3M ==================== . 2012-12-16 20:22:44 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-12-14 12:18:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 12:18:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 16:03:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-01 16:03:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1
  18. I was very reluctant to run ComboFix when my computer was infected so you suggested an alternative which started with OTL. You then wrote some software for me to include in the Custom Scans/Fixes box and that removed the infection. Can I avoid using ComboFix again?
  19. I think they have changed AppRemover recently. It is now called OPSWAT AppRemover and you are asked if you want an OPSWAT Security Toolbar installed. If you select (as I did) the alternative of "I only wish to run AppRemover" the only option available is "Uninstall your Security Application". This then showed that I had AVG and MBAM; because I did not want to uninstall either of them I closed the page. Your suggested "Clean up a Failed Uninstall" does not seem to be available. Can you make another suggestion please?
  20. Dear Maniac When you helped me to remove a PUM from my computer, you advised me to uninstall ZoneAlarm and rely on only one firewall. As well as using the usual uninstall procedure, you gave me a link to the tool “download.zonealarm.com/……./clean.exe” which removed all references to ZoneAlarm on my system. It also removed it from SystemCheck. I think this part of the history of your help was lost when the MBAM system had its breakdown about one month ago. Since then I have not been able to scan from my HP wireless printer although I can arrange a scan from my computer which demonstrates that the basic scan system is working. HP website says this can be caused by firewall problems and when I use the HP test for firewalls it indicates the existence on my system of ZoneAlarm Pro Firewall. However I still cannot find it elsewhere and have rerun the cleaning tool mentioned above without effect. Can you suggest another cleaning tool to get rid of the remaining ZoneAlarm? I suppose it is possible that this is a consequence of damage caused by the initial infection. Thank you in advance for your continuing help Report
  21. Thank you again for all your help. I think I have now finished with my problems. I will be much more careful with surfing in the future. I hope you have received the transfer. Best wishes Imposs
  22. I have now removed them from my Desktop (except for SecurityCheck) and elsewhere where they showed up. I assume that means they have gone from my system. Incidentally, I have just noticed that the SecurityCheck logs show Google Chrome which I have never downloaded. My list of programs indicates that I have Google Chrome Frame which must have come with something else. Is that what the SecurityCheck log is showing up? I have been wondering if MBAM Pro would have prevented my recent infection with a PUM which MBAM Free identified but could not remove on restart. What do you think? Please look out for my PM which I sent recently.
  23. I have two more questions, please. 1. Following your last reply, is there any disadvantage in deleting the list in Quarantine? 2.My Desktop now has 9 extra icons (with shortcuts to programs) following your help because each item of software was saved to desktop. Can I delete some or all of the software or is it wise to keep them available in case the problem occurs again (particularly as your links were lost when my back history was wiped from this Forum last week)? The extra items are: DDS, AppRemover, AdwCleaner, aswMBR, OTL, Complete Internet Repair(which I did not run), JavaRa, AVPTool. There is also Security Check but I want to keep that, in order to run it occasionally; it seems simple and very useful.
  24. Well done! PChell works and Norton 360 no longer appears on my SecurityCheck (latest log below). What should I do about the Quarantine section of MBAM? The PUM which you have removed for me is listed several times there together with other bad looking infections. Is it safe to leave them there or should I delete the list? Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Reader X (10.1.4) Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````
  25. I have used the Norton Removal tool twice (and restarted my computer each time) and removed manually all references to Norton that I could find (including the removal tool itself) but Norton 360 still appears on the Security Scan as you can see on the following log. Should I just forget it? Thank you for the suggestion of virustotal but their maximum file size is 32MB. That is not enough for a video clip and I do not want to bring the clips on to my computer to subdivide them in case that imports an infection. Do you know a website which will scan larger files? Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Reader X (10.1.4) Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.