Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Time problem & Uninstall problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Time problem & Uninstall problem

Unread postby whisperer » February 28th, 2012, 8:55 am

Initial Background
About 2 months after the clocks went back I was aware that my clock was an hour out, I did not think there was any problem other than the computer had re-updated itself so I tried to enter the 'Adjust date/time' facility from the R-Click menu of the clock in the taskbar - it would not access. I then tried accessing the facility from the Control panel - again I could not access this, ie no reaction at all. I searched the internet and tried one or two solutions and eventually put the clock right from within the bios and opened a ticket with Microsoft concerning the missing facility, they have not been able to help restore it.
Recent suspicious events
I tried to install and use Dragon Naturally Speaking 11, the installation went well but I could not get it to run with various errors, I contacted Nuance and am still actively involved with them. The last instruction from them was a complex removal and clean-up of DNS11 with the first action to uninstall using Add/Remove programs - I had successfully done this myself once but could not get it to start this time as there were a couple of errors.

I was now suspicious of the computer and carried out an updated MBAM scan with nothing found but I am still not a happy person, I would appreciate it if you could have a look at the enclosed DDS logs to see whether you can allay my suspicions - I confess I do not really want to reinstall Windows 7 but recognise that I might have to when I look at the event log :( .

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Gordon at 11:32:03 on 2012-02-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6135.3658 [GMT 0:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
I:\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
U:\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\vsnpstd3.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark S800 Series\ezprint.exe
C:\Program Files (x86)\Lexmark S800 Series\lxefmon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\lxefcoms.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
U:\TomTom HOME\TomTomHOMERunner.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
I:\CheckPoint\ZoneAlarm\zatray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
I:\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
U:\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
U:\TomTom HOME\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\nfsclnt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\msdtc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
mURLSearchHooks: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
mWinlogon: Userinit=userinit.exe,
BHO: PriceGong Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\MICROS~1\Office14\URLREDIR.DLL
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [<NO NAME>]
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [TomTomHOME.exe] "U:\TomTom HOME\TomTomHOMERunner.exe"
mRun: [ZoneAlarm] "I:\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - U:\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clear Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - E:\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Logoff - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: Passcards Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: Password Generator - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: Reset Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html
IE: RoboForm Options - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm TaskBar Icon - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Safenotes Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - E:\MICROS~2\Office14\ONBttnIE.dll/105
IE: Set Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE: {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Microsoft Office 07\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Microsoft Office 07\Office14\ONBttnIELinkedNotes.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applica ... uncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
TCP: Interfaces\{4287AFA7-B73F-426A-8C44-8AFC00425970} : NameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: PriceGong Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
BHO-X64: ZoneAlarm Extreme Security - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: ZoneAlarm Extreme Security Toolbar: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [ZoneAlarm] "I:\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html
IE-X64: {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE-X64: {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE-X64: {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: I:\Firefox Browser\plugins\npBTEmailConfig.dll
FF - plugin: I:\Firefox Browser\plugins\npdeployJava1.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: V:\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: V:\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R0 mv64xx;mv64xx;C:\Windows\system32\DRIVERS\mv64xx.sys --> C:\Windows\system32\DRIVERS\mv64xx.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-5-30 33672]
R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-5-30 827520]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 lxef_device;lxef_device;C:\Windows\system32\lxefcoms.exe -service --> C:\Windows\system32\lxefcoms.exe -service [?]
R2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NfsClnt;Client for NFS;C:\Windows\system32\nfsclnt.exe --> C:\Windows\system32\nfsclnt.exe [?]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 TomTomHOMEService;TomTomHOMEService;U:\TomTom HOME\TomTomHOMEService.exe [2012-1-23 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-5-30 45448]
R3 NfsRdr;Client for NFS Redirector;C:\Windows\system32\drivers\nfsrdr.sys --> C:\Windows\system32\drivers\nfsrdr.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PsxDrv;PsxDrv;C:\Windows\system32\drivers\psxdrv.sys --> C:\Windows\system32\drivers\psxdrv.sys [?]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);C:\Windows\system32\drivers\rpcxdr.sys --> C:\Windows\system32\drivers\rpcxdr.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
S2 lxefCATSCustConnectService;lxefCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxefserv.exe [2011-4-4 45224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;V:\Sony Picture Manager\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Microsoft Office 07\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-02-28 11:17:08 165376 ----a-w- C:\Users\Gordon\SystemLook_x64.exe
2012-02-28 11:04:12 139264 ----a-w- C:\Users\Gordon\SystemLook.exe
2012-02-19 17:26:29 -------- d-----w- C:\Program Files (x86)\Firetrust
2012-02-17 18:02:05 -------- d-----w- C:\Program Files (x86)\Common Files\IVA
2012-02-17 18:01:35 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2012-02-17 17:59:18 -------- d-----w- C:\Program Files (x86)\Nuance
2012-02-15 09:37:22 -------- d-----w- C:\Users\Gordon\AppData\Roaming\Nuance
2012-02-14 18:05:37 -------- d-----w- C:\Users\Gordon\AppData\Roaming\FLEXnet
2012-02-14 17:42:59 -------- d-----w- C:\ProgramData\Nuance
2012-02-14 15:34:29 -------- d-----w- C:\Users\Gordon\AppData\Roaming\GetRightToGo
2012-02-10 11:49:25 -------- d-----w- C:\Users\Gordon\AppData\Local\ElevatedDiagnostics
2012-02-02 10:27:52 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2012-02-02 10:27:52 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2012-01-30 18:41:27 314880 ----a-w- C:\Windows\IsUninst.exe
.
==================== Find3M ====================
.
2012-02-22 12:42:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 09:24:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 11:33:37.14 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume4
Install Date: 14/02/2010 11:01:30
System Uptime: 28/02/2012 10:43:52 (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | P6T DELUXE
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is FIXED (NTFS) - 105 GiB total, 37.841 GiB free.
C: is FIXED (NTFS) - 75 GiB total, 12.228 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 36.528 GiB free.
E: is FIXED (NTFS) - 6 GiB total, 3.029 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 5.315 GiB free.
I: is FIXED (NTFS) - 4 GiB total, 0.594 GiB free.
J: is FIXED (NTFS) - 4 GiB total, 1.344 GiB free.
K: is FIXED (NTFS) - 27 GiB total, 14.18 GiB free.
M: is FIXED (NTFS) - 4 GiB total, 3.437 GiB free.
N: is FIXED (NTFS) - 699 GiB total, 124.47 GiB free.
O: is FIXED (NTFS) - 24 GiB total, 20.232 GiB free.
P: is FIXED (NTFS) - 4 GiB total, 3.691 GiB free.
Q: is FIXED (NTFS) - 8 GiB total, 5.888 GiB free.
T: is FIXED (NTFS) - 8 GiB total, 2.463 GiB free.
U: is FIXED (NTFS) - 8 GiB total, 2.389 GiB free.
V: is FIXED (NTFS) - 49 GiB total, 39.35 GiB free.
W: is FIXED (NTFS) - 48 GiB total, 46.877 GiB free.
X: is FIXED (NTFS) - 26 GiB total, 21.56 GiB free.
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP392: 22/02/2012 12:40:31 - Installed Java(TM) 6 Update 31
RP393: 26/02/2012 09:39:09 - Windows Backup
RP394: 27/02/2012 22:06:47 - Removed Dragon NaturallySpeaking 11.5.
RP395: 28/02/2012 11:20:07 - Removed Dragon NaturallySpeaking 11.5.
==== Installed Programs ======================
.
AccuWeather SideShow Gadget
Acrobat.com
Ad-Aware Browsing Protection
Adobe AIR
Adobe Reader X (10.1.2)
AI RoboForm (All Users)
APC PowerChute Personal Edition
Apple Application Support
Apple Software Update
ASAP Utilities
Belarc Advisor 7.2
Catalyst Control Center InstallProxy
Coupon Printer
Crystal Reports for Visual Studio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dotfuscator Software Services - Community Edition
Dragon NaturallySpeaking 11
E.ON Energy Fit Software
eReg
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Inbox Toolbar
Jasc Paint Shop Pro 8
Java 1.6 Documentation
Java Auto Updater
Java DB 10.3.1.4
Java(TM) 6 Update 31
Java(TM) SE Development Kit 6 Update 7
jZip
Keynote Connector
MailWasher Pro
MailWasherPro
Malwarebytes Anti-Malware version 1.60.0.1800
Marvell Miniport Driver
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Mathematics Add-in (32-bit)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
(EONENERGYFIT)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL
Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 6.0 (x86 en-GB)
Mozilla Firefox 7.0.1 (x86 en-GB)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Suite
Notepad++
Paragon Hard Disk Manager™ 2011 Suite
PC Connectivity Solution
PC Tune-Up
PL-2303 USB-to-Serial
PMB
PriceGong 2.2.0
QuickTime
Rapport
Realtek HDMI Audio Driver for ATIRuntime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Serif DrawPlus 4.0
Serif DrawPlus X2
Serif PagePlus X4
Serif PagePlus X4 Resources
Serif PhotoPlus 8.0
Serif PhotoPlus Association File Formats
Sony USB Driver
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC 9.0 Runtime
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
VP Suite 5.1
WCF RIA Services V1.0 SP1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows SideShow Managed Runtime 1.0
Yahoo! Detect
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week
========
.
28/02/2012 10:52:29, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

28/02/2012 10:51:52, Error: Service Control Manager [7023] - The Microsoft FTP Service service terminated with the following error: The data is invalid.

28/02/2012 10:50:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20

28/02/2012 10:50:51, Error: Service Control Manager [7022] - The Microsoft FTP Service service hung on starting.

28/02/2012 10:46:44, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

28/02/2012 10:46:07, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The data is invalid.

28/02/2012 10:46:06, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error: The data is invalid.

28/02/2012 10:46:06, Error: Service Control Manager [7001] - The Net.Pipe Listener Adapter service depends on the Windows Process Activation Service service which failed to start because of the following error: The data is invalid.

28/02/2012 10:46:04, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The data is invalid.

28/02/2012 10:46:03, Error: Microsoft-Windows-WAS [5172] - The Windows Process Activation Service encountered an error trying to read configuration data from file 'C:\Windows\system32\inetsrv\config\schema\rscaext.xml', line number '0'. The error message is: 'Configuration file is not well-formed XML '. The data field contains the error number.

