View Full Version : Windows Defender is disabled - unable to enable / Windows Firewall being turned off
CleanTech
2014-02-16, 08:16
Hi,
Having trouble on my HP laptop w/Win 7 - I am unable to enable Windows Defender and s.th. appears to turn off Windows Firewall. I'm running SpyBot Home Edition, also cleaned with AdwCleaner which I downloaded from Bleepingcomputer.....no success.
Thank you for any help or suggestions.
Edit
Previous topic: http://forums.spybot.info/showthread.php?70168-win32-androm-bmne-found-by-ZA-unable-to-update-Spybot-Professional&highlight=
This forum's FAQ: "BEFORE You POST" Please read this Procedure Before Requesting Assistance"
http://forums.spybot.info/showthread.php?t=288
I thought we just cleaned this computer up?
Please post the AdwCleaner log
C:\AdwCleaner[S1].txt <--to the most recent number
CleanTech
2014-02-17, 01:42
This is my laptop. We cleaned the desktop. :(
Here is the AdwCleaner log (after clean/fix):
# AdwCleaner v3.018 - Report created 15/02/2014 at 21:55:52
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karin - KARIN-HP
# Running from : C:\Users\Karin\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Karin\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Karin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Karin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\ConduitCommon
File Deleted : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\prefs.js ]
Line Deleted : user_pref("CT2925418..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2925418..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2925418..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2925418.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2925418.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2925418.AppTrackingLastCheckTime", "Sun May 06 2012 18:20:33 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.CT2925418", "CT2925418");
Line Deleted : user_pref("CT2925418.CurrentServerDate", "9-8-2012");
Line Deleted : user_pref("CT2925418.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2925418.DialogsGetterLastCheckTime", "Thu Aug 09 2012 10:59:22 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2925418.EMailNotifierPollDate", "Thu Aug 09 2012 10:59:18 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.FirstServerDate", "4-7-2011");
Line Deleted : user_pref("CT2925418.FirstTime", true);
Line Deleted : user_pref("CT2925418.FirstTimeFF3", true);
Line Deleted : user_pref("CT2925418.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2925418.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2925418.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2925418.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2925418.Initialize", true);
Line Deleted : user_pref("CT2925418.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2925418.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2925418.InstalledDate", "Mon Jul 04 2011 11:27:28 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2925418.IsGrouping", false);
Line Deleted : user_pref("CT2925418.IsInitSetupIni", true);
Line Deleted : user_pref("CT2925418.IsMulticommunity", false);
Line Deleted : user_pref("CT2925418.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2925418.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2925418.LanguagePackLastCheckTime", "Thu Aug 09 2012 10:59:22 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2925418.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2925418.LastLogin_3.10.0.1", "Tue May 01 2012 08:19:17 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.12.2.3", "Mon Jun 04 2012 18:28:24 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.13.0.6", "Thu Aug 09 2012 10:59:21 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.5.0.12", "Tue Jul 26 2011 08:25:43 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.5.1.1", "Mon Sep 05 2011 18:41:19 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.6.0.10", "Wed Sep 28 2011 19:42:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.7.0.6", "Tue Nov 08 2011 17:25:21 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.8.0.8", "Sat Dec 10 2011 10:40:23 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.8.1.0", "Tue Jan 17 2012 21:28:40 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2925418.LastLogin_3.9.0.3", "Thu Mar 08 2012 08:24:02 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2925418.LatestVersion", "3.14.1.0");
Line Deleted : user_pref("CT2925418.Locale", "en");
Line Deleted : user_pref("CT2925418.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2925418.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2925418.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2925418.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2925418.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2925418.OriginalFirstVersion", "3.5.0.12");
Line Deleted : user_pref("CT2925418.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2925418.SearchBackToDefaultEngine", false);
Line Deleted : user_pref("CT2925418.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2925418&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2925418.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2925418.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=2&q=");
Line Deleted : user_pref("CT2925418.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2925418.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2925418.SearchInNewTabLastCheckTime", "Thu Aug 09 2012 10:59:18 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2925418.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2925418.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2925418.ServiceMapLastCheckTime", "Thu Aug 09 2012 10:59:18 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.SettingsLastCheckTime", "Thu Aug 09 2012 10:59:17 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.SettingsLastUpdate", "1340631623");
Line Deleted : user_pref("CT2925418.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2925418.ThirdPartyComponentsLastCheck", "Thu Aug 09 2012 10:59:17 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2925418.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2925418.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2925418");
Line Deleted : user_pref("CT2925418.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2925418.UserID", "UN11698884046991875");
Line Deleted : user_pref("CT2925418.ValidationData_Search", 2);
Line Deleted : user_pref("CT2925418.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2925418.WeatherNetwork", "");
Line Deleted : user_pref("CT2925418.WeatherPollDate", "Thu Aug 09 2012 10:59:20 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.WeatherUnit", "F");
Line Deleted : user_pref("CT2925418.alertChannelId", "1317307");
Line Deleted : user_pref("CT2925418.approveUntrustedApps", false);
Line Deleted : user_pref("CT2925418.backendstorage.facebook_mode", "32");
Line Deleted : user_pref("CT2925418.backendstorage.facebook_user_locale", "656E");
Line Deleted : user_pref("CT2925418.components.1000082", false);
Line Deleted : user_pref("CT2925418.components.1000234", true);
Line Deleted : user_pref("CT2925418.components.129403465894356881", false);
Line Deleted : user_pref("CT2925418.components.129403465895763137", false);
Line Deleted : user_pref("CT2925418.components.129452822148981871", false);
Line Deleted : user_pref("CT2925418.components.129452822149606873", false);
Line Deleted : user_pref("CT2925418.components.129452822150075625", false);
Line Deleted : user_pref("CT2925418.components.129538368125733219", false);
Line Deleted : user_pref("CT2925418.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2925418.globalFirstTimeInfoLastCheckTime", "Thu Aug 09 2012 10:59:23 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2925418.initDone", true);
Line Deleted : user_pref("CT2925418.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2925418.myStuffEnabled", true);
Line Deleted : user_pref("CT2925418.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2925418.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2925418.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2925418.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2925418.oldAppsList", "129403465893419378,129403465893731879,111,129547531465455574,129454670619237939,129403465894356881,129403465895763137,1000080,129538368125733219,1000034,12979124306[...]