28/02/2012 10:46:03, Error: Microsoft-Windows-WAS [5036] - The configuration manager for Windows Process Activation Service (WAS) did not initialize. The data field contains the error number.

28/02/2012 10:46:03, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.

28/02/2012 10:46:01, Error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

28/02/2012 10:45:57, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: This version of Net.Msmq Listener Adapter is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32bit) or x64 (64-bit) version of the program, and then contact the software publisher.

28/02/2012 10:45:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxefCATSCustConnectService service to connect.

28/02/2012 10:45:37, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: This version of Message Queuing Triggers is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.

28/02/2012 10:45:37, Error: Service Control Manager [7000] - The Message Queuing service failed to start due to the following error: This version of Message Queuing is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
28/02/2012 10:45:37, Error: Service Control Manager [7000] - The lxefCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/02/2012 10:45:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

28/02/2012 10:45:24, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/02/2012 10:44:26, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\PxHelp20.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

27/02/2012 21:35:18, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

26/02/2012 14:59:31, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}. The error: "2" Happened while starting this
command: C:\Windows\System32\sdiagnhost.exe –Embedding

25/02/2012 10:07:16, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.

25/02/2012 10:06:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

24/02/2012 22:04:34, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F}
and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user
Gordon-7\Gordon SID (S-1-5-21-3535767090-3609679722-1398638442-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

24/02/2012 22:04:34, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF}
and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user
Gordon-7\Gordon SID (S-1-5-21-3535767090-3609679722-1398638442-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

21/02/2012 19:21:47, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

21/02/2012 19:21:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect

21/02/2012 19:21:39, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..
==== End Of File ===========================
Best wishes
Whisperer
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Re: Time problem & Uninstall problem

Unread postby maxi » February 28th, 2012, 9:03 pm

Hello whisperer,

Welcome to the forum!

Maybe it should be you helping me ha :D

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Time problem & Uninstall problem

Unread postby maxi » February 29th, 2012, 6:20 pm

Hi whisperer,

I see from your log that you have 18 partitions onboard, I assume you put these there but if there is any you didn't would you let me know in your next post please.

Windows 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Inbox Toolbar
Coupon Printer (see note below)
PriceGong 2.2.0
Uniblue RegistryBooster (see note below)


Note re Uniblue RegistryBooster

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum

Note re Coupon Printer:
I noticed in you logs you have Coupon Printer for Windows installed.
It is not bad as such BUT it does like to collect data and send it home so it's classified as Adware.
If not used you should uninstall it, If it is used it is OK to keep.

Step 2
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Step 3
Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

In your next reply please include:
Both OTL logs.
The aswMBR log.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Time problem & Uninstall problem

Unread postby whisperer » March 1st, 2012, 7:35 am

Hi Maxi,
This is just a holder to let you know that I am around and to wish you the same enjoyment and sense of satisfaction that I got from my active time with the MRU and others.
Whisperer
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby whisperer » March 1st, 2012, 11:16 am

Hi Maxi,

Yes all partitions are correct, with the exceptions of C and N the other 3 discs are multi-partioned to improve the chance of recovery in the event of hdd failure. I hope that you get as much pleasure (another name for satisfaction) from your dealings with and after the MRU

All steps completed with logs posted below. Prior to Step 3 I carried out a scheduled CCleaner run

One observation on the use of aswMBR, after initial loading it offered to download Avast software (granted just the database) which initially threw me as I am cautious to the extreme of two antivirus progams working at the same time, reading on though I was placated. Perhaps a note to the effect that a download could occur might allay some concern?

OTL log
OTL logfile created on: 01/03/2012 11:44:07 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gordon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.42% Memory free
6.01 Gb Paging File | 3.03 Gb Available in Paging File | 50.46% Paging File free
Paging file location(s): c:\pagefile.sys 16 9202 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 36.53 Gb Free Space | 41.56% Space Free | Partition Type: NTFS
Drive E: | 5.97 Gb Total Space | 3.03 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive G: | 9.96 Gb Total Space | 5.31 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive I: | 3.98 Gb Total Space | 0.59 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive J: | 3.98 Gb Total Space | 1.34 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
Drive K: | 26.85 Gb Total Space | 14.23 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive M: | 3.98 Gb Total Space | 3.44 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive N: | 698.63 Gb Total Space | 124.47 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
Drive O: | 23.51 Gb Total Space | 20.58 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive P: | 3.98 Gb Total Space | 3.69 Gb Free Space | 92.65% Space Free | Partition Type: NTFS
Drive Q: | 7.97 Gb Total Space | 5.89 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive T: | 7.97 Gb Total Space | 2.46 Gb Free Space | 30.92% Space Free | Partition Type: NTFS
Drive U: | 7.97 Gb Total Space | 2.83 Gb Free Space | 35.50% Space Free | Partition Type: NTFS
Drive V: | 48.83 Gb Total Space | 39.35 Gb Free Space | 80.59% Space Free | Partition Type: NTFS
Drive W: | 47.67 Gb Total Space | 46.88 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
Drive X: | 25.97 Gb Total Space | 21.56 Gb Free Space | 83.01% Space Free | Partition Type: NTFS

Computer Name: GORDON-7 | User Name: Gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 11:19:39 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
PRC - [2012/01/30 16:40:22 | 005,492,048 | ---- | M] (Firetrust) -- C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
PRC - [2012/01/25 10:16:28 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- I:\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- I:\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/09/21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office 07\Office14\OUTLOOK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/16 10:19:31 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2e1468ce2858baafbab0482a638eb251\WindowsFormsIntegration.ni.dll
MOD - [2012/02/16 10:17:07 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\32e0d99cfda10e64d7583bb65444cab3\System.Data.Entity.ni.dll
MOD - [2012/02/16 10:16:16 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623ae2e1d7735e14f9adb9d830f29d29\System.Data.DataSetExtensions.ni.dll
MOD - [2012/02/16 10:15:56 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3229ca959686fc6c4e3ef5a9dd285cd4\UIAutomationTypes.ni.dll
MOD - [2012/02/16 10:15:56 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9a3f2f7233160bfcb2fd278d05da630c\UIAutomationProvider.ni.dll
MOD - [2012/02/16 10:09:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/02/16 10:08:12 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\cbc5e9834f47c0aaa4808764ac2afd11\Accessibility.ni.dll
MOD - [2012/02/15 22:23:30 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
MOD - [2012/02/15 22:23:18 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
MOD - [2012/02/15 22:23:15 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:23:15 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\b0df867e9242cf4d254ec8eb8da97332\System.Data.ni.dll
MOD - [2012/02/15 22:23:10 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/02/15 22:23:06 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/02/15 22:23:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
MOD - [2012/02/15 22:23:06 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
MOD - [2012/02/15 22:23:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 22:23:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
MOD - [2012/02/15 22:23:01 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/02/15 22:22:57 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\db65b5a04bb376ef4df08803ec27c12e\System.Numerics.ni.dll
MOD - [2012/02/15 22:22:56 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/01/30 16:32:18 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012/01/30 16:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
MOD - [2011/12/18 21:04:10 | 000,074,896 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 12:57:00 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/04/26 16:37:40 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
MOD - [2011/04/26 16:37:32 | 000,272,384 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
MOD - [2011/04/19 17:25:58 | 000,088,896 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 17:12:02 | 000,062,272 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\resources\otzaenu.dll
MOD - [2011/04/19 17:05:28 | 000,290,112 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- E:\Microsoft Office 07\Office14\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/03 14:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 11:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 13:24:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
SRV:64bit: - [2010/11/20 13:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2010/11/20 13:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/09 12:10:22 | 000,045,224 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxefserv.exe -- (lxefCATSCustConnectService)
SRV:64bit: - [2010/09/09 12:10:18 | 001,070,760 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxefcoms.exe -- (lxef_device)
SRV:64bit: - [2010/05/06 09:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 01:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/14 01:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/14 01:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 01:39:20 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 01:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2007/11/28 14:51:42 | 001,039,872 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- U:\TomTom HOME\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- I:\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office 07\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 12:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/09 12:10:01 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxefcoms.exe -- (lxef_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- V:\Sony Picture Manager\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/14 01:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/28 09:12:40 | 000,589,824 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Disabled | Stopped] -- U:\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 14:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/11/03 14:44:20 | 000,045,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2011/08/17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/07 16:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/08 22:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 08:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/12/21 18:08:42 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010/12/21 18:08:40 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2010/12/21 18:08:40 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 10:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 09:27:12 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr) Server for NFS Open RPC (ONCRPC)
DRV:64bit: - [2010/11/20 09:26:56 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
DRV:64bit: - [2010/10/14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/10/14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/09/21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/05/24 19:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/28 08:37:12 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/04/08 11:15:38 | 000,322,088 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2010/03/24 10:08:32 | 000,034,304 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optovcm.sys -- (optovcm)
DRV:64bit: - [2010/03/24 10:08:32 | 000,027,264 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optousb.sys -- (optousb)
DRV:64bit: - [2010/03/18 09:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 09:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/14 12:05:59 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/01/28 08:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 02:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/14 00:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 00:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 00:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 23:35:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psxdrv.sys -- (PsxDrv)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/10/27 13:59:04 | 000,092,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/03/27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2012/01/25 10:16:46 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/01/25 10:16:44 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 16:56:40 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 63 D7 80 67 AD CA 01 [binary data]
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.311.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.46
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: V:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/01/28 12:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/28 12:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/06/30 12:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_6.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2011/11/04 17:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: I:\Firefox Browser\components [2011/11/07 09:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: I:\Firefox Browser\plugins [2012/01/11 07:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/04 17:20:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: I:\Firefox Browser\components [2011/11/07 09:46:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: I:\Firefox Browser\plugins [2012/01/11 07:55:22 | 000,000,000 | ---D | M]

[2010/06/05 12:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Extensions
[2010/06/05 12:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/03/01 11:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions
[2012/01/17 22:10:25 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
() (No name found) -- C:\USERS\GORDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V40CKH6Z.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
File not found (No name found) -- C:\USERS\GORDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V40CKH6Z.DEFAULT\EXTENSIONS\INBOXCOMTOOLBAR@INBOX.COM