Line Deleted : user_pref("CT2925418.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2925418.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2925418.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2925418.testingCtid", "");
Line Deleted : user_pref("CT2925418.toolbarAppMetaDataLastCheckTime", "Thu Aug 09 2012 10:59:22 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.toolbarContextMenuLastCheckTime", "Thu Aug 09 2012 10:59:22 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2925418.usageEnabled", false);
Line Deleted : user_pref("CT2925418.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2925418/CT2925418", "\"b73a3795568b91c415b52281de90d2be2\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1317307/1312978/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2925418", "\"1295868936\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:1452\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:150d\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.1.1", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:1254\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"023d3d3f2c9cc1:12ac\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2925418", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2925418&octid=CT2925418", "\"1320075102\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2925418/CT2925418", "\"1311168858\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"073e33a707e0305bf15c11c5bbb33921\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"404de65f2ba190eb6fcce23dee94df6d\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Karin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zqw0sijt.default\\conduitCommon\\modules\\3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2925418");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2925418");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2925418");
Line Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.AQDL4JLFsuIw24KH.86400.1315846800.0-100000217088749");
Line Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "TfqCbS_eg5mg7Rw15LOSfg__");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Apr 26 2012 21:17:30 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.facebook.userId", "100000217088749");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a98fc122-6a99-45e5-8a32-37f530959eea");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jul 07 2012 17:00:33 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 07 2012 17:00:41 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Jul 07 2012 17:00:33 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "42bf78bb-93fd-482d-b3a8-8c57de13fb8d");
Line Deleted : user_pref("extensions.crossriderapp21802.adsOldValue", -1);
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3672");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1459,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "true");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
Line Deleted : user_pref("extensions.wajam.trace_log", "1361567190296 - load - processBrowserLoad\n1361567190296 - readNoTrace - 64 bits - Error Message: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "1c6098dac83d18fe92f035a135b70cb3");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [25801 octets] - [15/02/2014 21:53:57]
AdwCleaner[S0].txt - [25982 octets] - [15/02/2014 21:55:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26043 octets] ##########
Thanks.
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
CleanTech
2014-02-17, 02:11
Hi Juliet - will paste in several replies:
FRST.TXT - Part 1:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Karin (administrator) on KARIN-HP on 16-02-2014 16:06:16
Running from C:\Users\Karin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Users\Karin\AppData\Roaming\Dashlane\Dashlane.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2008\QBW32.EXE
(SonicWALL, Inc.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
(Dropbox, Inc.) C:\Users\Karin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-03] (SUPERAntiSpyware)
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\Run: [Dashlane] - C:\Users\Karin\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-01-29] ()
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {4e8a2588-9015-11e3-876b-fa807d2b20ff} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {529ff1f5-8b81-11e2-a8b3-d1f3c263a6ef} - F:\V8000_ZTE.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {76d2b567-1088-11e0-987c-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {97947d45-8812-11e2-90d1-d43c899510bc} - F:\V8000_ZTE.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {a5bb8386-119c-11e2-99f9-f2dfe6db73ea} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {ac77e701-5570-11e0-8240-ac8112001c68} - F:\start.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {b8d2744e-9880-11e2-ac1e-e71ba085a8ed} - F:\V8000_ZTE.exe
HKU\S-1-5-21-4153263565-3533792863-1441308587-1001\...\MountPoints2: {bcbdb9bb-1755-11e0-b89b-b480265ac3d4} - F:\EasySuite.exe
Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6F10F6F4-EC71-4716-AF85-5628464B9E71} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {A2E6E237-69A6-4E84-B065-CD2FEC32A297} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {6F10F6F4-EC71-4716-AF85-5628464B9E71} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {A2E6E237-69A6-4E84-B065-CD2FEC32A297} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {2B2E77B5-7338-4651-B01E-5D8C5F67ED97} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN31051775191590514
SearchScopes: HKCU - {6F10F6F4-EC71-4716-AF85-5628464B9E71} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {A2E6E237-69A6-4E84-B065-CD2FEC32A297} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Karin\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Karin\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default
FF Homepage: www.google.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Karin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karin\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Default Manager - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\Extensions\DefaultManager@Microsoft [2011-08-28]
FF Extension: zonealarm.com - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw0sijt.default\Extensions\ffxtlbr@zonealarm.com [2012-10-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-21]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-21]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Karin\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Karin\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-01]
CHR Extension: (Google Drive) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-01]
CHR Extension: (YouTube) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-01]
CHR Extension: (Google Search) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-01]
CHR Extension: (Dashlane) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-02-06]
CHR Extension: (TOEFL 1200 Words in 30 Days) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedheaebdffklhgodepimamapjcjhgfl [2013-08-17]
CHR Extension: (Skype Click to Call) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-01]
CHR Extension: (Google Wallet) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\Karin\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
S3 ATMFBUS; C:\Windows\System32\DRIVERS\ATMFBUS.sys [63488 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFCVsp; C:\Windows\System32\DRIVERS\ATMFCVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFFLT; C:\Windows\System32\DRIVERS\ATMFFLT.sys [15872 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFMdm; C:\Windows\System32\DRIVERS\ATMFMdm.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFNET; C:\Windows\System32\DRIVERS\ATMFNET.sys [133632 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFNVsp; C:\Windows\System32\DRIVERS\ATMFNVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFVsp; C:\Windows\System32\DRIVERS\ATMFVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-15] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-17] (Kaspersky Lab ZAO)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [63904 2013-10-10] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
CleanTech
2014-02-17, 02:12
FRST.txt - Part 2 of 2:
==================== One Month Created Files and Folders ========
2014-02-16 16:04 - 2014-02-16 16:06 - 00050185 _____ () C:\Users\Karin\Desktop\Addition.txt
2014-02-16 16:03 - 2014-02-16 16:06 - 00028027 _____ () C:\Users\Karin\Desktop\FRST.txt
2014-02-16 16:03 - 2014-02-16 16:06 - 00000000 ____D () C:\FRST
2014-02-16 16:01 - 2014-02-16 16:01 - 02152448 _____ (Farbar) C:\Users\Karin\Desktop\FRST64.exe
2014-02-16 14:35 - 2013-11-26 15:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-16 14:35 - 2013-11-26 14:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-15 21:53 - 2014-02-15 21:56 - 00000000 ____D () C:\AdwCleaner
2014-02-15 17:56 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-15 17:56 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-15 17:56 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-15 17:56 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-15 17:56 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-15 17:56 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-15 17:56 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-15 17:56 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-15 17:56 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-15 17:56 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-15 17:56 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-15 17:56 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-15 17:56 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-15 17:56 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-15 17:56 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-15 17:56 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-15 17:40 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-15 17:40 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-15 17:28 - 2014-02-15 17:29 - 01166132 _____ () C:\Users\Karin\Downloads\AdwCleaner(1).exe
2014-02-13 21:35 - 2014-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-13 03:03 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:03 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:02 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:02 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:02 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:02 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:02 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:02 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:02 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:02 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:02 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:02 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:02 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:02 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:02 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:02 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:02 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:02 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:02 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:02 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:02 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:02 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:02 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:02 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:02 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:02 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:02 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:02 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:02 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:02 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:02 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:02 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:02 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:02 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:02 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:02 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:02 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:02 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:02 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:02 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:02 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 21:10 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 21:10 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 21:10 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 21:10 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 21:10 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 21:10 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 21:10 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 21:10 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 21:10 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 21:10 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 21:10 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 21:10 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 21:10 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 21:10 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 21:10 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 21:10 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 21:10 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 21:10 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 21:10 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 21:10 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 21:10 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 21:10 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 21:10 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 21:10 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 21:10 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 21:10 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 21:10 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 21:10 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 18:25 - 2014-02-12 18:25 - 01166132 _____ () C:\Users\Karin\Desktop\AdwCleaner.exe
2014-02-11 10:40 - 2014-02-11 10:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Karin\Downloads\rkill.exe
2014-02-10 12:19 - 2014-02-10 12:19 - 00001419 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-10 12:19 - 2014-02-10 12:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-10 12:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-10 12:15 - 2014-02-10 12:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-10 12:14 - 2014-02-10 12:14 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\Karin\Downloads\spybot2-license.exe
2014-02-09 12:55 - 2014-02-09 12:56 - 00847344 _____ (Google Inc.) C:\Users\Karin\Downloads\ChromeSetup.exe
2014-02-06 18:01 - 2014-02-06 18:01 - 00001076 _____ () C:\Users\Karin\Downloads\Pictures - Shortcut.lnk