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 07\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Microsoft Office 07\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Extreme Security Toolbar) - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] I:\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001..\Run: [] File not found
O4 - HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 07\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 07\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra 'Tools' menuitem : Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O9 - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O9 - Extra Button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra 'Tools' menuitem : Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra Button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra 'Tools' menuitem : Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 07\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 07\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab (DLM Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applica ... uncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (TNSClickerc.Clicker)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4287AFA7-B73F-426A-8C44-8AFC00425970}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office 07\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/12/24 19:49:33 | 000,000,000 | ---D | M] - M:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2009/10/28 19:49:33 | 000,000,000 | ---D | M] - X:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{0d45b056-1957-11df-870d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d45b056-1957-11df-870d-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\START.EXE
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\HF287.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\MRU
[2012/03/01 11:19:33 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
[2012/03/01 11:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/01 09:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/02/28 17:14:25 | 002,748,448 | ---- | C] (Nuance Communications Inc. ) -- C:\Users\Gordon\Desktop\Dragon11Remover.exe
[2012/02/28 11:30:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gordon\Desktop\dds.scr
[2012/02/22 12:42:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/22 12:42:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/22 12:42:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/21 14:15:03 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\Computer resources
[2012/02/19 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust
[2012/02/19 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firetrust
[2012/02/17 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2012/02/17 16:41:26 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\Dragon NaturallySpeaking
[2012/02/15 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\Nuance
[2012/02/15 09:07:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 09:07:46 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 09:07:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 09:07:35 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 09:07:20 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 09:07:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 09:07:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 09:07:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 09:07:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 09:07:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 09:07:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\FLEXnet
[2012/02/14 18:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/14 17:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/02/14 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\GetRightToGo
[2012/02/10 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Local\ElevatedDiagnostics
[2012/02/02 10:27:52 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/02/02 10:27:52 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/02/02 10:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/01 11:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 11:19:39 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
[2012/03/01 09:51:58 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/01 09:09:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 09:09:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 08:56:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 08:55:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 08:55:15 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 17:15:45 | 002,748,448 | ---- | M] (Nuance Communications Inc. ) -- C:\Users\Gordon\Desktop\Dragon11Remover.exe
[2012/02/28 11:30:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gordon\Desktop\dds.scr
[2012/02/28 11:17:16 | 000,165,376 | ---- | M] () -- C:\Users\Gordon\SystemLook_x64.exe
[2012/02/28 11:04:17 | 000,139,264 | ---- | M] () -- C:\Users\Gordon\SystemLook.exe
[2012/02/25 10:08:16 | 000,000,493 | ---- | M] () -- C:\Users\Gordon\Desktop\TomTom HOME 2.lnk
[2012/02/25 10:07:35 | 001,023,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/25 10:07:35 | 000,836,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/25 10:07:35 | 000,189,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/24 14:55:54 | 000,419,970 | ---- | M] () -- C:\Users\Gordon\Desktop\MR SMITH071.jpg
[2012/02/22 15:18:51 | 000,001,684 | ---- | M] () -- C:\Users\Gordon\Desktop\MailWasher.lnk
[2012/02/22 12:42:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/22 12:42:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/22 12:42:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/22 12:42:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/21 22:44:46 | 000,003,584 | ---- | M] () -- C:\Users\Gordon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 12:43:41 | 002,037,168 | ---- | M] () -- C:\Users\Gordon\Desktop\System Report.nfo
[2012/02/19 17:26:36 | 000,000,090 | ---- | M] () -- C:\Windows\SysWow64\ftm31.dat
[2012/02/17 09:24:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/15 22:26:27 | 001,008,532 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 22:00:42 | 000,651,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 17:44:20 | 000,009,085 | ---- | M] () -- C:\Users\Gordon\Desktop\graphpaper.pdf
[2012/02/10 11:49:59 | 000,216,393 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/02/10 09:18:20 | 006,916,181 | ---- | M] () -- C:\Users\Gordon\Desktop\Answers.pdf
[2012/02/07 17:32:13 | 000,018,519 | ---- | M] () -- C:\Windows\SysWow64\.xml
[2012/02/05 11:03:23 | 001,878,890 | ---- | M] () -- C:\Users\Gordon\Desktop\evohome.pdf
[2012/02/01 21:34:02 | 000,032,256 | ---- | M] () -- C:\Users\Gordon\Documents\BogCupbd.Dpp
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 09:51:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/28 11:17:08 | 000,165,376 | ---- | C] () -- C:\Users\Gordon\SystemLook_x64.exe
[2012/02/28 11:04:12 | 000,139,264 | ---- | C] () -- C:\Users\Gordon\SystemLook.exe
[2012/02/25 10:08:16 | 000,000,493 | ---- | C] () -- C:\Users\Gordon\Desktop\TomTom HOME 2.lnk
[2012/02/24 14:55:54 | 000,419,970 | ---- | C] () -- C:\Users\Gordon\Desktop\MR SMITH071.jpg
[2012/02/22 15:18:51 | 000,001,684 | ---- | C] () -- C:\Users\Gordon\Desktop\MailWasher.lnk
[2012/02/21 22:44:46 | 000,003,584 | ---- | C] () -- C:\Users\Gordon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 12:43:40 | 002,037,168 | ---- | C] () -- C:\Users\Gordon\Desktop\System Report.nfo
[2012/02/13 17:44:20 | 000,009,085 | ---- | C] () -- C:\Users\Gordon\Desktop\graphpaper.pdf
[2012/02/10 09:18:20 | 006,916,181 | ---- | C] () -- C:\Users\Gordon\Desktop\Answers.pdf
[2012/02/07 17:32:13 | 000,018,519 | ---- | C] () -- C:\Windows\SysWow64\.xml
[2012/02/05 11:03:04 | 001,878,890 | ---- | C] () -- C:\Users\Gordon\Desktop\evohome.pdf
[2012/02/01 21:32:11 | 000,032,256 | ---- | C] () -- C:\Users\Gordon\Documents\BogCupbd.Dpp
[2011/11/21 11:22:46 | 000,000,412 | ---- | C] () -- C:\Users\Gordon\AppData\Roaming\All CPU Meter_Settings.ini
[2011/05/30 06:49:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/30 06:49:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/11 08:07:14 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/04/18 13:50:57 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2011/04/04 11:37:59 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefserv.dll
[2011/04/04 11:37:59 | 000,815,104 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomc.dll
[2011/04/04 11:37:59 | 000,770,048 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefusb1.dll
[2011/04/04 11:37:59 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefhbn3.dll
[2011/04/04 11:37:59 | 000,634,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefpmui.dll
[2011/04/04 11:37:59 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcoms.exe
[2011/04/04 11:37:59 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeflmpm.dll
[2011/04/04 11:37:59 | 000,450,693 | ---- | C] () -- C:\Windows\SysWow64\lxefins.dll
[2011/04/04 11:37:59 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\lxefcomx.dll
[2011/04/04 11:37:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomm.dll
[2011/04/04 11:37:59 | 000,357,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcfg.exe
[2011/04/04 11:37:59 | 000,352,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefinpa.dll
[2011/04/04 11:37:59 | 000,327,680 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefiesc.dll
[2011/04/04 11:37:59 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\LXEFinst.dll
[2011/04/04 11:37:59 | 000,307,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefih.exe
[2011/04/04 11:37:59 | 000,262,278 | ---- | C] () -- C:\Windows\SysWow64\lxefinsb.dll
[2011/04/04 11:37:59 | 000,258,180 | ---- | C] () -- C:\Windows\SysWow64\lxefcu.dll
[2011/04/04 11:37:59 | 000,106,638 | ---- | C] () -- C:\Windows\SysWow64\lxefinsr.dll
[2011/04/04 11:37:59 | 000,090,245 | ---- | C] () -- C:\Windows\SysWow64\lxefcub.dll
[2011/04/04 11:37:59 | 000,057,486 | ---- | C] () -- C:\Windows\SysWow64\lxefjswr.dll
[2011/04/04 11:37:59 | 000,037,003 | ---- | C] () -- C:\Windows\SysWow64\lxefcur.dll
[2011/04/04 11:37:36 | 000,630,784 | ---- | C] () -- C:\Windows\SysWow64\LXEFsm.dll
[2011/04/04 11:37:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\LXEFsmr.dll
[2011/04/02 13:46:30 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/04/02 13:46:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/04/02 13:46:30 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/04/02 13:46:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/04/02 13:46:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/04/02 13:46:30 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/04/02 13:46:30 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/04/02 13:46:30 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/04/02 13:46:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/04/02 13:46:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/04/02 13:46:30 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/04/02 13:46:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/04/02 13:46:30 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/04/02 13:46:30 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/04/02 13:46:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/21 13:11:03 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2010/12/05 15:56:54 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2010/12/05 15:56:54 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2010/06/14 16:01:23 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010/06/04 08:55:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/08 16:23:22 | 001,008,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/08 09:00:29 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 420 bytes -> C:\Users\Gordon\Documents\KLuke.ppp:SummaryInformation
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
Extras.txt follows

Whisperer :)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby whisperer » March 1st, 2012, 11:17 am

Hi Maxi,

Yes all partitions are correct, with the exceptions of C and N the other 3 discs are multi-partioned to improve the chance of recovery in the event of hdd failure. I hope that you get as much pleasure (another name for satisfaction) from your dealings with and after the MRU

All steps completed with logs posted below. Prior to Step 3 I carried out a scheduled CCleaner run

One observation on the use of aswMBR, after initial loading it offered to download Avast software (granted just the database) which initially threw me as I am cautious to the extreme of two antivirus progams working at the same time, reading on though I was placated. Perhaps a note to the effect that a download could occur might allay some concern?