2014-02-06 16:45 - 2014-02-06 16:45 - 00002210 _____ () C:\Windows\uncontrols.iun
2014-02-06 16:45 - 2014-02-06 16:45 - 00000000 ____D () C:\FileNet
2014-02-06 16:45 - 1999-05-14 12:49 - 00002494 _____ () C:\Windows\SysWOW64\mscomctl.dep
2014-02-06 16:45 - 1999-03-18 00:00 - 00502544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-02-06 16:45 - 1999-01-28 15:44 - 00049152 _____ (Blue Sky Software Corporation.) C:\Windows\SysWOW64\inetwh32.dll
2014-02-06 16:32 - 2014-02-06 16:46 - 00000905 _____ () C:\Windows\idmwebcontrols.log
2014-02-06 16:30 - 2014-02-06 16:30 - 08101680 _____ (FileNet Corporation ) C:\Users\Karin\Downloads\fncontrols.exe
2014-02-06 11:40 - 2014-02-06 11:40 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (3).ppt
2014-02-06 11:36 - 2014-02-06 11:36 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (2).ppt
2014-02-06 11:35 - 2014-02-06 11:36 - 01171456 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (1).ppt
2014-02-06 11:35 - 2014-02-06 11:35 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM.ppt
2014-02-06 11:15 - 2014-02-06 11:15 - 00022188 _____ () C:\Users\Karin\Downloads\Small_Business_Checking.qbo
2014-02-06 11:15 - 2014-02-06 11:15 - 00002959 _____ () C:\Users\Karin\Downloads\Small_Business_Checking (1).qbo
2014-02-06 11:15 - 2014-02-06 11:15 - 00000981 _____ () C:\Users\Karin\Downloads\Business_Savings.qbo
2014-02-06 10:57 - 2014-02-06 10:57 - 00659356 _____ () C:\Users\Karin\Downloads\BEAM-BT-11_1.02.0.R.upd
2014-02-06 09:18 - 2014-02-06 09:18 - 00002147 _____ () C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
2014-02-06 09:11 - 2014-02-06 09:11 - 00000000 ____D () C:\ProgramData\Nuance
2014-02-06 08:53 - 2014-02-06 08:53 - 00000000 ____D () C:\Users\Karin\AppData\Local\DoNotTrackPlus
2014-02-05 16:48 - 2014-02-05 16:48 - 02263608 _____ (Logitech Inc.) C:\Users\Karin\Downloads\logitech_connect.exe
2014-02-05 16:48 - 2014-02-05 16:48 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Logitech
2014-02-05 16:48 - 2014-02-05 16:48 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Logishrd
2014-02-04 18:11 - 2014-02-04 18:11 - 00002015 _____ () C:\Users\Karin\Desktop\Dashlane.lnk
2014-02-04 18:11 - 2014-02-04 18:11 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2014-02-04 18:11 - 2014-02-04 18:11 - 00000000 ____D () C:\Program Files (x86)\Dashlane
2014-02-04 18:09 - 2014-02-04 18:12 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Dashlane
2014-02-04 18:09 - 2014-02-04 18:09 - 00918552 _____ (Dashlane inc.) C:\Users\Karin\Downloads\Dashlane_Launcher-1390930704.exe
2014-02-04 18:09 - 2014-02-04 18:09 - 00000000 ____D () C:\Users\Karin\AppData\Local\Packages
2014-02-03 23:39 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-03 23:39 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-03 23:39 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-03 23:39 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-03 18:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-03 18:47 - 2014-02-03 18:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-03 18:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-03 18:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-03 18:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-02-16 16:06 - 2014-02-16 16:04 - 00050185 _____ () C:\Users\Karin\Desktop\Addition.txt
2014-02-16 16:06 - 2014-02-16 16:03 - 00028027 _____ () C:\Users\Karin\Desktop\FRST.txt
2014-02-16 16:06 - 2014-02-16 16:03 - 00000000 ____D () C:\FRST
2014-02-16 16:05 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 16:05 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 16:01 - 2014-02-16 16:01 - 02152448 _____ (Farbar) C:\Users\Karin\Desktop\FRST64.exe
2014-02-16 15:53 - 2010-12-25 10:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 15:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2014-02-16 15:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 15:01 - 2010-11-11 01:37 - 02040563 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 14:28 - 2012-09-13 14:06 - 00000000 ___RD () C:\Users\Karin\Dropbox
2014-02-16 14:28 - 2012-09-13 09:05 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Dropbox
2014-02-16 14:26 - 2010-12-25 10:44 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 14:23 - 2012-12-05 19:06 - 00000302 _____ () C:\Windows\Tasks\GMDJAQNWQ.job
2014-02-16 14:23 - 2012-07-19 11:59 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-16 14:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 14:22 - 2009-07-13 20:51 - 00111235 _____ () C:\Windows\setupact.log
2014-02-15 22:06 - 2011-07-11 09:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 21:59 - 2013-08-26 14:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 21:56 - 2014-02-15 21:53 - 00000000 ____D () C:\AdwCleaner
2014-02-15 21:56 - 2011-01-03 08:29 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 17:29 - 2014-02-15 17:28 - 01166132 _____ () C:\Users\Karin\Downloads\AdwCleaner(1).exe
2014-02-15 17:22 - 2011-06-29 14:40 - 00000000 ____D () C:\Users\Public\Documents\Estimates
2014-02-15 17:02 - 2011-01-03 18:10 - 00000000 ____D () C:\Users\Karin\AppData\Local\Adobe
2014-02-15 17:00 - 2012-09-25 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 17:00 - 2012-09-25 10:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 16:08 - 2010-12-25 11:11 - 00000000 ____D () C:\Users\Karin\Documents\Outlook Files
2014-02-13 23:11 - 2011-01-14 23:04 - 00000000 ____D () C:\Users\Karin\AppData\Local\Mozilla
2014-02-13 21:35 - 2014-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-13 21:35 - 2011-01-14 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 03:45 - 2010-12-25 16:38 - 00653108 _____ () C:\Windows\PFRO.log
2014-02-13 03:26 - 2010-12-25 09:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:09 - 2011-06-29 12:29 - 00779128 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 03:09 - 2009-07-13 21:13 - 00779128 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 03:05 - 2009-07-13 18:34 - 00000542 _____ () C:\Windows\win.ini
2014-02-12 18:25 - 2014-02-12 18:25 - 01166132 _____ () C:\Users\Karin\Desktop\AdwCleaner.exe
2014-02-12 17:43 - 2013-10-09 01:44 - 00009529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-02-11 20:13 - 2013-08-26 13:58 - 00000000 ____D () C:\Users\Karin\Documents\holly
2014-02-11 18:31 - 2013-07-14 06:39 - 00532480 ___SH () C:\Users\Karin\Downloads\Thumbs.db
2014-02-11 10:40 - 2014-02-11 10:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Karin\Downloads\rkill.exe
2014-02-10 12:54 - 2010-07-15 11:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-10 12:33 - 2010-07-15 13:06 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-10 12:24 - 2010-07-15 13:06 - 00000000 ____D () C:\ProgramData\CyberLink
2014-02-10 12:21 - 2014-02-10 12:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-10 12:19 - 2014-02-10 12:19 - 00001419 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-10 12:19 - 2014-02-10 12:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-10 12:19 - 2012-11-29 22:33 - 00000000 ____D () C:\Games
2014-02-10 12:19 - 2012-11-29 22:21 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-02-10 12:14 - 2014-02-10 12:14 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\Karin\Downloads\spybot2-license.exe
2014-02-10 11:30 - 2013-04-15 14:09 - 00000000 ____D () C:\Users\Karin\Downloads\HERO Logos
2014-02-09 17:50 - 2011-01-15 09:17 - 00016384 _____ () C:\Users\Karin\Documents\Info.xlsx
2014-02-09 16:17 - 2012-03-11 19:44 - 00000000 ____D () C:\Users\Karin\Documents\SolarProjects