OTL log
OTL logfile created on: 01/03/2012 11:44:07 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gordon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.42% Memory free
6.01 Gb Paging File | 3.03 Gb Available in Paging File | 50.46% Paging File free
Paging file location(s): c:\pagefile.sys 16 9202 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 36.53 Gb Free Space | 41.56% Space Free | Partition Type: NTFS
Drive E: | 5.97 Gb Total Space | 3.03 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive G: | 9.96 Gb Total Space | 5.31 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive I: | 3.98 Gb Total Space | 0.59 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive J: | 3.98 Gb Total Space | 1.34 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
Drive K: | 26.85 Gb Total Space | 14.23 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive M: | 3.98 Gb Total Space | 3.44 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive N: | 698.63 Gb Total Space | 124.47 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
Drive O: | 23.51 Gb Total Space | 20.58 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive P: | 3.98 Gb Total Space | 3.69 Gb Free Space | 92.65% Space Free | Partition Type: NTFS
Drive Q: | 7.97 Gb Total Space | 5.89 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive T: | 7.97 Gb Total Space | 2.46 Gb Free Space | 30.92% Space Free | Partition Type: NTFS
Drive U: | 7.97 Gb Total Space | 2.83 Gb Free Space | 35.50% Space Free | Partition Type: NTFS
Drive V: | 48.83 Gb Total Space | 39.35 Gb Free Space | 80.59% Space Free | Partition Type: NTFS
Drive W: | 47.67 Gb Total Space | 46.88 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
Drive X: | 25.97 Gb Total Space | 21.56 Gb Free Space | 83.01% Space Free | Partition Type: NTFS

Computer Name: GORDON-7 | User Name: Gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 11:19:39 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
PRC - [2012/01/30 16:40:22 | 005,492,048 | ---- | M] (Firetrust) -- C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
PRC - [2012/01/25 10:16:28 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- I:\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- I:\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/09/21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office 07\Office14\OUTLOOK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/16 10:19:31 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2e1468ce2858baafbab0482a638eb251\WindowsFormsIntegration.ni.dll
MOD - [2012/02/16 10:17:07 | 013,345,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\32e0d99cfda10e64d7583bb65444cab3\System.Data.Entity.ni.dll
MOD - [2012/02/16 10:16:16 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623ae2e1d7735e14f9adb9d830f29d29\System.Data.DataSetExtensions.ni.dll
MOD - [2012/02/16 10:15:56 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3229ca959686fc6c4e3ef5a9dd285cd4\UIAutomationTypes.ni.dll
MOD - [2012/02/16 10:15:56 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9a3f2f7233160bfcb2fd278d05da630c\UIAutomationProvider.ni.dll
MOD - [2012/02/16 10:09:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/02/16 10:08:12 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\cbc5e9834f47c0aaa4808764ac2afd11\Accessibility.ni.dll
MOD - [2012/02/15 22:23:30 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
MOD - [2012/02/15 22:23:18 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
MOD - [2012/02/15 22:23:15 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:23:15 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\b0df867e9242cf4d254ec8eb8da97332\System.Data.ni.dll
MOD - [2012/02/15 22:23:10 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/02/15 22:23:06 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/02/15 22:23:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
MOD - [2012/02/15 22:23:06 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
MOD - [2012/02/15 22:23:05 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 22:23:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
MOD - [2012/02/15 22:23:01 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/02/15 22:22:57 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\db65b5a04bb376ef4df08803ec27c12e\System.Numerics.ni.dll
MOD - [2012/02/15 22:22:56 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/01/30 16:32:18 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
MOD - [2012/01/30 16:23:02 | 004,637,184 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
MOD - [2011/12/18 21:04:10 | 000,074,896 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 12:57:00 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/04/26 16:37:40 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
MOD - [2011/04/26 16:37:32 | 000,272,384 | ---- | M] () -- C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
MOD - [2011/04/19 17:25:58 | 000,088,896 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 17:12:02 | 000,062,272 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\resources\otzaenu.dll
MOD - [2011/04/19 17:05:28 | 000,290,112 | ---- | M] () -- I:\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- E:\Microsoft Office 07\Office14\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/03 14:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 11:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 13:24:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
SRV:64bit: - [2010/11/20 13:24:57 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)
SRV:64bit: - [2010/11/20 13:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/09 12:10:22 | 000,045,224 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxefserv.exe -- (lxefCATSCustConnectService)
SRV:64bit: - [2010/09/09 12:10:18 | 001,070,760 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxefcoms.exe -- (lxef_device)
SRV:64bit: - [2010/05/06 09:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 01:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/14 01:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/14 01:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/14 01:39:20 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/14 01:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2007/11/28 14:51:42 | 001,039,872 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- U:\TomTom HOME\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- I:\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office 07\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 12:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 12:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/09 12:10:01 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxefcoms.exe -- (lxef_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- V:\Sony Picture Manager\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/14 01:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/28 09:12:40 | 000,589,824 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device)
SRV - [2007/07/19 17:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Disabled | Stopped] -- U:\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/03 14:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/11/03 14:44:20 | 000,045,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2011/08/17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/05/07 16:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/08 22:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 08:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/12/21 18:08:42 | 000,053,840 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010/12/21 18:08:40 | 000,528,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2010/12/21 18:08:40 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 10:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 09:27:12 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr) Server for NFS Open RPC (ONCRPC)
DRV:64bit: - [2010/11/20 09:26:56 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
DRV:64bit: - [2010/10/14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/10/14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/09/21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/05/24 19:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/28 08:37:12 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/04/08 11:15:38 | 000,322,088 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2010/03/24 10:08:32 | 000,034,304 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optovcm.sys -- (optovcm)
DRV:64bit: - [2010/03/24 10:08:32 | 000,027,264 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optousb.sys -- (optousb)
DRV:64bit: - [2010/03/18 09:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 09:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/14 12:05:59 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/01/28 08:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/30 02:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 00:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/14 00:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 00:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 00:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 23:35:55 | 000,010,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psxdrv.sys -- (PsxDrv)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/10/27 13:59:04 | 000,092,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/03/27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2012/01/25 10:16:46 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/01/25 10:16:44 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 16:56:40 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 63 D7 80 67 AD CA 01 [binary data]
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.311.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.46
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: V:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/01/28 12:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/28 12:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/06/30 12:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_6.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2011/11/04 17:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: I:\Firefox Browser\components [2011/11/07 09:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: I:\Firefox Browser\plugins [2012/01/11 07:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/04 17:20:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: I:\Firefox Browser\components [2011/11/07 09:46:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: I:\Firefox Browser\plugins [2012/01/11 07:55:22 | 000,000,000 | ---D | M]

[2010/06/05 12:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Extensions
[2010/06/05 12:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/03/01 11:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions
[2012/01/17 22:10:25 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
() (No name found) -- C:\USERS\GORDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V40CKH6Z.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
File not found (No name found) -- C:\USERS\GORDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V40CKH6Z.DEFAULT\EXTENSIONS\INBOXCOMTOOLBAR@INBOX.COM

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office 07\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Microsoft Office 07\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Extreme Security Toolbar) - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] I:\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001..\Run: [] File not found
O4 - HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Clear Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Logoff - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Safenotes Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 07\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office 07\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra 'Tools' menuitem : Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O9 - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O9 - Extra Button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra 'Tools' menuitem : Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra Button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra 'Tools' menuitem : Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Safenotes - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra 'Tools' menuitem : Safenotes Editor - {45DB34C3-955C-11D3-ABEF-444553540002} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditNote.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 07\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Microsoft Office 07\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab (DLM Control)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applica ... uncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandscan.com/TNSClickrc.CAB (TNSClickerc.Clicker)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4287AFA7-B73F-426A-8C44-8AFC00425970}: NameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office 07\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/12/24 19:49:33 | 000,000,000 | ---D | M] - M:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2009/10/28 19:49:33 | 000,000,000 | ---D | M] - X:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{0d45b056-1957-11df-870d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d45b056-1957-11df-870d-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\START.EXE
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\HF287.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 11:38:37 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\MRU
[2012/03/01 11:19:33 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
[2012/03/01 11:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/01 09:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/02/28 17:14:25 | 002,748,448 | ---- | C] (Nuance Communications Inc. ) -- C:\Users\Gordon\Desktop\Dragon11Remover.exe
[2012/02/28 11:30:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gordon\Desktop\dds.scr
[2012/02/22 12:42:32 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/22 12:42:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/22 12:42:32 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/21 14:15:03 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\Computer resources
[2012/02/19 17:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust
[2012/02/19 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firetrust
[2012/02/17 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IVA
[2012/02/17 16:41:26 | 000,000,000 | ---D | C] -- C:\Users\Gordon\Desktop\Dragon NaturallySpeaking
[2012/02/15 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\Nuance
[2012/02/15 09:07:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 09:07:46 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 09:07:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 09:07:35 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 09:07:20 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 09:07:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 09:07:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 09:07:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 09:07:18 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 09:07:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 09:07:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\FLEXnet
[2012/02/14 18:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/14 17:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/02/14 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Roaming\GetRightToGo
[2012/02/10 11:49:25 | 000,000,000 | ---D | C] -- C:\Users\Gordon\AppData\Local\ElevatedDiagnostics
[2012/02/02 10:27:52 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/02/02 10:27:52 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/02/02 10:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/01 11:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 11:19:39 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon\Desktop\OTL.exe
[2012/03/01 09:51:58 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/01 09:09:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 09:09:32 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 08:56:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 08:55:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 08:55:15 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/28 17:15:45 | 002,748,448 | ---- | M] (Nuance Communications Inc. ) -- C:\Users\Gordon\Desktop\Dragon11Remover.exe
[2012/02/28 11:30:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gordon\Desktop\dds.scr
[2012/02/28 11:17:16 | 000,165,376 | ---- | M] () -- C:\Users\Gordon\SystemLook_x64.exe
[2012/02/28 11:04:17 | 000,139,264 | ---- | M] () -- C:\Users\Gordon\SystemLook.exe
[2012/02/25 10:08:16 | 000,000,493 | ---- | M] () -- C:\Users\Gordon\Desktop\TomTom HOME 2.lnk
[2012/02/25 10:07:35 | 001,023,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/25 10:07:35 | 000,836,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/25 10:07:35 | 000,189,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/24 14:55:54 | 000,419,970 | ---- | M] () -- C:\Users\Gordon\Desktop\MR SMITH071.jpg
[2012/02/22 15:18:51 | 000,001,684 | ---- | M] () -- C:\Users\Gordon\Desktop\MailWasher.lnk
[2012/02/22 12:42:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/22 12:42:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/22 12:42:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/22 12:42:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/21 22:44:46 | 000,003,584 | ---- | M] () -- C:\Users\Gordon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 12:43:41 | 002,037,168 | ---- | M] () -- C:\Users\Gordon\Desktop\System Report.nfo
[2012/02/19 17:26:36 | 000,000,090 | ---- | M] () -- C:\Windows\SysWow64\ftm31.dat
[2012/02/17 09:24:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/15 22:26:27 | 001,008,532 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 22:00:42 | 000,651,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 17:44:20 | 000,009,085 | ---- | M] () -- C:\Users\Gordon\Desktop\graphpaper.pdf
[2012/02/10 11:49:59 | 000,216,393 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/02/10 09:18:20 | 006,916,181 | ---- | M] () -- C:\Users\Gordon\Desktop\Answers.pdf
[2012/02/07 17:32:13 | 000,018,519 | ---- | M] () -- C:\Windows\SysWow64\.xml
[2012/02/05 11:03:23 | 001,878,890 | ---- | M] () -- C:\Users\Gordon\Desktop\evohome.pdf
[2012/02/01 21:34:02 | 000,032,256 | ---- | M] () -- C:\Users\Gordon\Documents\BogCupbd.Dpp
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 09:51:14 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/02/28 11:17:08 | 000,165,376 | ---- | C] () -- C:\Users\Gordon\SystemLook_x64.exe
[2012/02/28 11:04:12 | 000,139,264 | ---- | C] () -- C:\Users\Gordon\SystemLook.exe
[2012/02/25 10:08:16 | 000,000,493 | ---- | C] () -- C:\Users\Gordon\Desktop\TomTom HOME 2.lnk
[2012/02/24 14:55:54 | 000,419,970 | ---- | C] () -- C:\Users\Gordon\Desktop\MR SMITH071.jpg
[2012/02/22 15:18:51 | 000,001,684 | ---- | C] () -- C:\Users\Gordon\Desktop\MailWasher.lnk
[2012/02/21 22:44:46 | 000,003,584 | ---- | C] () -- C:\Users\Gordon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/20 12:43:40 | 002,037,168 | ---- | C] () -- C:\Users\Gordon\Desktop\System Report.nfo
[2012/02/13 17:44:20 | 000,009,085 | ---- | C] () -- C:\Users\Gordon\Desktop\graphpaper.pdf
[2012/02/10 09:18:20 | 006,916,181 | ---- | C] () -- C:\Users\Gordon\Desktop\Answers.pdf
[2012/02/07 17:32:13 | 000,018,519 | ---- | C] () -- C:\Windows\SysWow64\.xml
[2012/02/05 11:03:04 | 001,878,890 | ---- | C] () -- C:\Users\Gordon\Desktop\evohome.pdf
[2012/02/01 21:32:11 | 000,032,256 | ---- | C] () -- C:\Users\Gordon\Documents\BogCupbd.Dpp
[2011/11/21 11:22:46 | 000,000,412 | ---- | C] () -- C:\Users\Gordon\AppData\Roaming\All CPU Meter_Settings.ini
[2011/05/30 06:49:14 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/30 06:49:14 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/11 08:07:14 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/04/18 13:50:57 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2011/04/04 11:37:59 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefserv.dll
[2011/04/04 11:37:59 | 000,815,104 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomc.dll
[2011/04/04 11:37:59 | 000,770,048 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefusb1.dll
[2011/04/04 11:37:59 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefhbn3.dll
[2011/04/04 11:37:59 | 000,634,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefpmui.dll
[2011/04/04 11:37:59 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcoms.exe
[2011/04/04 11:37:59 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeflmpm.dll
[2011/04/04 11:37:59 | 000,450,693 | ---- | C] () -- C:\Windows\SysWow64\lxefins.dll
[2011/04/04 11:37:59 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\lxefcomx.dll
[2011/04/04 11:37:59 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcomm.dll
[2011/04/04 11:37:59 | 000,357,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefcfg.exe
[2011/04/04 11:37:59 | 000,352,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefinpa.dll
[2011/04/04 11:37:59 | 000,327,680 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefiesc.dll
[2011/04/04 11:37:59 | 000,315,392 | ---- | C] () -- C:\Windows\SysWow64\LXEFinst.dll
[2011/04/04 11:37:59 | 000,307,880 | ---- | C] ( ) -- C:\Windows\SysWow64\lxefih.exe
[2011/04/04 11:37:59 | 000,262,278 | ---- | C] () -- C:\Windows\SysWow64\lxefinsb.dll
[2011/04/04 11:37:59 | 000,258,180 | ---- | C] () -- C:\Windows\SysWow64\lxefcu.dll
[2011/04/04 11:37:59 | 000,106,638 | ---- | C] () -- C:\Windows\SysWow64\lxefinsr.dll
[2011/04/04 11:37:59 | 000,090,245 | ---- | C] () -- C:\Windows\SysWow64\lxefcub.dll
[2011/04/04 11:37:59 | 000,057,486 | ---- | C] () -- C:\Windows\SysWow64\lxefjswr.dll
[2011/04/04 11:37:59 | 000,037,003 | ---- | C] () -- C:\Windows\SysWow64\lxefcur.dll
[2011/04/04 11:37:36 | 000,630,784 | ---- | C] () -- C:\Windows\SysWow64\LXEFsm.dll
[2011/04/04 11:37:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\LXEFsmr.dll
[2011/04/02 13:46:30 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/04/02 13:46:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/04/02 13:46:30 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/04/02 13:46:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/04/02 13:46:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/04/02 13:46:30 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/04/02 13:46:30 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/04/02 13:46:30 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/04/02 13:46:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/04/02 13:46:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/04/02 13:46:30 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/04/02 13:46:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/04/02 13:46:30 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/04/02 13:46:30 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/04/02 13:46:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/21 13:11:03 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2010/12/05 15:56:54 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2010/12/05 15:56:54 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2010/06/14 16:01:23 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010/06/04 08:55:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/08 16:23:22 | 001,008,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/08 09:00:29 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 420 bytes -> C:\Users\Gordon\Documents\KLuke.ppp:SummaryInformation
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
Extras.txt follows

Whisperer :)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby whisperer » March 1st, 2012, 11:21 am

Extras.Txt
OTL Extras logfile created on: 01/03/2012 11:44:07 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gordon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.42% Memory free
6.01 Gb Paging File | 3.03 Gb Available in Paging File | 50.46% Paging File free
Paging file location(s): c:\pagefile.sys 16 9202 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 16.21 Gb Free Space | 21.75% Space Free | Partition Type: NTFS
Drive D: | 87.89 Gb Total Space | 36.53 Gb Free Space | 41.56% Space Free | Partition Type: NTFS
Drive E: | 5.97 Gb Total Space | 3.03 Gb Free Space | 50.69% Space Free | Partition Type: NTFS
Drive G: | 9.96 Gb Total Space | 5.31 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive I: | 3.98 Gb Total Space | 0.59 Gb Free Space | 14.92% Space Free | Partition Type: NTFS
Drive J: | 3.98 Gb Total Space | 1.34 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
Drive K: | 26.85 Gb Total Space | 14.23 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive M: | 3.98 Gb Total Space | 3.44 Gb Free Space | 86.28% Space Free | Partition Type: NTFS
Drive N: | 698.63 Gb Total Space | 124.47 Gb Free Space | 17.82% Space Free | Partition Type: NTFS
Drive O: | 23.51 Gb Total Space | 20.58 Gb Free Space | 87.53% Space Free | Partition Type: NTFS
Drive P: | 3.98 Gb Total Space | 3.69 Gb Free Space | 92.65% Space Free | Partition Type: NTFS
Drive Q: | 7.97 Gb Total Space | 5.89 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Drive T: | 7.97 Gb Total Space | 2.46 Gb Free Space | 30.92% Space Free | Partition Type: NTFS
Drive U: | 7.97 Gb Total Space | 2.83 Gb Free Space | 35.50% Space Free | Partition Type: NTFS
Drive V: | 48.83 Gb Total Space | 39.35 Gb Free Space | 80.59% Space Free | Partition Type: NTFS
Drive W: | 47.67 Gb Total Space | 46.88 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
Drive X: | 25.97 Gb Total Space | 21.56 Gb Free Space | 83.01% Space Free | Partition Type: NTFS

Computer Name: GORDON-7 | User Name: Gordon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Firefox Browser\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office 07\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office 07\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "V:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "V:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office 07\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office 07\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "V:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "V:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{162CDB51-CEF9-06B5-2138-7775F1520B36}" = ATI Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{917443c8-4fab-4c87-8ef3-ac150db4d42c}.sdb" = PC Tune-Up
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}" = WinZip 16.0
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark S800 Series" = Lexmark S800 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SP6" = Logitech SetPoint 6.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD96FEC-CE8D-4DF4-A6FD-C6D6F2D96C6C}" = E.ON Energy Fit Software
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}" = Serif PhotoPlus 8.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29258311-EA49-11DE-967C-005056C00008}" = Paragon Hard Disk Manager™ 2011 Suite
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D874478-FC18-41B8-8AB2-745A5E900D83}" = MailWasherPro
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597DE5BD-C24B-4D0F-BA2D-F5D591D800DA}" = AccuWeather SideShow Gadget
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (EONENERGYFIT)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{868AAEB3-5BDD-410F-8F7A-71D4C62D824C}" = ZoneAlarm Antivirus
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900CFEB5-88D6-9937-A866-D1A4E94DB5DE}" = Catalyst Control Center InstallProxy
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C4A79C99-4CA8-48EA-BB6A-EF2A0B9C3F4C}" = ZoneAlarm DataLock
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"AI RoboForm" = AI RoboForm (All Users)
"ASAP Utilities_is1" = ASAP Utilities
"Belarc Advisor" = Belarc Advisor 7.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Java 1.6 Documentation" = Java 1.6 Documentation
"jZip" = jZip
"KeynoteConnector" = Keynote Connector
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 6.0 (x86 en-GB)" = Mozilla Firefox 6.0 (x86 en-GB)
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PC Tune-Up" = PC Tune-Up
"Rapport_msi" = Rapport
"SerifDrawPlus40" = Serif DrawPlus 4.0
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.1.11
"VP Suite 5.1" = VP Suite 5.1
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/03/2012 07:38:31 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:38:48 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:38:48 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:41:40 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:41:40 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:41:40 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:41:40 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:41:40 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:42:01 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

Error - 01/03/2012 07:43:37 | Computer Name = Gordon-7 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".Error
in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.manifest"
on line 0. Invalid Xml syntax.