2014-02-09 12:56 - 2014-02-09 12:55 - 00847344 _____ (Google Inc.) C:\Users\Karin\Downloads\ChromeSetup.exe
2014-02-06 18:01 - 2014-02-06 18:01 - 00001076 _____ () C:\Users\Karin\Downloads\Pictures - Shortcut.lnk
2014-02-06 16:46 - 2014-02-06 16:32 - 00000905 _____ () C:\Windows\idmwebcontrols.log
2014-02-06 16:45 - 2014-02-06 16:45 - 00002210 _____ () C:\Windows\uncontrols.iun
2014-02-06 16:45 - 2014-02-06 16:45 - 00000000 ____D () C:\FileNet
2014-02-06 16:30 - 2014-02-06 16:30 - 08101680 _____ (FileNet Corporation ) C:\Users\Karin\Downloads\fncontrols.exe
2014-02-06 15:56 - 2009-07-13 20:45 - 00458896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-06 11:40 - 2014-02-06 11:40 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (3).ppt
2014-02-06 11:36 - 2014-02-06 11:36 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (2).ppt
2014-02-06 11:36 - 2014-02-06 11:35 - 01171456 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM (1).ppt
2014-02-06 11:35 - 2014-02-06 11:35 - 01173504 _____ () C:\Users\Karin\Downloads\20121101_SFM_Fire_Solar_PV_SFM.ppt
2014-02-06 11:27 - 2011-06-29 12:11 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-02-06 11:20 - 2013-02-20 09:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 11:15 - 2014-02-06 11:15 - 00022188 _____ () C:\Users\Karin\Downloads\Small_Business_Checking.qbo
2014-02-06 11:15 - 2014-02-06 11:15 - 00002959 _____ () C:\Users\Karin\Downloads\Small_Business_Checking (1).qbo
2014-02-06 11:15 - 2014-02-06 11:15 - 00000981 _____ () C:\Users\Karin\Downloads\Business_Savings.qbo
2014-02-06 10:57 - 2014-02-06 10:57 - 00659356 _____ () C:\Users\Karin\Downloads\BEAM-BT-11_1.02.0.R.upd
2014-02-06 10:18 - 2010-12-25 08:50 - 00129408 _____ () C:\Users\Karin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 09:27 - 2011-06-29 10:37 - 00000000 ____D () C:\Users\Karin\AppData\Local\Intuit
2014-02-06 09:18 - 2014-02-06 09:18 - 00002147 _____ () C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
2014-02-06 09:11 - 2014-02-06 09:11 - 00000000 ____D () C:\ProgramData\Nuance
2014-02-06 09:11 - 2011-06-29 12:12 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-02-06 09:11 - 2011-06-29 10:29 - 00000000 ____D () C:\ProgramData\Intuit
2014-02-06 08:56 - 2011-06-29 12:08 - 00000000 ____D () C:\Windows\Intuit
2014-02-06 08:53 - 2014-02-06 08:53 - 00000000 ____D () C:\Users\Karin\AppData\Local\DoNotTrackPlus
2014-02-06 04:16 - 2014-02-13 03:02 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-13 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-13 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-13 03:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-13 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-13 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 03:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-13 03:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-13 03:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-13 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-13 03:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-13 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-13 03:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-13 03:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-13 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-13 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-13 03:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-13 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-13 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-13 03:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-13 03:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-13 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-13 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-13 03:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-13 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-13 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-13 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-13 03:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-13 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-13 03:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-13 03:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-13 03:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-13 03:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-13 03:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-13 03:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-13 03:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-13 03:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-13 03:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-13 03:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:48 - 2014-02-05 16:48 - 02263608 _____ (Logitech Inc.) C:\Users\Karin\Downloads\logitech_connect.exe
2014-02-05 16:48 - 2014-02-05 16:48 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Logitech
2014-02-05 16:48 - 2014-02-05 16:48 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Logishrd
2014-02-04 19:17 - 2011-03-20 21:37 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarin
2014-02-04 19:17 - 2011-03-20 21:37 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForKarin.job
2014-02-04 18:12 - 2014-02-04 18:09 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Dashlane
2014-02-04 18:11 - 2014-02-04 18:11 - 00002015 _____ () C:\Users\Karin\Desktop\Dashlane.lnk
2014-02-04 18:11 - 2014-02-04 18:11 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2014-02-04 18:11 - 2014-02-04 18:11 - 00000000 ____D () C:\Program Files (x86)\Dashlane
2014-02-04 18:09 - 2014-02-04 18:09 - 00918552 _____ (Dashlane inc.) C:\Users\Karin\Downloads\Dashlane_Launcher-1390930704.exe
2014-02-04 18:09 - 2014-02-04 18:09 - 00000000 ____D () C:\Users\Karin\AppData\Local\Packages
2014-02-04 17:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-04 05:56 - 2013-06-01 13:20 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 18:50 - 2010-12-25 08:51 - 00000000 ___RD () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-03 18:49 - 2012-09-13 14:06 - 00001017 _____ () C:\Users\Karin\Desktop\Dropbox.lnk
2014-02-03 18:49 - 2012-09-13 09:07 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-03 18:48 - 2013-10-30 18:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-03 18:47 - 2014-02-03 18:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-03 18:47 - 2010-07-15 13:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-03 18:27 - 2012-06-04 05:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
Files to move or delete:
====================
C:\Users\Karin\gotomypc_438.exe
C:\Users\Karin\gotomypc_540.exe
C:\Users\Karin\gotomypc_626.exe
C:\Users\Karin\gotomypc_635.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-09 18:23
==================== End Of Log ============================
CleanTech
2014-02-17, 02:13
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Karin at 2014-02-16 16:06:56
Running from C:\Users\Karin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Android USB Driver (x32 Version: - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.609.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J825DW (x32 Version: 1.0.8.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Business-in-a-Box (x32 Version: 4.0.19 - Biztree Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (x32 Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco WebEx Meetings (HKCU Version: - Cisco WebEx LLC)
Citrix Online Launcher (x32 Version: 1.0.168 - Citrix)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cricket Broadband 1.0 (x32 Version: 1.0.1950 - Cricket)
Cricket EVDO Modem (Version: 1.1.3683.1001 - Cal-Comp Electronics and Communications Company Limited)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3130 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKCU Version: 2.4.0.55276 - Dashlane SAS)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Designer 2.0 (x32 Version: 7.9.4 - Fomanu AG)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EasyBits GO (HKCU Version: - EasyBits Media)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
EnergyPlus Version 7.2 (x32 Version: 7.2.0.006 - US Department of Energy)
EPSON Artisan 800 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Artisan 810 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EPSON Printer Software (Version: - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - )
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileNet IDM Web Controls 4.0 (x32 Version: - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Calendar Sync (x32 Version: - )
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.3.0.978 (HKCU Version: 5.3.0.978 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (x32 Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (x32 Version: 1.0.1.3 - WildTangent)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0 - Hewlett-Packard)
HP Photo Creations (x32 Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP)
HP Power Manager (x32 Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Software Framework (x32 Version: 3.5.23.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Support Assistant (x32 Version: 5.2.9.2 - Hewlett-Packard Company)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
HP Wireless Assistant (Version: 4.0.9.0 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2131 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (x32 Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (x32 Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PL-2303 Vista Driver Installer (x32 Version: 3.2.0.0 - Prolific)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks File Doctor (x32 Version: 3.4 - Intuit)
QuickBooks Pro 2012 (x32 Version: 22.0.4015.2206 - Intuit Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
RtVOsd (Version: 1.0.3 - Realtek Semiconductor Corp.)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Solmetric SunEye (x32 Version: 4.61.5039 - Solmetric Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StufManager 3.1.0 (x32 Version: - Shenitech)
Sunny Design 2.30 (x32 Version: 2.30.0.4 - SMA Solar Technology AG)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (x32 Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
SyncMyCal (x32 Version: 2.6.270 - Synchronization Technologies Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (x32 Version: - )
ZoneAlarm Antivirus (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm DataLock (x32 Version: 10.2.078.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (x32 Version: 12.0.104.000 - Check Point)
ZoneAlarm Firewall (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {043A6E1F-F3F2-4B07-9E5B-F5C27E6EE9CF} - System32\Tasks\{659FFCEA-3E23-4072-9E06-9896B09B9785} => C:\Program Files (x86)\Adobe\Acrobat_com\Acrobat_com.exe
Task: {0D64AB5C-8BBB-49E0-A116-BCAC32BD7D5F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-08-02] (CyberLink)
Task: {270B898B-4587-4926-8C09-7C00F023A967} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {272E7482-C822-4A6B-B7E9-C090AE1B250A} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {3AE39E5F-C60F-4EE6-96F6-5BD33DB45076} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {44559809-ACF3-4762-9189-4C57E2AE206D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
Task: {45727D29-D034-4BDF-961B-C88D32AED339} - System32\Tasks\{6E6A963C-8B8B-4BAA-934E-1B025934E1D1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: {4717CB55-F48B-4C5E-9390-049FECAA84C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49594634-48FB-4DA8-BE9E-CF12A049804C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25] (Google Inc.)
Task: {4AFADC70-45F7-4EAF-B978-21C79ADCD0B6} - System32\Tasks\{3EDD0DEA-DC07-4A68-866D-2DF9339B1468} => C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe
Task: {53EDB025-A6B3-4869-BAD8-D10A114C74C2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5CF23288-7D6F-441E-9E2B-D5F611F94431} - System32\Tasks\{4A6D4BB4-DEA4-44A9-A3ED-CD7152BCFD9F} => C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe
Task: {63245A43-F6EF-4CC9-BBD8-BDD8F3B352ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {84CABAA2-5223-4220-95E5-E7126D875191} - System32\Tasks\{CFCB1475-C573-478C-AC68-E8B50520BA71} => C:\Program Files (x86)\Adobe\Acrobat_com\Acrobat_com.exe
Task: {AC34E62E-7535-43F6-98EC-A89D1DD2159F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C042BB21-6825-495A-8711-800FD502C4ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CB29DD4A-41EB-45C5-A637-2094EF81BB78} - System32\Tasks\HPCeeScheduleForKarin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {D4692542-DC3A-452A-88B3-28DD4F390D55} - System32\Tasks\{C9F68070-012F-4B29-95C6-EA93ECB8076C} => C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe
Task: {D730FC58-6285-4BAB-AA84-0D4E780C7F94} - \GMDJAQNWQ No Task File
Task: {F7378700-68E7-4082-AE71-B11213EAE654} - System32\Tasks\{EB62A0F9-7F40-431F-ACAE-CE646754A061} => C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe
Task: C:\Windows\Tasks\GMDJAQNWQ.job => C:\Windows\SysWOW64\msrdcm.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKarin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-11-19 18:10 - 2011-04-19 17:06 - 00013632 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mlfhook64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-04 18:10 - 2014-01-29 09:18 - 00219832 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\Dashlane.exe
2012-10-10 08:52 - 2011-04-19 17:26 - 00110912 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\crsrpt64.dll
2012-10-10 08:52 - 2011-04-19 17:05 - 00370496 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk64.dll
2012-10-10 08:52 - 2011-04-19 17:01 - 00222528 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-02 10:51 - 2010-07-02 10:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2014-02-10 12:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-10 12:19 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-10 12:19 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-10 12:19 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-10 12:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-03-30 16:50 - 2012-04-20 13:13 - 00517960 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2013-10-17 05:33 - 2013-10-17 05:33 - 00065936 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2014-02-13 05:04 - 2014-02-13 05:04 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-11-11 01:40 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 00249016 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 00363704 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 00422584 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 28153528 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 00263352 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 04796600 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 04284600 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.55276.dll
2012-08-29 14:45 - 2012-08-29 14:45 - 00074928 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\FDE\fde_api.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_regex-vc90-mt-p-1_33.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\QBCompressor.dll
2011-08-19 21:30 - 2011-08-19 21:30 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\zlib1.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00380744 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\BackupLib.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00138568 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\QBMAPILibrary.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\boost_serialization-vc90-mt-p-1_33.dll
2013-11-08 05:48 - 2013-11-08 05:48 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2008\mbpopup.dll
2013-10-18 15:55 - 2013-10-18 15:55 - 25100288 _____ () C:\Users\Karin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-13 21:35 - 2014-02-12 16:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 00224952 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlanef_270.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 12108472 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.0.55276.dll
2014-02-04 18:10 - 2014-01-29 09:16 - 01913528 _____ () C:\Users\Karin\AppData\Roaming\Dashlane\2.4.0.55276\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.0.55276.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-15 17:00 - 2014-02-15 17:00 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:927EC486
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KL1 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kl2 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Karin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BIBLauncher => C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: EPSON Stylus Photo 1400 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBUA.EXE /FU "C:\Windows\TEMP\E_S7773.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON Stylus Photo 1400 Series (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBUA.EXE /FU "C:\Windows\TEMP\E_SBC51.tmp" /EF "HKCU"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: ISW => "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2014 03:29:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.
Error: (02/16/2014 02:27:53 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/16/2014 02:27:53 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/16/2014 02:27:53 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/15/2014 10:03:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/15/2014 10:03:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/15/2014 10:03:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (02/15/2014 09:50:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program TrueVector Service because of this error.
Program: TrueVector Service
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0
Error: (02/15/2014 09:50:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: vsmon.exe, version: 12.0.104.0, time stamp: 0x526b5ba9
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x518
Faulting application start time: 0xvsmon.exe0
Faulting application path: vsmon.exe1
Faulting module path: vsmon.exe2
Report Id: vsmon.exe3
Error: (02/15/2014 09:49:21 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
System errors:
=============
Error: (02/16/2014 02:22:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:19:06 PM on 2/16/2014 was unexpected.
Error: (02/16/2014 01:33:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (02/16/2014 01:30:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (02/15/2014 10:25:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (02/15/2014 10:24:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (02/15/2014 10:24:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
Error: (02/15/2014 09:51:00 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
Error: (02/15/2014 06:24:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
Error: (02/15/2014 06:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (02/15/2014 05:59:54 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
Error: (02/15/2014 05:23:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 114960 seconds with 780 seconds of active time. This session ended with a crash.
Error: (11/29/2012 04:24:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3862 seconds with 1620 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-02-16 16:01:00.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 15:53:00.953
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 15:41:28.935
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 14:32:42.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-16 13:33:16.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-15 22:18:52.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-15 21:48:54.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-15 18:02:33.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-15 17:50:50.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-02-15 17:22:20.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 3893.86 MB
Available physical RAM: 1252.77 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 4981.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.43 GB) (Free:170.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.03 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (QBPRO2012R1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Go to add remove programs in the control panel and uninstall
Java Auto Updater
Java(TM) 6 Update 31 (x32 Version: 6.0.310 - Oracle)
JavaFX 2.1.1
~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {2B2E77B5-7338-4651-B01E-5D8C5F67ED97} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN31051775191590514
SearchScopes: HKCU - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\Karin\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-06-01]
C:\Users\Karin\gotomypc_438.exe
C:\Users\Karin\gotomypc_540.exe
C:\Users\Karin\gotomypc_626.exe
C:\Users\Karin\gotomypc_635.exe
Task: {D730FC58-6285-4BAB-AA84-0D4E780C7F94} - \GMDJAQNWQ No Task File
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:927EC486
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.malwarebytes.org/forums/style_images/1/bf_new.gif Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php). Never download Malwarebytes' Anti-Malware from other sources.
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
please post:
fixlist.txt
JRT.txt
MBAM log
CleanTech
2014-02-17, 04:34
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by Karin at 2014-02-16 18:28:15 Run:1
Running from C:\Users\Karin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {2B2E77B5-7338-4651-B01E-5D8C5F67ED97} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN31051775191590514
SearchScopes: HKCU - {78C7A5E3-5716-455C-85D1-082ECFC0A8F2} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\Karin\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-06-01]
C:\Users\Karin\gotomypc_438.exe
C:\Users\Karin\gotomypc_540.exe
C:\Users\Karin\gotomypc_626.exe
C:\Users\Karin\gotomypc_635.exe
Task: {D730FC58-6285-4BAB-AA84-0D4E780C7F94} - \GMDJAQNWQ No Task File
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:927EC486
end
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key deleted successfully.
HKCR\CLSID\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B2E77B5-7338-4651-B01E-5D8C5F67ED97} => Key deleted successfully.
HKCR\CLSID\{2B2E77B5-7338-4651-B01E-5D8C5F67ED97} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key deleted successfully.
HKCR\CLSID\{78C7A5E3-5716-455C-85D1-082ECFC0A8F2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} => Value deleted successfully.
HKCR\CLSID\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCR\PROTOCOLS\Handler\intu-help-qb5 => Key deleted successfully.
HKCR\CLSID\{867FCB77-9823-4cd6-8210-D85F968D466F} => Key not found.
HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.
HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlopielgodpjhkbapdlbbicpiefpaack => Key deleted successfully.
"C:\Users\Karin\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx" => File/Directory not found.
C:\Users\Karin\gotomypc_438.exe => Moved successfully.
C:\Users\Karin\gotomypc_540.exe => Moved successfully.
C:\Users\Karin\gotomypc_626.exe => Moved successfully.
C:\Users\Karin\gotomypc_635.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D730FC58-6285-4BAB-AA84-0D4E780C7F94} => Error deleting key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D730FC58-6285-4BAB-AA84-0D4E780C7F94} => Error deleting key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GMDJAQNWQ => Error deleting key
C:\ProgramData\Temp => ":1DB77A89" ADS removed successfully.
C:\ProgramData\Temp => ":927EC486" ADS removed successfully.
==== End of Fixlog ====
CleanTech
2014-02-17, 07:21
JRT scanning for 2+ hours....stuck at "Registry"?!?!?
I will go on to Malwarebytes.
Sometimes we find JRT wont run on some machines. just continue to the next.
CleanTech
2014-02-17, 19:10
JRT worked.....just took a long time:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Karin on Sun 02/16/2014 at 21:26:20.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2E6E237-69A6-4E84-B065-CD2FEC32A297}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A2E6E237-69A6-4E84-B065-CD2FEC32A297}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{22746AA2-75FA-48D7-A7CC-6B9A58C759CC}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{26271241-3592-4DE9-B541-4E92D465F58A}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{7E3BE5CC-CBCA-4E91-A86F-6917D25215DA}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{82D59F0F-10B0-414B-875C-9D96D6AAB144}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{AF0CAEED-9C9A-4F05-AE73-9B0DF94F317A}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{E6B70BA0-C44C-4FE0-8AF0-738961B4187B}
Successfully deleted: [Empty Folder] C:\Users\Karin\appdata\local\{F1DD94B3-6C45-42E0-A1D3-7F22588F491F}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Karin\AppData\Roaming\mozilla\firefox\profiles\zqw0sijt.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/16/2014 at 21:39:28.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes to follow. Thank you.
yes, post MBAM when finished
How is your computer now?
CleanTech
2014-02-17, 22:12
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.17.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Karin :: KARIN-HP [administrator]
Protection: Enabled
2/17/2014 9:13:21 AM
mbam-log-2014-02-17 (09-13-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225226
Time elapsed: 8 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
How is your computer now?
CleanTech
2014-02-18, 00:37
Windows Firewall remained on green and I was able to re-enable Windows Defender.
Things seem to run a bit faster.
Thank you so much for your help. Both machines up and running! :)
Install latest Java 7 Update 51 (http://java.com/en/download/). Click this link and click on the Free JAVA Download.
Find here (http://www.java.com/en/download/help/5000020300.xml) instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Installed Applications and Applets
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Let's check for remnants. This scan can take quite a while to complete but is thorough.
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
New topic: http://forums.spybot.info/showthread.php?70206-Is-quot-Z-exe-quot-a-virus&p=450397#post450397
can you continue with instructions posted here for this computer?
to many open logs, it's getting confusing.
CleanTech
2014-02-18, 21:59
ESET Scan Log:
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.E potentially unwanted application
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (1).exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (2).exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Karin\Downloads\ZASPSetupWeb_120_104_000.exe Win32/Toolbar.Conduit potentially unwanted application
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (1).exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (2).exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000.exe
C:\Users\Karin\Downloads\ZASPSetupWeb_120_104_000.exe
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
please post this logs with comments on how this computer is at the moment.
CleanTech
2014-02-20, 05:54
Hi Juliet
Sorry for delay. Was gone for a day.
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Karin at 2014-02-19 19:52:38 Run:2
Running from C:\Users\Karin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (1).exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (2).exe
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000.exe
C:\Users\Karin\Downloads\ZASPSetupWeb_120_104_000.exe
end
*****************
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll => Moved successfully.
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll => Moved successfully.
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe => Moved successfully.
C:\Program Files (x86)\CheckPoint\Install\zatb.exe => Moved successfully.
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (1).exe => Moved successfully.
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000 (2).exe => Moved successfully.
C:\Users\Karin\Downloads\ZASPSetupWeb_110_780_000.exe => Moved successfully.
C:\Users\Karin\Downloads\ZASPSetupWeb_120_104_000.exe => Moved successfully.
==== End of Fixlog ====
Firewall stayed green. Defender is up and running...updated, scanned, etc.
Looks good to me, are we ready to remove tools/quarantine folders and post preventive tips?
CleanTech
2014-02-23, 23:12
Hi Juliet,
Yes, I think I'm ready to remove quarantine and help files.
Thank you.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~~
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Click Run
~~~~~~~~~~~~~~~~`
Any remaining tools/folders simply delete.
~~~~~~~~~~~~~~~~~~~`
Your good to go, good job!
Please take the time to read over a few of my preventive tips.
Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates (http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us) and download all the "Critical Updates" for Windows.
Firefox 3 (http://www.mozilla.com/en-US/firefox/)
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript (http://www.noscript.net) - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
AdblockPlus
AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!
click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/ (null))
Please read the following safe computing articles..
Secure My Computer: A Layered Approach (http://www.dslreports.com/faq/8463)
Free Antivirus-AntiSpyware-Firewall Software (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.