[ System Events ]
Error - 01/03/2012 04:56:12 | Computer Name = Gordon-7 | Source = WAS | ID = 5005
Description =

Error - 01/03/2012 04:56:13 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7023
Description = The Windows Process Activation Service service terminated with the
following error: %%13

Error - 01/03/2012 04:56:14 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing Service service depends on the Windows
Process Activation Service service which failed to start because of the following
error: %%13

Error - 01/03/2012 04:56:14 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7001
Description = The Net.Pipe Listener Adapter service depends on the Windows Process
Activation Service service which failed to start because of the following error:
%%13

Error - 01/03/2012 04:56:14 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Windows Process
Activation Service service which failed to start because of the following error:
%%13

Error - 01/03/2012 04:58:48 | Computer Name = Gordon-7 | Source = DCOM | ID = 10016
Description =

Error - 01/03/2012 05:00:48 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7022
Description = The Microsoft FTP Service service hung on starting.

Error - 01/03/2012 05:00:48 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHelp20

Error - 01/03/2012 05:01:34 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7023
Description = The Microsoft FTP Service service terminated with the following error:
%%13

Error - 01/03/2012 05:03:57 | Computer Name = Gordon-7 | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.
< End of report >

aswMBR log
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 13:04:42
-----------------------------
13:04:42.614 OS Version: Windows x64 6.1.7601 Service Pack 1
13:04:42.614 Number of processors: 8 586 0x1A04
13:04:42.614 ComputerName: GORDON-7 UserName: Gordon
13:04:44.939 Initialize success
13:04:51.616 AVAST engine defs: 12030100
13:05:47.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
13:05:47.027 Disk 0 Vendor: WDC_WD800AAJS-00PSA0 05.06H05 Size: 76319MB BusType: 3
13:05:47.027 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
13:05:47.027 Disk 1 Vendor: WDC_WD800AAJS-00PSA0 05.06H05 Size: 76319MB BusType: 3
13:05:47.027 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-3
13:05:47.027 Disk 2 Vendor: WDC_WD1500HLFS-01G6U0 04.04V01 Size: 143089MB BusType: 3
13:05:47.043 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T0L0-2
13:05:47.043 Disk 3 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
13:05:47.058 Disk 0 MBR read successfully
13:05:47.058 Disk 0 MBR scan
13:05:47.261 Disk 0 Windows VISTA default MBR code
13:05:47.261 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76317 MB offset 2048
13:05:47.448 Disk 0 scanning C:\Windows\system32\drivers
13:06:04.187 Service scanning
13:06:35.044 Modules scanning
13:06:35.044 Disk 0 trace - called modules:
13:06:35.059 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:06:35.059 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006665790]
13:06:35.075 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa80062ffe40]
13:06:35.075 5 ACPI.sys[fffff88000eef7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa800630c060]
13:06:35.855 AVAST engine scan C:\Windows
13:06:38.741 AVAST engine scan C:\Windows\system32
13:11:41.803 AVAST engine scan C:\Windows\system32\drivers
13:12:02.785 AVAST engine scan C:\Users\Gordon
13:18:02.796 AVAST engine scan C:\ProgramData
13:26:26.422 Scan finished successfully
14:37:19.960 Disk 0 MBR has been saved successfully to "C:\Users\Gordon\Desktop\MBR.dat"
14:37:19.960 The log file has been saved successfully to "C:\Users\Gordon\Desktop\aswMBR.txt"

Whisperer
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby maxi » March 2nd, 2012, 8:48 am

Hi whisperer, I am really enjoying my time here and yes I get alot of satisfaction from helping people :) I only hope that I can help you ;)

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKLM\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\URLSearchHook: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.46
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found???????????????????????????????
    [2012/01/17 22:10:25 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
    File not found (No name found) -- C:\USERS\GORDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V40CKH6Z.DEFAULT\EXTENSIONS\INBOXCOMTOOLBAR@INBOX.COM
    O2 - BHO: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Extreme Security Toolbar) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001\..\Toolbar\WebBrowser: (ZoneAlarm Extreme Security Toolbar) - {A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} - C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll (Conduit Ltd.)
    O4 - HKU\S-1-5-21-3535767090-3609679722-1398638442-1001..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    [2012/03/01 11:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    @Alternate Data Stream - 420 bytes -> C:\Users\Gordon\Documents\KLuke.ppp:SummaryInformation
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8
    
    
    
    
    :commands
    
    [emptytemp
    [createrestorepoint]
    [REBOOT]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.




Check Hard Disk For Errors
Open an Elevated Command Prompt

You will be switching between command prompt and browser windows.

  1. Press the Image button
  2. In the Start Menu search box area type:
    cmd
  3. Right click on cmd.exe (at top of the menu)... click on Run As Administrator.
    A black screen will open. You should see the elevated command prompt open to C:\Windows\System32
    Leave it open...
  4. Go back to your browser.

    On the Browser screen
  5. Copy the following command line (including the quotes):
    chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
  6. Go back to the open (black screen) command prompt.

    At the Command Prompt window.
  7. Right click on the window title "Administrator Command Prompt" area. A menu will appear.
  8. Select Edit... then choose Paste. You should see the chkdsk command string you copied, in the black window.
  9. Press Enter ... Chkdsk will now start checking your hard drive. DO NOT CLOSE the Command Prompt window!
    The Chkdsk process can take a while, depending on the size of your hard drive.
    A file named checkhd.txt will appear on your desktop while Chkdsk is running.
  10. When your hard drive light stop flashing constantly... Open the checkhd.txt file.
    You should see totals of bytes on the drive, bytes in files...etc. If you do not see these totals, Chkdsk is still running, close the file, wait a little longer.
  11. Please post the contents of the checkhd.txt file, in your next reply.
    Note: If you are in a administrator account and get a log in prompt after doing any of the above steps, then click on the Cancel button and repeat the above process again. This will only happen the very first time you try to open a elevated command prompt in Windows 7.


In your next reply please include:
The OTL log.
The Chkdsk log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Time problem & Uninstall problem

Unread postby whisperer » March 3rd, 2012, 6:03 am

Hi Maxi,

Should I be receiving an email when you post a response, I used to as a Staff member :?:

I have followed the instructions with regards the OTL but no log has appeared after the reboot, if you provide the name I will do a search for it; you do not appear to like the ZA toolbar or is it Conduit.....

Please find below the Chkdsk log but be advised I had already run a full Chkdsk including fixes a few days before as part of my attempts to resolve my problems: :blackeye:

Whisperer :)

Chkdsk.txt

The type of the file system is NTFS.
Volume label is Win 7.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
495 large file records processed.

0 bad file records processed.

2 EA records processed.

61 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
29467 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

78148607 KB total disk space.
65611344 KB in 149484 files.
92432 KB in 29468 indexes.
0 KB in bad sectors.
312247 KB in use by the system.
65536 KB occupied by the log file.
12132584 KB available on disk.

4096 bytes in each allocation unit.
19537151 total allocation units on disk.
3033146 allocation units available on disk.
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby maxi » March 3rd, 2012, 8:52 am

Hi whisperer,

Should I be receiving an email when you post a response, I used to as a Staff member :?:
Yes :) Please check your private messages as Nonsuch has sent you one regarding your email.

I have followed the instructions with regards the OTL but no log has appeared after the reboot, if you provide the name I will do a search for it; you do not appear to like the ZA toolbar or is it Conduit.....

The OTL log should be here "C:\_OTL\MovedFiles folder"

About ZA, Here is what askey thinks about it.
Zone Alarm installs the conduit engine and conduit toolbar, which has some tracking functionality.
Here is the web page hawking the toolbar to purveyors: http://www.conduit.com/Toolbar/Benefits.aspx
You can decide if you think they would sell your habits to third parties.
Their toolbars have no other reason for existence except to profit the purveyors.


Please post the OTL log if it is present :)

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Time problem & Uninstall problem

Unread postby whisperer » March 3rd, 2012, 3:29 pm

Found the OTL log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ deleted successfully.
C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ not found.
File C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: inboxcomtoolbar@inbox.com:1.0.0.46 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\searchplugin folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\modules folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\META-INF folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\defaults folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\components folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\chrome folder moved successfully.
C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ not found.
File C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\ not found.
File C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll not found.
Registry value HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}\ not found.
File C:\Program Files (x86)\ZoneAlarm_Extreme_Security\prxtbZon1.dll not found.
Registry value HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_USERS\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} folder moved successfully.
C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} folder moved successfully.
ADS C:\Users\Gordon\Documents\KLuke.ppp:SummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[emptytemp> in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.33.2 log created on 03032012_090926

Best wishes
Whisperer
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby whisperer » March 3rd, 2012, 3:35 pm

P.S. I know Askey from old and respect his opinions - in 138 days my ZA licence will expire so I will be moving on to whatever your current recomendations are, ZA used to be top in my day.

Incidentally I have found about a dozen other instances in the registry of the following URI - a94e8dc9-07aa-45a7-8af2-a0375473a5cd one of which is in a Conduit key inside the Wow6432Node key, I have done nothing with any of them or the Conduit entry. Within the Conduit entry the Toolbar still exists.
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby maxi » March 4th, 2012, 9:08 am

Hi whisperer,

Step 1
SystemLook
Please download SystemLook_x64.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *conduit*
    
    :regfind
    conduit
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 2
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the green [ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings ... select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes... press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button... then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!

In your next reply please include:
The systemlook log.
The eset log.
How your computer is running now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Time problem & Uninstall problem

Unread postby whisperer » March 4th, 2012, 12:28 pm

STEP 1 only:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:24 on 04/03/2012 by Gordon
Administrator - Elevation successful

========== filefind ==========

Searching for "*conduit*"
C:\Program Files (x86)\ZoneAlarm_Extreme_Security\ConduitSilentUninstaller.exe --a---- 40823 bytes [09:01 06/05/2011] [09:01 06/05/2011] EE1462ABE28774FDDF15DF8C7B2D4C35
C:\Users\Gordon\AppData\Local\Microsoft\Internet Explorer\DOMStore\7B9VK9J3\cap1dev.conduit-apps[1].xml --a---- 13 bytes [22:17 22/01/2012] [22:17 22/01/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Gordon\AppData\Local\Microsoft\Internet Explorer\DOMStore\QRSAAZ7N\storage.conduit[1].xml --a---- 13 bytes [22:17 22/01/2012] [22:17 22/01/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Gordon\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1317307_1312978_UK.xml --a---- 205 bytes [13:38 23/06/2011] [18:12 21/02/2012] 0251128A1886468D0387E444149F72D4
C:\Users\Gordon\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml --a---- 191 bytes [12:30 08/08/2011] [08:37 28/01/2012] 43C93B80235159F037CEA9A173922F92
C:\Users\Gordon\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_5_3.xml --a---- 10909 bytes [13:38 23/06/2011] [17:38 06/08/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\Gordon\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_8_0.xml --a---- 10909 bytes [13:47 07/08/2011] [08:10 28/09/2011] 1B3B574AA349758343D3C80787B9739E
C:\Users\Gordon\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\26G45QWP\storage.conduit[1].xml --a---- 13 bytes [18:38 18/01/2012] [18:38 18/01/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Gordon\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VLPH75WB\cap1dev.conduit-apps[1].xml --a---- 13 bytes [18:38 18/01/2012] [18:38 18/01/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634062498888125000_png.png --a---- 509 bytes [13:38 23/06/2011] [13:38 23/06/2011] 40ECBDFF6DF6593ACDEAD0021DCC7336
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634062499232812500_png.png --a---- 670 bytes [13:38 23/06/2011] [13:38 23/06/2011] D9CE725CB6F7C294C96BDF01D653A8D5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634062507244523750_png.png --a---- 542 bytes [13:38 23/06/2011] [13:38 23/06/2011] 9D05DCA26B67565D14A9449C99151904
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634072035938731250_png.png --a---- 1233 bytes [13:38 23/06/2011] [13:38 23/06/2011] DBE61127540140F646C5CBF6C861EF7C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634086668687710000_png.png --a---- 1220 bytes [13:38 23/06/2011] [13:38 23/06/2011] E47D3E82CF24455F91AFF9C5CC0B97EB
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634104326720878750_gif.gif --a---- 405 bytes [13:38 23/06/2011] [13:38 23/06/2011] 2221BD773E94BC9C07D9433BDC91A234
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634182163591881250_png.png --a---- 1272 bytes [13:38 23/06/2011] [13:38 23/06/2011] 3894229CBC80234B1321515E51A063A9
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_634358341886331250_png.png --a---- 520 bytes [13:38 23/06/2011] [13:38 23/06/2011] E55EA265D86A09BCFA4435BA3A668601
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_Menu-silkset_accept_gif-Silk_1-634051179887806250_gif.gif --a---- 403 bytes [13:38 23/06/2011] [13:38 23/06/2011] 87B062CE740BE13817F46B8F381E8A2B
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_PopUpBlocker-02_gif-Shiny-634460683469438656_gif.gif --a---- 1126 bytes [09:52 03/08/2011] [09:52 03/08/2011] BDCE3AB7712F7CCD2EC5ED0287335986
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_18_292_CT2925418_Images_PopUpBlocker-02_gif-Shiny-634460683469975786_gif.gif --a---- 1008 bytes [17:44 20/07/2011] [17:44 20/07/2011] AE12636E9E2B22BCD58053E57E8709C7
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a---- 159 bytes [17:44 20/07/2011] [17:44 20/07/2011] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif --a---- 317 bytes [09:52 03/08/2011] [09:52 03/08/2011] E7ACB20C8E56B1EFAD7DED3DC4DE35F5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif --a---- 111 bytes [09:52 03/08/2011] [09:52 03/08/2011] 68D5FB9046516B872BEB1AADF30EA86B
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif --a---- 95 bytes [09:52 03/08/2011] [09:52 03/08/2011] 095BEB6B08F7F24F33F56C56096BFD12
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif --a---- 305 bytes [09:52 03/08/2011] [09:52 03/08/2011] A3E464E993C0C45AF0D94BD84AE3C5F8
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif --a---- 405 bytes [09:52 03/08/2011] [09:52 03/08/2011] 077089FFB4BF6554C885B0F49A4BE6C5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif --a---- 155 bytes [09:52 03/08/2011] [09:52 03/08/2011] 9882F9A7CFAD12AC3CCBA0B17D4EE1DF
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif --a---- 411 bytes [09:52 03/08/2011] [09:52 03/08/2011] 4F7BC53CDB2B21F96C251C1F1AC19BAF
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif --a---- 127 bytes [09:52 03/08/2011] [09:52 03/08/2011] 6ECB8335D7BDE23A66A49235DEEA9BF5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif --a---- 420 bytes [09:52 03/08/2011] [09:52 03/08/2011] 42EBAF2F8410D0967D65522B561FED25
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif --a---- 127 bytes [09:52 03/08/2011] [09:52 03/08/2011] 268465ED967348C69F50412768DE13C6
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif --a---- 142 bytes [09:52 03/08/2011] [09:52 03/08/2011] D8F68ED8F0AF6D52089C29343EB66A6C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif --a---- 125 bytes [09:52 03/08/2011] [09:52 03/08/2011] CD58F4779A272B7C41D0830BA80B772C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif --a---- 433 bytes [09:52 03/08/2011] [09:52 03/08/2011] 0E1907FEDB863CE6BB19A4580DC6B418
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [13:38 23/06/2011] [13:38 23/06/2011] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [13:38 23/06/2011] [13:38 23/06/2011] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [13:38 23/06/2011] [13:38 23/06/2011] A847C5F6CE2C700048749892DD2E0619
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [13:38 23/06/2011] [13:38 23/06/2011] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [13:38 23/06/2011] [13:38 23/06/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [13:38 23/06/2011] [13:38 23/06/2011] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [13:38 23/06/2011] [13:38 23/06/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [13:38 23/06/2011] [13:38 23/06/2011] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [13:38 23/06/2011] [13:38 23/06/2011] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [13:38 23/06/2011] [13:38 23/06/2011] 650731EEF807C292E699779B12CBE552
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [13:38 23/06/2011] [13:38 23/06/2011] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png --a---- 705 bytes [13:38 23/06/2011] [13:38 23/06/2011] 70B83DCDF7A6FA34240E1AA1D23EE535
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png --a---- 772 bytes [09:52 03/08/2011] [09:52 03/08/2011] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png --a---- 746 bytes [13:38 23/06/2011] [13:38 23/06/2011] 2AE805114215925E00858FD2FEFF1439
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png --a---- 669 bytes [13:38 23/06/2011] [13:38 23/06/2011] 6CFEA2D0DB786FDB4D72C1C1DE036822
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png --a---- 338 bytes [13:38 23/06/2011] [13:38 23/06/2011] DB45ACA16C515F2FD8CB3B6F5E4FC386
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png --a---- 545 bytes [13:38 23/06/2011] [13:38 23/06/2011] 6EB69BFCBFD422247C103705B532BFE1
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png --a---- 514 bytes [13:38 23/06/2011] [13:38 23/06/2011] 7F396C3A400239B9B66DEC2D503D86BB
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png --a---- 3355 bytes [13:38 23/06/2011] [13:38 23/06/2011] EC261A170D34BE434129E71B9C2C0408
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png --a---- 594 bytes [13:38 23/06/2011] [13:38 23/06/2011] 62C86296694EF7F41D380804A58EF5CA
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png --a---- 415 bytes [13:38 23/06/2011] [13:38 23/06/2011] E42D284CC0436B66C1DB4AAFFCCC1957
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png --a---- 461 bytes [13:38 23/06/2011] [13:38 23/06/2011] B4AEAC6600360BC4148538F716453AAC
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png --a---- 699 bytes [13:38 23/06/2011] [13:38 23/06/2011] 640E17444F44717CA5039BCB7FD3551E
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [13:38 23/06/2011] [13:38 23/06/2011] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif --a---- 950 bytes [09:52 03/08/2011] [09:52 03/08/2011] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_Images_ClientResources_separator_gif.gif --a---- 51 bytes [08:53 13/09/2011] [08:53 13/09/2011] DF29EEFAD9C0083117A47E008831C067
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [13:38 23/06/2011] [13:38 23/06/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [13:38 23/06/2011] [13:38 23/06/2011] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [13:38 23/06/2011] [13:38 23/06/2011] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [13:38 23/06/2011] [13:38 23/06/2011] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [13:38 23/06/2011] [13:38 23/06/2011] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [13:38 23/06/2011] [13:38 23/06/2011] 6427565C7105DC497287866100F260BB
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [13:38 23/06/2011] [13:38 23/06/2011] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [13:38 23/06/2011] [13:38 23/06/2011] C3EBA0237D68F665AF6D663906221092
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [13:38 23/06/2011] [13:38 23/06/2011] 5E7217A3357550F9749A095631F51015
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [13:38 23/06/2011] [13:38 23/06/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [13:38 23/06/2011] [13:38 23/06/2011] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [13:38 23/06/2011] [13:38 23/06/2011] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [13:38 23/06/2011] [13:38 23/06/2011] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [13:38 23/06/2011] [13:38 23/06/2011] AE5A39669C623937C0839E079E1088D5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [13:38 23/06/2011] [13:38 23/06/2011] 766433EF38BDA83C4FD4932027A4B9D5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_MarketPlace_27_580_2760e0b4-18bf-4506-b490-68675d529580_Appearance_634162503573491253_24x24_png.png --a---- 1942 bytes [12:39 17/08/2011] [12:39 17/08/2011] 6FB2D7B7D0D5AB90592A88F6ECE99F52
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_MarketPlace_27_580_2760e0b4-18bf-4506-b490-68675d529580_Appearance_634200992355693753_png.png --a---- 1355 bytes [13:38 23/06/2011] [13:38 23/06/2011] 3BF553CB964F40B0E227302ECB6BB534
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_MarketPlace_9b_1c5_9b145804-a2fe-4b13-aa3d-2a7d0d2e71c5_Appearance_634045313698673754_png.png --a---- 1521 bytes [13:38 23/06/2011] [13:38 23/06/2011] 9923EFB40AEB86E5663330985042FF62
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634211716261212501_24x24_png.png --a---- 1164 bytes [13:38 23/06/2011] [13:38 23/06/2011] 31739E90689A4A6E14D8782F8E4C3434
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_cloudy_gif.gif --a---- 406 bytes [18:59 26/07/2011] [18:59 26/07/2011] 61A76264B50BF0E425D6BD7DB73F40B4
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [19:00 20/07/2011] [19:00 20/07/2011] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif --a---- 404 bytes [09:47 08/02/2012] [09:47 08/02/2012] 5A985D8E2783DA9A33F8B3848A90B8E9
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_gif.gif --a---- 434 bytes [11:06 20/11/2011] [11:06 20/11/2011] 959F03FF0A86063171C80A504E62D2E5
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_night_gif.gif --a---- 418 bytes [17:48 20/11/2011] [17:48 20/11/2011] 0E4E164871B63462E3FD3EB9982C7C45
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif --a---- 468 bytes [08:58 05/11/2011] [08:58 05/11/2011] 25C37C070415AAC32DD6C50BD64276CC
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif --a---- 435 bytes [06:19 30/09/2011] [06:19 30/09/2011] 279120757E0459B90E5E0DD853E82359
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_mostly_cloudy_gif.gif --a---- 386 bytes [16:32 21/01/2012] [16:32 21/01/2012] A1C878194B28AE7A0E96EEBF203BBB3B
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [13:38 23/06/2011] [13:38 23/06/2011] E509575F473727B14C87367068C42353
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [21:29 04/08/2011] [21:29 04/08/2011] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif --a---- 386 bytes [11:32 04/08/2011] [11:32 04/08/2011] 8006B1A5A88AB3451A5E58AA361815DD
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_showers_gif.gif --a---- 379 bytes [21:22 20/07/2011] [21:22 20/07/2011] 8ACA902931FBDF51B3BB293D6E15D70F
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [07:01 22/07/2011] [07:01 22/07/2011] 110EC9BCA8470D6488B626EA28914A6C
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif --a---- 204 bytes [05:28 03/08/2011] [05:28 03/08/2011] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7042 bytes [13:38 23/06/2011] [12:53 21/02/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5520 bytes [13:38 23/06/2011] [12:53 21/02/2012] D2E48F631F8A9768E9BBCB0964C7878F
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [13:38 23/06/2011] [12:53 21/02/2012] 0DC95CF28A384D3BFBFA60244A55125A
C:\Users\Gordon\AppData\LocalLow\ZoneAlarm_Extreme_Security\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [13:38 23/06/2011] [12:53 21/02/2012] 2B856ABBDD6E033594465C4945D5C93A
C:\Users\Gordon\Favorites\Links\prxtbzon1.dll - What is the prxtbzon1.dll from Conduit Ltd. (id6085401).url --a---- 514 bytes [09:53 03/03/2012] [09:53 03/03/2012] 0B582435980CD975A1D167A54FD15A2A
C:\Windows\SysWOW64\ConduitEngine.tmp --a---- 0 bytes [13:21 23/06/2011] [13:00 07/08/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\03032012_090926\C_Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [16:25 15/01/2012] [12:45 15/01/2012] AF98421711C6CFA73D6720C455D92DAC
C:\_OTL\MovedFiles\03032012_090926\C_Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [16:25 15/01/2012] [12:45 15/01/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\03032012_090926\C_Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\v40ckh6z.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}\searchplugin\conduit.xml --a---- 955 bytes [16:25 15/01/2012] [12:45 15/01/2012] 3CF061E8BA700D163F4E267DEFB4AA4D

========== regfind ==========

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1312978]
"Url"="http://alerts.conduit-services.com/root/1317307/1312978/UK"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/UK"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.comऀ倪酭〼倩ﴈϰ饠ϥlert.client.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin倀酧㨼倰ᨠϱÄϥ鄡紽倡ఇ᫤"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.5.3]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.8.0]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\3528873561]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418_CT2925418]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418_en]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\1317498225]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\2458131877]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\25841031]
"dbname"="conduit_CT2925418_en"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3152005739]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3718787002]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3795242730]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\4063106592]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\740059906]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\905002612]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\917130571]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___cap1dev_conduit-apps_com_Apps_checkpoint_privatebrowsing_index_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___cap1dev_conduit-apps_com_Apps_checkpoint_sitecheck_index_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___storage_conduit_com_18_292_CT2925418_BrowserFiles_5b8e6d21-8344-4177-9a42-f1716cee59f3_html]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2925418"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>UKXX0085</LOCATION_ID><DAYS><DAY1><DATE>20120221</DATE><DAY>Tuesday</DAY><F_MIN>45</F_MIN><F_MAX>52</F_MAX><C_MIN>7</C_MIN><C_MAX>11</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>1</UV_INDEX><SUNSET>5:25 pm</SUNSET><SUNRISE>7:03 am</SUNRISE><MOONRISE>6:23 am</MOONRISE><MOONSET>5:21 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120222</DATE><DAY>Wednesday</DAY><F_MIN>51</F_MIN><F_MAX>52</F_MAX><C_MIN>10</C_MIN><C_MAX>11</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>1</UV_INDEX><SUNSET>5:26 pm</SUNSET><SUNRISE>7:01 am</SUNRISE><MOONRISE>6:43 am</MOONRISE><MOONSET>6:32 pm</MOONSET><MOON_PHASE>New</MOON_PHASE><CONDITION_DESCRIPTION>Showers</CONDITION_DESCRIPTION><CONDITION_ICON>http://wea
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"Conduit Toolbar"="901"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418"
[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\ISW]
"CDUninstall"="C:\Program Files (x86)\zonealarm_extreme_security\ConduitSilentUninstaller.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]
@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]
@="IControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]
@="IControllerConduitCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]
@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]
@="IControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]
@="IControllerConduitCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]
"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11ADB8DE-8872-4F23-B38C-6888AF7EE5C3}]
"AppPath"="C:\Users\Gordon\AppData\Local\Conduit\CT2925418"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]
"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZoneAlarm_Extreme_Security\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZoneAlarm_Extreme_Security\toolbar]
"InstallationType"="ConduitIntegration"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZoneAlarm_Extreme_Security\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZoneAlarm_Extreme_Security\toolbar]
"PlatformType"="ConduitToolbarMyStuff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZoneAlarm_Extreme_Security\toolbar]
"AutoUpdateHelperPath"="C:\Users\Gordon\AppData\Local\Conduit\CT2925418\ZoneAlarm_Extreme_SecurityAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]
@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]
@="IControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]
@="IControllerConduitCallback"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\1312978]
"Url"="http://alerts.conduit-services.com/root/1317307/1312978/UK"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="http://alerts.conduit-services.com/root/909619/905414/UK"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="http://alert.client.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="http://alert.services.conduit.comऀ倪酭〼倩ﴈϰ饠ϥlert.client.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="http://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="http://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin倀酧㨼倰ᨠϱÄϥ鄡紽倡ఇ᫤"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="http://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="http://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.5.3]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.3.8.0]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\3528873561]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418_CT2925418]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\conduit_CT2925418_en]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\1317498225]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\2458131877]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\25841031]
"dbname"="conduit_CT2925418_en"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3152005739]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3718787002]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\3795242730]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\4063106592]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\740059906]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\905002612]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Repository\MetaData\917130571]
"dbname"="conduit_CT2925418_CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___cap1dev_conduit-apps_com_Apps_checkpoint_privatebrowsing_index_html]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___cap1dev_conduit-apps_com_Apps_checkpoint_sitecheck_index_html]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\BackHandStorage\http___storage_conduit_com_18_292_CT2925418_BrowserFiles_5b8e6d21-8344-4177-9a42-f1716cee59f3_html]
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2925418"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.8.5.1/tbedrs.dll"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Weather]
"SearchServerUrl"="http://search.conduit.com/"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\AppDataLow\Software\ZoneAlarm_Extreme_Security\toolbar\Settings\Weather\en]
"Forecast"="<FORECAST><LOCATION_ID>UKXX0085</LOCATION_ID><DAYS><DAY1><DATE>20120221</DATE><DAY>Tuesday</DAY><F_MIN>45</F_MIN><F_MAX>52</F_MAX><C_MIN>7</C_MIN><C_MAX>11</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>1</UV_INDEX><SUNSET>5:25 pm</SUNSET><SUNRISE>7:03 am</SUNRISE><MOONRISE>6:23 am</MOONRISE><MOONSET>5:21 pm</MOONSET><MOON_PHASE>Waning Crescent</MOON_PHASE><CONDITION_DESCRIPTION>Cloudy</CONDITION_DESCRIPTION><CONDITION_ICON>http://weather.conduit.com/images/weather/Default/cloudy_big.gif</CONDITION_ICON></DAY1><DAY2><DATE>20120222</DATE><DAY>Wednesday</DAY><F_MIN>51</F_MIN><F_MAX>52</F_MAX><C_MIN>10</C_MIN><C_MAX>11</C_MAX><UV_DESCRIPTION>Low</UV_DESCRIPTION><UV_INDEX>1</UV_INDEX><SUNSET>5:26 pm</SUNSET><SUNRISE>7:01 am</SUNRISE><MOONRISE>6:43 am</MOONRISE><MOONSET>6:32 pm</MOONSET><MOON_PHASE>New</MOON_PHASE><CONDITION_DESCRIPTION>Showers</CONDITIO
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\BillP Studios\WinPatrol\IEHelpers]
"Conduit Toolbar"="901"
[HKEY_USERS\S-1-5-21-3535767090-3609679722-1398638442-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418"

-= EOF =-
Step 2 to follow
GT
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Re: Time problem & Uninstall problem

Unread postby whisperer » March 5th, 2012, 6:09 am

Hi Maxi,

I remembered another possible symptom yesterday in that I am unable to start Windows Defender, thought I had better add it in as it mighten lessen the murk? :oops:

Please find below the EESet scan that took over 7 hours to complete, mostly on the external N drive used for backup.

ESet Scan Log

C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application
D:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5XSFCLU\index-functions[1].js Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Local\Temp\miaAD10.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
D:\Users\Gordon\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
N:\GORDON-7\Backup Set 2010-12-18 085916\Backup Files 2010-12-18 085916\Backup files 1.zip Win32/RegistryBooster application
N:\GORDON-7\Backup Set 2011-06-05 082854\Backup Files 2011-06-05 082854\Backup files 2.zip Win32/RegistryBooster application
N:\GORDON-7\Backup Set 2011-06-05 082854\Backup Files 2011-07-17 090445\Backup files 2.zip Win32/RegistryBooster application
N:\GORDON-7\Backup Set 2011-06-05 082854\Backup Files 2011-07-31 093941\Backup files 1.zip Win32/RegistryBooster application
N:\GORDON-7\Backup Set 2011-06-05 082854\Backup Files 2011-12-11 074559\Backup files 1.zip Win32/RegistryBooster application

I have already uninstalled registry booster which is why it does not appear in any 2012 backups, but I see that it is still in Vista (D Drive) and the empty directory remains in the C:\Program Files
Best wishes
GT :)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 131 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware