Sign in to follow this  
Followers 0
imposs

"Maniac" resume help please

49 posts in this topic

I uninstalled Coupon Printer for Windows but I could not do so for ZoneAlarm. As I mentioned before, there is no indication of ZoneAlarm anywhere on my system but it is still around somewhere. That is what I am hoping to get rid of.

I give below the JRT.txt log and the OTL.txt log. The Extra.txt log follows shortly after.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.1.7 (12.16.2012:1)

OS: Windows 7 Home Premium x64

Ran by MPOSSENER on 17/12/2012 at 17:00:49.74

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\drivercure"

Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\pcpro"

Successfully deleted: [Folder] "C:\Users\MPOSSENER\AppData\Roaming\speedmaxpc"

Successfully deleted: [Folder] "C:\Users\MPOSSENER\appdata\locallow\datamngr"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/12/2012 at 17:08:55.26

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 17/12/2012 18:17:46 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MPOSSENER\Documents

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.22% Memory free

7.71 Gb Paging File | 5.93 Gb Available in Paging File | 76.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.99 Gb Total Space | 202.16 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Computer Name: MPOSSENER-PC | User Name: MPOSSENER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\MPOSSENER\My Documents\OTL.exe

PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

PRC - [2012/09/03 17:04:24 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

PRC - [2012/08/19 20:14:14 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012/08/07 11:31:06 | 028,551,040 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/25 11:57:08 | 029,357,952 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2010/12/23 14:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2010/12/23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2010/12/22 20:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/22 20:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/09 05:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/12/09 05:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/12/09 05:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/11/12 01:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010/11/12 01:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/09/28 03:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2010/09/18 00:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010/09/18 00:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/04/27 02:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/21 22:05:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\54d19fac3bfc693f87db68571844895a\IAStorCommon.ni.dll

MOD - [2012/11/21 22:05:11 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d1a34ee93168657925ce2cfc68d8b63c\IAStorUtil.ni.dll

MOD - [2012/11/21 18:52:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/21 18:52:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/21 18:52:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/21 18:51:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/21 18:51:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/21 18:51:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/21 18:51:47 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/21 18:51:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/12/23 14:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2010/12/23 14:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2010/11/12 01:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/08 10:03:31 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/10/29 10:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/09/03 17:04:24 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)

SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/08 02:20:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/12/22 20:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/22 20:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/09 05:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/11/12 01:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/09/28 02:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/17 14:39:04 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/09/03 17:04:26 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/05/30 21:54:32 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/15 19:42:08 | 000,035,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2010/12/11 20:43:54 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2010/12/11 08:12:54 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2010/12/11 08:12:50 | 000,067,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2010/12/06 10:14:40 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2010/12/06 10:14:40 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2010/12/06 10:14:40 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2010/12/01 22:36:04 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/12 06:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/09 10:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 08:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/30 05:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/09/30 05:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/07/09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/04/20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.co.uk/

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en

IE - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 16:04:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/25 16:04:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/29 21:47:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/29 21:47:00 | 000,000,000 | ---D | M]

[2012/08/19 17:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found

O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found

O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found

O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..Trusted Domains: avg.com ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1995658937-3148030641-3140236263-1000\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{88fc7b61-6c35-11e1-98e4-1c7508df53a2}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 18:15:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MPOSSENER\Documents\OTL.exe

[2012/12/17 17:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/12/17 17:00:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2012/12/17 16:47:18 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/17 16:45:54 | 000,496,028 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\MPOSSENER\Documents\JRT.exe

[2012/12/16 21:39:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\MPOSSENER\Documents\dds.com

[2012/12/13 16:54:30 | 011,563,944 | ---- | C] (OPSWAT, Inc.) -- C:\Users\MPOSSENER\Desktop\AppRemover.exe

[2012/12/09 19:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/11/30 23:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/11/30 23:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/11/30 23:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/11/29 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2012/11/24 01:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/24 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/12/17 18:15:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MPOSSENER\Documents\OTL.exe

[2012/12/17 17:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/17 17:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/17 16:45:55 | 000,496,028 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\MPOSSENER\Documents\JRT.exe

[2012/12/17 14:46:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/17 14:46:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/17 14:39:15 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2012/12/17 14:39:04 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/12/17 14:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/17 14:38:44 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/16 21:39:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\MPOSSENER\Documents\dds.com

[2012/12/14 16:22:51 | 000,000,009 | ---- | M] () -- C:\end

[2012/12/13 21:55:06 | 003,121,727 | ---- | M] () -- C:\Users\MPOSSENER\Documents\WhichRetired.pdf

[2012/12/13 16:53:58 | 011,563,944 | ---- | M] (OPSWAT, Inc.) -- C:\Users\MPOSSENER\Desktop\AppRemover.exe

[2012/12/13 16:53:07 | 016,216,128 | ---- | M] () -- C:\Users\MPOSSENER\Desktop\OPSWATAppRemover.exe

[2012/12/13 16:00:13 | 000,366,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/09 19:54:45 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2012/12/08 18:27:24 | 000,208,137 | ---- | M] () -- C:\Windows\hpoins47.dat

[2012/12/08 18:22:08 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012/12/08 18:21:15 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk

[2012/12/05 21:55:19 | 000,196,637 | ---- | M] () -- C:\Users\MPOSSENER\Documents\Watfordbuses602.pdf

[2012/12/01 16:30:12 | 000,977,145 | ---- | M] () -- C:\Users\MPOSSENER\Documents\MrsA.pdf

[2012/11/30 23:17:46 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/11/29 21:46:54 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012/11/29 21:46:26 | 000,002,103 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/11/29 00:10:33 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/29 00:10:33 | 000,633,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/29 00:10:33 | 000,112,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/25 23:13:52 | 005,077,800 | ---- | M] () -- C:\Users\MPOSSENER\Documents\HPPSdrPrinter.exe

[2012/11/24 01:04:44 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/12/13 21:55:05 | 003,121,727 | ---- | C] () -- C:\Users\MPOSSENER\Documents\WhichRetired.pdf

[2012/12/13 16:53:07 | 016,216,128 | ---- | C] () -- C:\Users\MPOSSENER\Desktop\OPSWATAppRemover.exe

[2012/12/08 18:21:15 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk

[2012/12/08 18:17:25 | 000,208,137 | ---- | C] () -- C:\Windows\hpoins47.dat

[2012/12/05 21:55:19 | 000,196,637 | ---- | C] () -- C:\Users\MPOSSENER\Documents\Watfordbuses602.pdf

[2012/12/01 16:06:17 | 000,977,145 | ---- | C] () -- C:\Users\MPOSSENER\Documents\MrsA.pdf

[2012/11/30 23:17:46 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/11/29 21:46:54 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk

[2012/11/29 21:46:32 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk

[2012/11/29 21:46:26 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/11/24 01:04:44 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/11/21 14:49:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/21 14:38:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/09/30 23:51:28 | 000,069,788 | ---- | C] () -- C:\ProgramData\jxxvlxmfsejeoaz

[2012/08/01 17:31:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/07/31 23:37:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad

[2012/07/22 21:20:11 | 000,000,055 | ---- | C] () -- C:\Users\MPOSSENER\AppData\Roaming\mbam.context.scan

[2012/07/08 14:13:58 | 000,208,198 | ---- | C] () -- C:\Windows\hpoins47.dat.temp

[2012/07/08 14:13:58 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp

[2012/05/30 21:54:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/05/30 21:54:32 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/05/07 21:37:55 | 000,034,814 | ---- | C] () -- C:\Users\MPOSSENER\AppData\Local\dt.dat

[2011/08/23 20:10:29 | 000,019,529 | ---- | C] () -- C:\Windows\hpqins13.dat

[2011/06/05 17:47:00 | 000,000,258 | RHS- | C] () -- C:\Users\MPOSSENER\ntuser.pol

[2011/05/09 14:10:39 | 000,000,944 | ---- | C] () -- C:\Users\MPOSSENER\Windows Easy Transfer.lnk

[2011/05/09 14:10:39 | 000,000,706 | ---- | C] () -- C:\Users\MPOSSENER\autorun.inf

[2011/01/06 04:09:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2010/12/06 10:01:33 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2008/04/02 20:52:04 | 000,000,108 | ---- | C] () -- C:\Users\MPOSSENER\default.pls

[2008/03/26 18:16:49 | 000,001,024 | ---- | C] () -- C:\Users\MPOSSENER\.rnd

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\Users\MPOSSENER\AppData\Local\{0475e131-5bbb-6a7d-9dde-0ced762d5f8b}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/15 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2012/10/15 11:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012/10/07 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\MAUREEN\AppData\Roaming\AVG2013

[2012/09/27 17:48:24 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\AVG2013

[2012/03/23 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\GetRightToGo

[2012/03/22 17:15:06 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\gizza

[2012/04/03 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\iolo

[2012/07/25 19:39:39 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Media Player Lite

[2012/08/19 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\PowerCinema

[2012/06/04 09:58:47 | 000,000,000 | -H-D | M] -- C:\Users\MPOSSENER\AppData\Roaming\RPPrivate

[2012/06/12 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Simple Sudoku

[2011/05/09 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\SolSuite

[2012/04/27 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Tific

[2012/03/02 17:26:14 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\TuneUp Software

[2011/07/09 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Uniblue

[2011/09/12 20:01:38 | 000,000,000 | ---D | M] -- C:\Users\MPOSSENER\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E00596C

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Share this post


Link to post
Share on other sites

The Extras.txt log now follows.

OTL Extras logfile created on: 17/12/2012 18:17:46 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MPOSSENER\Documents

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 65.22% Memory free

7.71 Gb Paging File | 5.93 Gb Available in Paging File | 76.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 282.99 Gb Total Space | 202.16 Gb Free Space | 71.44% Space Free | Partition Type: NTFS

Computer Name: MPOSSENER-PC | User Name: MPOSSENER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{093721BF-3354-4214-9B25-3ABEB38D5C2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0AA7B0E7-C8D4-4E1E-B3BF-E715B08C05E1}" = rport=139 | protocol=6 | dir=out | app=system |

"{178206B2-1612-4F1C-BC5A-4B438D7ECDA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{19B3935D-12BB-45AB-B95B-65E554512DA4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{1B3A4857-D366-4E98-BA82-B0722BED583A}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |

"{1E993B08-EC88-4C0F-B405-35F5B83E8E1A}" = lport=139 | protocol=6 | dir=in | app=system |

"{23FC2562-C95E-47BE-BA4F-3876BD3A7DC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35F1C1C3-673D-4E91-8505-B30EDA2FFFE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3698B677-9CE5-4A31-A98F-9E0AC30D04C5}" = lport=10243 | protocol=6 | dir=in | app=system |

"{434F8A02-6490-4C89-B2BF-F2824FBE77A1}" = rport=445 | protocol=6 | dir=out | app=system |

"{4BC39D6A-95EC-4EF3-AE09-883872812A04}" = rport=10243 | protocol=6 | dir=out | app=system |

"{4C59F3DC-6C6B-49DC-A71D-DEA2E46AD2DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5192B47E-F049-456F-A8D5-86B7DA5D4BE0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{58F18191-27F0-4151-A103-7D502330DFA4}" = rport=138 | protocol=17 | dir=out | app=system |

"{5D9C745D-3795-4A0C-BC88-308568531B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{76AD0C7C-2535-41E8-9A8F-FA1D63D6D0A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8EC4465E-64C8-4A2E-A8E9-7A2B9C14DD72}" = lport=138 | protocol=17 | dir=in | app=system |

"{A8AB6679-79D4-446D-9233-4EC46413FEE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{ADE7A1B0-F2E0-460A-B7E4-86C70DB5AC6D}" = rport=137 | protocol=17 | dir=out | app=system |

"{B09AEF43-07C8-49B8-8D0D-5BC563BD0D08}" = lport=137 | protocol=17 | dir=in | app=system |

"{B292F8AE-B6F4-401A-96F7-F4B35E2CC334}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B4E4A890-DAD4-40E3-88E2-774288B07EC8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{CAAF864D-36F6-47F2-9F98-50A5CBE09D68}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CEAE7F6C-D929-457D-858E-239B87F88CDD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{D07DD956-2CF0-4FE6-B607-B2854F82A7C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E6A4054A-7C5B-4B6E-8C84-00AED4DEE966}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |

"{E93F3872-7F70-4916-8D1B-2588314154C3}" = lport=445 | protocol=6 | dir=in | app=system |

"{F8BAF858-3E2D-46D9-A4AA-3907851FE03A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01C548DD-BCE1-4E4E-99D5-3E93BB44E256}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{03BE3905-1B96-48EE-88C2-D29D585AAD4F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs651d\hpdiagnosticcoreui.exe |

"{062C1A7F-06C8-41DA-9C24-B894C6E17E93}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs67d7.tmp\symnrt.exe |

"{108BB41A-F678-4543-825C-1B8BB191DDE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{10D7F2E5-A9CF-4CAE-82C7-D464B4D6851F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs79a6\hpdiagnosticcoreui.exe |

"{160C7C41-6F7D-4934-85FB-36A2C76A52E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{18DFB74B-B820-4279-9078-17680B7FA6CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{1C8543E0-BF9F-4CB4-BA7D-FB37761AB4CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{23E52400-2966-4E39-B428-520781A06782}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{2565A7FE-044C-4000-A730-A80E4F2CFE82}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0883\hpdiagnosticcoreui.exe |

"{2634E888-1CA0-4DB4-B611-2AED1B0EA105}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5a44\hpdiagnosticcoreui.exe |

"{28D9BF1C-E52F-4A40-AEA1-65DE827EF4E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{2AC11A58-56DE-48A6-B18A-6416B5F5E9EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{2B570D82-00B7-4A2C-8085-8FC02F32093B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2C135918-60A3-4CCB-83F4-A60280F92C55}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{2DC82E5B-C70D-4B3A-819C-2ECE8F2FBAD0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5a44\hpdiagnosticcoreui.exe |

"{2F106E70-1525-41F6-9B25-093ADB2296EB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |

"{31123E59-C060-49CE-A04E-D2B8E757699F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0702\hpdiagnosticcoreui.exe |

"{31759D58-3953-477A-80FD-BA6AB17D00D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{319B5563-C0DC-4D62-8C40-AA31233325EB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs6958\hpdiagnosticcoreui.exe |

"{33BA5C61-68AA-4627-AA3D-465D6AB027C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{350AA2D3-5C05-418E-AB21-0A91AE2BC471}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3841ABAD-8DE8-4663-977C-588279E88378}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs79a6\hpdiagnosticcoreui.exe |

"{3BA954A4-1563-439C-9D96-F6D3F174D29B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3C448EE8-C279-4483-8936-038A924488F9}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs52a9\hpdiagnosticcoreui.exe |

"{3D33B908-CC48-4694-B716-E8A206B831F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4005D4F9-4824-4A0B-ADCA-339EDF3940E6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |

"{41514CBF-F2A3-4247-9974-CAEFEDB1185B}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d41\hpdiagnosticcoreui.exe |

"{427676B8-4B72-4CC6-BEF3-A60332960619}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{42B3D5EA-655E-4A41-92B2-2401CE6BDA5F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{42C5C017-FA1C-4C15-AF09-7A2F4863CA56}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7d25\hpdiagnosticcoreui.exe |

"{44E796A6-AAB1-4949-9A47-2FB0D75F580F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{45CBFBE3-F070-4A42-AD99-78E383D76A49}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7444\hpdiagnosticcoreui.exe |

"{46785496-1DCF-46ED-A19A-044FD7541305}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4689AF1A-1441-4428-8D2A-E36114D93D32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{4A7DB4C9-ABF6-41E5-A70C-4B8ECD9356C3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4faa\hpdiagnosticcoreui.exe |

"{4C3E76B2-5B87-45D1-84E7-9F88779F019F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs1335\hpdiagnosticcoreui.exe |

"{4C8AA58A-7979-4020-936E-14CCB86E8B74}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20d1\hpdiagnosticcoreui.exe |

"{4CA9148E-7970-4F25-BF3B-0FCD73CAABC0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs52a9\hpdiagnosticcoreui.exe |

"{4CCA4F2E-E60B-4C2E-87D3-FF37BE65E9CA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4b22\hppiw.exe |

"{4D1E62DB-1FE0-4CC3-B8E2-0B13982B3DA4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{4E04F59A-F709-4D4F-BC37-5B462851BD69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{4EDBD70A-45D1-4F2E-98EF-5EBB050D808F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{50D34476-58F9-4F9E-B4D7-0F1854BE82CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{5344E624-1080-4D05-9D6F-329AE8C985C1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs712b.tmp\symnrt.exe |

"{54AAD907-8223-4F77-AB00-5C22B5DA03B0}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs67d7.tmp\symnrt.exe |

"{5511D2F6-8798-4EDA-8342-9CE652861F6A}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs1335\hpdiagnosticcoreui.exe |

"{56557F6E-88A7-4E84-AD03-139D77973FF6}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs6958\hpdiagnosticcoreui.exe |

"{58B1887C-29C3-4E8F-9C08-B56FF3FDD937}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3689\hpdiagnosticcoreui.exe |

"{5F73685D-3D2D-45B6-8558-C6366F093728}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6349ED48-6766-4813-8F74-26EE04AA265F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{683A639D-3D24-420E-8618-B934A426BC7F}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsee59.tmp\symnrt.exe |

"{68459CE0-FCD3-401E-94C4-51F372141ED4}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs01e3\hpdiagnosticcoreui.exe |

"{6B3831A8-BFCB-4477-8AD5-92FA33EB6922}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs74d0\hpdiagnosticcoreui.exe |

"{6C2F087D-963D-4954-ABD0-186790CC48AD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{6DA726B7-D875-4DE7-B9C8-C6AE27514651}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76b6\hpdiagnosticcoreui.exe |

"{6E79A9E3-90A2-413B-A434-ACEEDC9CDEA6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6FDF4F7C-5551-4394-99C5-11382BA28528}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0702\hpdiagnosticcoreui.exe |

"{750EF6DE-C9F3-4DF2-A448-995C606829DB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7d25\hpdiagnosticcoreui.exe |

"{755FA91E-7EC3-49A5-A2B6-0BA657060296}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{757FCD0C-B577-41BC-9753-34CBF566C078}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20f4\hpdiagnosticcoreui.exe |

"{78CFD71A-BF94-4524-808F-13FB44149993}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{7A30FCBF-EF8C-40A7-8661-C077C7DBC6C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7B78168F-3A4A-4DDC-B047-55C33779C7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7EF23E2E-AFEB-4BDE-84E2-D91F9E39DA16}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d57\hpdiagnosticcoreui.exe |

"{7FB314FA-96E2-4033-9C22-873114F482DA}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3b62\hpdiagnosticcoreui.exe |

"{814FDC29-7588-4173-B510-2FDBCD5CE650}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{82046FA8-22E8-4CFB-A919-40AF5C1E53F3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{823381BB-2F81-4226-9469-510CF2DA19CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{84A037FA-79C6-454D-BBCC-F871D12D18D1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs57e4\hpdiagnosticcoreui.exe |

"{8532F53C-B537-4819-96AC-6CE9A37946A3}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3b62\hpdiagnosticcoreui.exe |

"{87A2FC26-7094-4569-B86B-A59BF3B92BEB}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0418\hpdiagnosticcoreui.exe |

"{8A3F4184-ECC4-49E6-9063-595134489839}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs651d\hpdiagnosticcoreui.exe |

"{8AD15415-B4B0-4635-BB0C-932C68859A4C}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d41\hpdiagnosticcoreui.exe |

"{8B1D4068-392B-4C17-8408-AF912EBD9806}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8BDB2D5B-34B4-4771-806A-FFABEA2FB306}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs01e3\hpdiagnosticcoreui.exe |

"{91D6705F-3E40-4151-BEFC-0CD8D75C0CEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{9399A508-1B17-46D2-BD24-CF97F38554D7}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs00b7\hpdiagnosticcoreui.exe |

"{94C4D640-3AC5-44F1-AE90-B8B9954890F8}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsd92f.tmp\symnrt.exe |

"{977D7D62-F192-424B-9B0D-83451A98EFA6}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76b6\hpdiagnosticcoreui.exe |

"{991AE99F-F166-495F-996A-CD9FB34F76AE}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs7444\hpdiagnosticcoreui.exe |

"{9AB73AFC-ED16-42DE-BDDD-F6A80CD2DC5F}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs2044\hpdiagnosticcoreui.exe |

"{9ABC01F8-104D-468D-98C3-74E9A13A1CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{9B57A88D-3ABE-4DC9-9FAB-D0C028B6ADFC}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0327\hppiw.exe |

"{9FF4E547-791A-41FE-9076-D714710A65EC}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs712b.tmp\symnrt.exe |

"{A0CA8043-6404-48FD-B39F-6CD87D9F29F2}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs2044\hpdiagnosticcoreui.exe |

"{A1AC8A9C-286B-4C3D-B20F-54B719C4C445}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{A49BB26F-1862-4ADB-994A-42A10496ACBA}" = dir=in | app=d:\setup\hpznui40.exe |

"{A5829765-266E-44E0-A8B2-06F8FFEDB94A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A68D0BC6-B1DB-4941-873C-C520FE459498}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |

"{A924985F-40BF-48DD-B5B0-C8D922717437}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs5d57\hpdiagnosticcoreui.exe |

"{A9C910B9-46FA-4FB9-B564-F844B7AEAA29}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4f65\hpdiagnosticcoreui.exe |

"{AAA59833-2854-4CD7-826D-0F6CFDF3E48E}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe |

"{AEA861B2-0FC8-41DF-89A2-E6672689DA84}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{B401F193-1E53-495C-B3A7-8587F6CF8901}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{B4C350CC-FE23-4B00-B485-76873F9F3EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{B5AD15B8-E68A-489F-9346-A42FF973DE93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{BE7DFD6E-B24D-43DB-A69A-79E11E859A90}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |

"{C0853455-69D7-4AF3-A464-6826476489F4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsee59.tmp\symnrt.exe |

"{C171408C-B824-45EE-A731-B3511B2883A8}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |

"{C2AAA3AE-8139-4518-9BB3-767E1E77425D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{CA564430-39D5-4409-B6A4-778A64A31A32}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |

"{CD95A56C-AACF-4EBF-AD29-F5FD2647C4D9}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0418\hpdiagnosticcoreui.exe |

"{D06FC4AE-AEA1-4DC2-BE2D-6EC26C6FCD7D}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20d1\hpdiagnosticcoreui.exe |

"{D0F04099-E862-4328-8A14-8EB1F974BD4B}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs57e4\hpdiagnosticcoreui.exe |

"{D1A71CF3-8AC0-46FB-AF0C-38DB09013C96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{D4A0AF72-D518-4419-A7D6-E276B560DB57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{D677FDDC-D99F-4A55-821C-3B0D12E1D1BA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs3689\hpdiagnosticcoreui.exe |

"{D6B0CAF2-4BFA-45D1-8B8E-65D1D86FF154}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D828F879-453E-431C-B045-30E7CFDD43B4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zsd92f.tmp\symnrt.exe |

"{D893423F-91E7-40E7-AECC-2BC776896EAA}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0883\hpdiagnosticcoreui.exe |

"{D99BC86F-5BEB-4B1A-AD4C-19DEC72AA9A7}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76f3\hpdiagnosticcoreui.exe |

"{D9AA1982-2DCD-460D-ABAF-775E9DD15AD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{DA931DA2-4D47-4923-AE90-D2FA95FE3FC3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4f65\hpdiagnosticcoreui.exe |

"{DB7798E6-5E5F-46FC-9A0D-B7DDFF74AAC3}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs0327\hppiw.exe |

"{E0530619-0F69-4516-A4E0-5DBBED8B4B19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E13F0F7F-1939-4ADB-9F3A-88CB931DC248}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E7058277-D04F-42AB-8C85-6841A0F18CE7}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4b22\hppiw.exe |

"{E761E50E-C4BA-4368-B80A-98F156868E9D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |

"{E8EDA90F-204A-46FE-B98E-F505C60B0BEE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{E9007D10-7EA7-496E-A9C5-F1051CFC562D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{EA55CA98-DB6F-46C6-8ED2-AAAFD87BF6CE}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs74d0\hpdiagnosticcoreui.exe |

"{EB27A5E6-168F-4D95-8352-C5A2EAD41ED4}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs4faa\hpdiagnosticcoreui.exe |

"{EB4F4B8A-1CCC-4883-AFEC-019C4F134152}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |

"{EBC5813C-16A6-4BD7-BBBA-5338E4539F88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{F1004797-42BA-47C9-AB44-EE8727798CA0}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs76f3\hpdiagnosticcoreui.exe |

"{F1DB5D75-B929-4DA8-90D9-00D191C475D1}" = protocol=6 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs00b7\hpdiagnosticcoreui.exe |

"{F4E13088-CFED-479D-B91A-5A82E418530A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{F6497A3E-46FD-4DD2-94A5-A29691F0F87E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F6501F44-FDB0-475E-8136-B3269A70D618}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{F749C372-FAD3-4A58-9056-EAE4154C2C71}" = protocol=17 | dir=in | app=c:\users\mpossener\appdata\local\temp\7zs20f4\hpdiagnosticcoreui.exe |

"{FA99D4F0-3C15-4CB1-80A7-BED388A5C908}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe |

"{FFEAB067-7A3E-4DC6-856B-73D3B3DA1739}" = protocol=6 | dir=out | app=system |

"TCP Query User{D0A6BD87-D97D-4AB2-B459-9D900E294270}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{F4C01D6A-7489-4A65-8D67-2E1708DBC590}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

"TCP Query User{F7812055-7FA0-4211-B8DE-63B30AE72B38}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

"UDP Query User{11916FE6-C078-4ADC-8B07-68519D294C2D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{A1B51985-4D58-4F47-AFF7-E16BFC1A4EAE}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |

"UDP Query User{F8B0A1E9-CB5A-4CD1-8B1E-E4626F6D80CA}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"AVG" = AVG 2013

"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Recuva" = Recuva

"Shop for HP Supplies" = Shop for HP Supplies

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1E91951D-0114-4692-8F55-F95E1B2F3542}" = SlimDrivers

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3C22981C-5C14-4176-B0E8-C2BE71174C41}" = HP Product Detection

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EF87AB0F-2AC7-4C3F-AE8E-59F0BD0A6360}" = DriverUpdate

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FB5055E4-9BE1-425F-B40A-33E43E9460DA}" = Sudoku

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AudibleDownloadManager" = Audible Download Manager

"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]

"Google Chrome Frame" = Google Chrome Frame

"HP Photo Creations" = HP Photo Creations

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"IsoBuster_is1" = IsoBuster 3.0

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"MediaPlayerLite" = MediaPlayerLite 0.3

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"Poker 25_is1" = Poker 25 Version 1.0

"RealPlayer 15.0" = RealPlayer

"SolSuite" = SolSuite

"Sudoku" = Sudoku

"SuDoku Solver v 1.0" = SuDoku Solver v 1.0

"Ten Thumbs_is1" = Ten Thumbs 4.7

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 17/12/2012 13:57:36 | Computer Name = MPOSSENER-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
    :files
    C:\Program Files (x86)\CheckPoint
    ipconfig /flushdns /c
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ZoneAlarm LTD Toolbar" =-
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Thank you for the Custom Scans/Fixes. The OTL fix log follows.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Installer deleted successfully.

========== FILES ==========

C:\Program Files (x86)\CheckPoint folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\MPOSSENER\Documents\cmd.bat deleted successfully.

C:\Users\MPOSSENER\Documents\cmd.txt deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ZoneAlarm LTD Toolbar not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: MAUREEN

->Temp folder emptied: 6154218 bytes

->Temporary Internet Files folder emptied: 65943113 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 998 bytes

User: MPOSSENER

->Temp folder emptied: 1111038063 bytes

->Temporary Internet Files folder emptied: 147342778 bytes

->Java cache emptied: 1880 bytes

->Flash cache emptied: 8566 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 60252772 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 60744278 bytes

Total Files Cleaned = 1,384.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12192012_104913

Files\Folders moved on Reboot...

File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_9701237F-B442-4FDC-9DAA-BF112D7574AF.0\9F5723B9. not found!

File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_6948D345-8890-4FB7-A2D7-022C9B12BB8A.0\EC6CC5AD. not found!

File\Folder C:\Users\MPOSSENER\AppData\Local\Temp\OICE_3008DCD4-7B22-4E41-A95C-EBEBA936BC51.0\CC8DA538. not found!

C:\Users\MPOSSENER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

I am sorry to say that ZoneAlarm is still around. The latest DDS scan shows ZoneAlarm LTD Toolbar is still there (near end of Attach shown below) and my HP test for firewalls says that ZoneAlarm Pro Firewall is there. Can anything more be done to remove them?

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 04/05/2011 01:26:34

System Uptime: 20/12/2012 14:46:23 (2 hours ago)

.

Motherboard: Acer | | JE50_HR

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 202.673 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart B110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP129: 01/11/2012 16:03:33 - Installed Java 7 Update 9

RP130: 21/11/2012 14:36:19 - Windows Update

RP131: 27/11/2012 12:00:20 - Restore Operation

RP132: 28/11/2012 17:22:13 - Windows Update

RP133: 13/12/2012 15:36:03 - Windows Update

RP134: 13/12/2012 16:08:06 - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Airport Mania First Flight

Amazonia

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audible Download Manager

AVG 2013

B110

Backup Manager V3

Bing Bar

Bonjour

Broadcom Card Reader Driver Installer

Broadcom Gigabit NetLink Controller

BufferChm

Cake Mania

clear.fi

clear.fi Client

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Dream Day First Home

DriverUpdate

eBay Worldwide

eSobi v2

ETDWare PS/2-X64 8.0.6.0_WHQL

Farm Frenzy 2

ffdshow v1.2.4422 [2012-04-09]

Galapago

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Heroes of Hellas

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Essential 3.5

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Identity Card

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

IsoBuster 3.0

iTunes

Java 7 Update 9

Java Auto Updater

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

MediaEspresso

MediaPlayerLite 0.3

Merriam Websters Spell Jam

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Network64

NTI Media Maker 9

Picasa 3

Poker 25 Version 1.0

Poker Pop

PS_AIO_07_B110_SW_Min

QuickTime

QuickTransfer

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recuva

Renesas Electronics USB 3.0 Host Controller Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shop for HP Supplies

Shredder

Skype™ 5.10

SlimDrivers

SmartWebPrinting

SolSuite

SolutionCenter

Spin & Win

Status

Sudoku

SuDoku Solver v 1.0

SUPERAntiSpyware

SUPERAntiSpyware Free Edition

System Checkup 3.0

Ten Thumbs 4.7

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

WebReg

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

ZoneAlarm LTD Toolbar

.

==== Event Viewer Messages From Past Week ========

.

20/12/2012 16:04:32, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

20/12/2012 12:27:36, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

20/12/2012 12:26:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon

20/12/2012 12:26:28, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

19/12/2012 10:49:13, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

18/12/2012 23:27:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

18/12/2012 21:42:38, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

For completeness I give below the first part of the DDS scan in case it is of help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by MPOSSENER at 16:17:54 on 2012-12-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2512 [GMT 0:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.yahoo.com/

uWindow Title = Microsoft Internet Explorer provided by Tiscali

uSearch Bar = hxxp://www.lycos.co.uk/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.tiscali.co.uk/

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}\243534 : DHCPNameServer = 192.168.0.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

x64-mSearchAssistant = hxxp://www.google.com/ie

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-19 31080]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2656280]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-6 243232]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368]

R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-6 138024]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-10 15712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-19 10:49:13 -------- d-----w- C:\_OTL

2012-12-17 17:19:10 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-17 17:00:47 -------- d-----w- C:\Windows\ERUNT

2012-12-17 16:47:18 -------- d-----w- C:\JRT

2012-12-12 16:09:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-30 23:17:22 -------- d-----w- C:\Program Files\iPod

2012-11-30 23:17:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-30 23:17:21 -------- d-----w- C:\Program Files\iTunes

2012-11-30 23:17:21 -------- d-----w- C:\Program Files (x86)\iTunes

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-11-21 14:49:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-21 14:49:42 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-21 14:49:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-21 14:49:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-21 14:38:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-21 14:38:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-21 14:38:16 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-21 14:38:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-21 14:38:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-21 14:38:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-21 14:38:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

.

==================== Find3M ====================

.

2012-12-20 12:26:43 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2012-12-14 12:18:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 12:18:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 16:03:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-01 16:03:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

.

============= FINISH: 16:18:26.43 ===============

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *zonealarm*
    *checkpoint*

    :folderfind
    *zonealarm*
    *checkpoint*

    :regfind
    zonealarm
    checkpoint


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Thanks for writing the special text. Log is as below.

SystemLook 30.07.11 by jpshortstuff

Log created at 16:49 on 21/12/2012 by MPOSSENER

Administrator - Elevation successful

========== filefind ==========

Searching for "*zonealarm*"

C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0

Searching for "*checkpoint*"

No files found.

========== folderfind ==========

Searching for "*zonealarm*"

No folders found.

Searching for "*checkpoint*"

C:\ProgramData\CheckPoint d------ [19:52 31/07/2012]

C:\Users\All Users\CheckPoint d------ [19:52 31/07/2012]

C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012]

========== regfind ==========

Searching for "zonealarm"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 17"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar]

@="ZoneAlarm Security Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar.1]

@="ZoneAlarm Security Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

@="ZoneAlarm Security Engine Registrar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar.1]

@="ZoneAlarm Security Engine Registrar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}\InprocServer32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]

"DisplayName"="ZoneAlarm LTD Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]

"URLInfoAbout"="http://www.zonealarm.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed]

"ProductName"="ZoneAlarm Free Firewall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus Definitions Light]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Antivirus Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Security Toolbar]

"TBServices"="[{"appName": "zonealarm"}]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm\Installed\ZoneAlarm Web Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm Toolbar]

"TBServices"="[{"appName": "zonealarm"}]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 17"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com]

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com]

Searching for "checkpoint"

[HKEY_CURRENT_USER\Software\CheckPoint]

[HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar\CurVer]

@="CheckPoint.ForceFieldToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer]

@="CheckPoint.ForceFieldToolbarRegistrar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer]

@="CheckPoint.IEVirtualDownloader.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}\InprocServer32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]

"InstallLocation"="C:\Program Files\CheckPoint\ZAForceField"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]

"DisplayIcon"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]

"CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\0\win32]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}\1.0\HELPDIR]

@="C:\Program Files (x86)\CheckPoint\ZoneAlarm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\CheckPoint]

-= EOF =-

Share this post


Link to post
Share on other sites

Please locate and manually delete the following folders:

C:\ProgramData\CheckPoint

C:\Users\All Users\CheckPoint

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbar.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9872D13-7651-4471-9EEE-F0A00218BEBB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-download-now.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonealarm-stop.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B009780F-571D-4EFD-8669-B2392D3B5889}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL]
[-HKEY_CURRENT_USER\Software\CheckPoint]
[-HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"=-

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Share this post


Link to post
Share on other sites

I located and deleted the ProgramData folder even though it was empty. However I could not locate the Users\All Users folder even when searching hidden files and folders so I left it. Thank you for preparing the specially written sequence. It worked perfectly. My HP scanner is working properly now and has no reference to a ZoneAlarm Firewall and I have not found any mention of ZoneAlarm in a DDS scan. I show the DDS logs below so that you can see how good your work is!

Thank you very much again for all your help. You deserve a very good Christmas so I hope you have one, and a Happy New Year.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 04/05/2011 01:26:34

System Uptime: 23/12/2012 17:30:24 (0 hours ago)

.

Motherboard: Acer | | JE50_HR

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 987/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 203.418 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart B110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart B110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP130: 21/11/2012 14:36:19 - Windows Update

RP131: 27/11/2012 12:00:20 - Restore Operation

RP132: 28/11/2012 17:22:13 - Windows Update

RP133: 13/12/2012 15:36:03 - Windows Update

RP134: 13/12/2012 16:08:06 - Windows Update

RP135: 20/12/2012 16:45:47 - Installed Network64

RP136: 21/12/2012 10:00:14 - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Airport Mania First Flight

Amazonia

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audible Download Manager

AVG 2013

B110

Backup Manager V3

Bing Bar

Bonjour

Broadcom Card Reader Driver Installer

Broadcom Gigabit NetLink Controller

BufferChm

Cake Mania

clear.fi

clear.fi Client

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Dream Day First Home

DriverUpdate

eBay Worldwide

eSobi v2

ETDWare PS/2-X64 8.0.6.0_WHQL

Farm Frenzy 2

ffdshow v1.2.4422 [2012-04-09]

Galapago

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Heroes of Hellas

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Essential 3.5

HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Identity Card

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

IsoBuster 3.0

iTunes

Java 7 Update 9

Java Auto Updater

Junk Mail filter update

Launch Manager

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

MediaEspresso

MediaPlayerLite 0.3

Merriam Websters Spell Jam

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

Network64

NTI Media Maker 9

Picasa 3

Poker 25 Version 1.0

Poker Pop

PS_AIO_07_B110_SW_Min

QuickTime

QuickTransfer

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recuva

Renesas Electronics USB 3.0 Host Controller Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shop for HP Supplies

Shredder

Skype™ 5.10

SlimDrivers

SmartWebPrinting

SolSuite

SolutionCenter

Spin & Win

Status

Sudoku

SuDoku Solver v 1.0

SUPERAntiSpyware

SUPERAntiSpyware Free Edition

System Checkup 3.0

Ten Thumbs 4.7

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

WebReg

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

23/12/2012 17:32:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

23/12/2012 17:31:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon

23/12/2012 17:31:11, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

21/12/2012 17:30:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

21/12/2012 10:18:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

21/12/2012 10:18:14, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20/12/2012 16:04:32, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

19/12/2012 10:49:13, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

18/12/2012 23:27:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

18/12/2012 21:42:38, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by MPOSSENER at 17:40:01 on 2012-12-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2552 [GMT 0:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.yahoo.com/

uWindow Title = Microsoft Internet Explorer provided by Tiscali

uSearch Bar = hxxp://www.lycos.co.uk/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.tiscali.co.uk/

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{FB088EB5-8EDC-4DF5-8F57-476A112D2E61}\243534 : DHCPNameServer = 192.168.0.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\npchrome_frame.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

x64-mSearchAssistant = hxxp://www.google.com/ie

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-19 31080]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2010-12-6 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2010-12-6 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2010-12-6 62584]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-10 311376]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-6 868224]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-8 2656280]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-6 243232]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496]

R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-15 35368]

R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-11 85544]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-6 138024]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-6 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-12-1 411688]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-10 15712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-22 20:56:50 -------- d-----w- C:\Program Files (x86)\RealNetworks

2012-12-22 20:56:48 -------- d-----w- C:\ProgramData\RealNetworks

2012-12-22 20:56:43 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-12-22 20:56:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-12-22 20:56:16 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-12-21 10:00:39 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 10:00:39 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 10:00:39 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 10:00:38 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-20 17:18:26 -------- d-----w- C:\Program Files (x86)\SlimDrivers

2012-12-19 10:49:13 -------- d-----w- C:\_OTL

2012-12-17 17:19:10 -------- d-----w- C:\ProgramData\boost_interprocess

2012-12-17 17:00:47 -------- d-----w- C:\Windows\ERUNT

2012-12-17 16:47:18 -------- d-----w- C:\JRT

2012-12-12 16:09:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-30 23:17:22 -------- d-----w- C:\Program Files\iPod

2012-11-30 23:17:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-30 23:17:21 -------- d-----w- C:\Program Files\iTunes

2012-11-30 23:17:21 -------- d-----w- C:\Program Files (x86)\iTunes

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-11-24 01:04:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-12-23 17:31:23 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2012-12-14 12:18:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-14 12:18:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 16:03:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-01 16:03:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 03:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-05 03:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-10-02 02:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-29 18:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

.

============= FINISH: 17:40:29.48 ===============

Share this post


Link to post
Share on other sites

I hope you will not be angry but shortly after my last posting to you, I thought I would like to find out what happened to those two folders which you wanted me to delete. I therefore went back a step and reran SystemLook with the same special text which you wrote then. The folders had disappeared but there were still several references to ZoneAlarm, much to my surprise. Can these just be ignored? I show the log below.

SystemLook 30.07.11 by jpshortstuff

Log created at 18:43 on 23/12/2012 by MPOSSENER

Administrator - Elevation successful

========== filefind ==========

Searching for "*zonealarm*"

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8QJKR65\71571-2-ZoneAlarm-Firewall-files-in-registry-won-t-delete[1].htm --a---- 50465 bytes [22:05 22/12/2012] [22:05 22/12/2012] 6BA59DD8593B2CDD10FB62AE3E38EE87

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121029.ZoneAlarm-Facebook-Wild-Child1[1].png --a---- 1444419 bytes [21:54 22/12/2012] [21:54 22/12/2012] 0E109D16119ECBFF2196687748C4CF79

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121221.ZoneAlarm-Facebook-Gifts[1].png --a---- 234688 bytes [21:54 22/12/2012] [21:54 22/12/2012] 97097519E3BE76DB3CB6660BD03B46A0

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\78291-FIXED-Delete-tmp-files-in-C-CheckPoint-ZoneAlarm-Data-avsys-tem-p[1].htm --a---- 37053 bytes [21:43 22/12/2012] [21:43 22/12/2012] 3C58A04CC0CBDB190E6907C8CDAB2980

C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0

Searching for "*checkpoint*"

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\78291-FIXED-Delete-tmp-files-in-C-CheckPoint-ZoneAlarm-Data-avsys-tem-p[1].htm --a---- 37053 bytes [21:43 22/12/2012] [21:43 22/12/2012] 3C58A04CC0CBDB190E6907C8CDAB2980

========== folderfind ==========

Searching for "*zonealarm*"

No folders found.

Searching for "*checkpoint*"

C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012]

========== regfind ==========

Searching for "zonealarm"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 18"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

@="ZoneAlarm Security Engine Registrar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 18"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

Searching for "checkpoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url3"="http://users/All%20Users/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url4"="http://users/AllUsers/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer]

@="CheckPoint.ForceFieldToolbarRegistrar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer]

@="CheckPoint.IEVirtualDownloader.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]

"CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url3"="http://users/All%20Users/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url4"="http://users/AllUsers/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

-= EOF =-

Share this post


Link to post
Share on other sites

I understand that manual cleaning is long and tedious but each stage removes more. I have tried your suggested tool and show below the SystemLook log with the special text which you wrote previously for me.

SystemLook 30.07.11 by jpshortstuff

Log created at 17:17 on 24/12/2012 by MPOSSENER

Administrator - Elevation successful

========== filefind ==========

Searching for "*zonealarm*"

C:\Users\MPOSSENER\Desktop\Resume ZoneAlarm Security Install.lnk --a---- 2010 bytes [12:47 24/12/2012] [12:47 24/12/2012] 389BE640890AB575A74D79A598342D83

C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 27648 bytes [00:18 03/12/2012] [00:18 03/12/2012] 631D4FFE9E1FF47E893FCC0C19DAC0E0

Searching for "*checkpoint*"

No files found.

========== folderfind ==========

Searching for "*zonealarm*"

No folders found.

Searching for "*checkpoint*"

C:\Program Files (x86)\CheckPoint d------ [12:46 24/12/2012]

C:\ProgramData\CheckPoint d------ [12:46 24/12/2012]

C:\Users\All Users\CheckPoint d------ [12:46 24/12/2012]

C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012]

========== regfind ==========

Searching for "zonealarm"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 19"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

@="ZoneAlarm Security Engine Registrar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\ZoneAlarm]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Installer"=""C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security]

"DisplayName"="ZoneAlarm Security"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISWKL\0000]

"DeviceDesc"="ZoneAlarm LTD Toolbar ISWKL"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 19"="[F00000000][T01CDD0EBB58A8AE0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

Searching for "checkpoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url5"="http://users/All%20Users/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url6"="http://users/AllUsers/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.ForceFieldToolbarRegistrar\CurVer]

@="CheckPoint.ForceFieldToolbarRegistrar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader\CurVer]

@="CheckPoint.IEVirtualDownloader.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CheckPoint.IEVirtualDownloader.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISW"=""C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]

"CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Installer"=""C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security]

"UninstallString"=""C:\Program Files (x86)\CheckPoint\Install\Install.exe" /s uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security]

"DisplayIcon"="C:\Program Files (x86)\CheckPoint\Install\Install.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\ProgID]

@="CheckPoint.IEVirtualDownloader .1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{93711F64-F9D7-4f1d-B013-21E88CB69D8A}\VersionIndependentProgID]

@="CheckPoint.IEVirtualDownloader "

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\InprocServer32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6DF8AD70-93DC-49F3-B57E-D065422A2D07}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\IEDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win32]

@="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D113022F-152F-47EE-A710-1E20EEEC6508}\1.0\0\win64]

@="C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\AltFFApi.dll"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url5"="http://users/All%20Users/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url6"="http://users/AllUsers/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

-= EOF =-

Share this post


Link to post
Share on other sites

If you remember which ZoneAlarm products you have installed, I suggest you to install it again and to uninstall it on the right way. This action will take care for everything you see in this log.

Share this post


Link to post
Share on other sites

Happy New Year! I hope you had a good holiday. What do you mean when you say I should reinstalled ZoneAlarm and uninstall it "the right way"? Do you mean that I should uninstall it through my Control Panel because, if so, surely this will leave the same extra bits that I have already which were left last time I did it? Alternatively do you think I should use a special tool to uninstall it? Please let me know what you have in mind.

Share this post


Link to post
Share on other sites

Yes, my idea is to uninstall it via Control Panel. Then to restart your system. After the reboot, please download and run this tool:

http://download.zonealarm.com/bin/free/support/download/clean.exe

After the cleaning, reboot the system again. Finally, everything should be clean.

Don't forget that whatever you do, I couldn't clean everything for you. Most importantly, I can't find everything. If you have problems with this product, you should contact their support team.

Share this post


Link to post
Share on other sites

As I am trying to get rid of all parts of ZoneAlarm, I do not understand the logic of your suggestion that I should reinstall it. However I have full trust in your judgment and I have done what you said. I reinstalled its firewall and toolbar and I uninstalled them through the Control Panel. I then ran the cleaning tool which you suggested. I am now back at the same situation as I was before with significant ZoneAlarm entries showing up in SystemLook.

Could I ask you to write me just one more piece of special text to try to get rid of as much of what is left as possible. I show below the latest SystemLook log.

SystemLook 30.07.11 by jpshortstuff

Log created at 18:41 on 04/01/2013 by MPOSSENER

Administrator - Elevation successful

========== filefind ==========

Searching for "*zonealarm*"

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121029.ZoneAlarm-Facebook-Wild-Child1[1].png --a---- 1444419 bytes [21:49 03/01/2013] [21:49 03/01/2013] 0E109D16119ECBFF2196687748C4CF79

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121220.ZoneAlarm-Lost-Personal-Devices1[1].png --a---- 397658 bytes [21:49 03/01/2013] [21:49 03/01/2013] 9A8EA22435FC4F7A7781C7D2BC62CB2C

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE42D1LX\121221.ZoneAlarm-Facebook-Gifts[1].png --a---- 234688 bytes [21:49 03/01/2013] [21:49 03/01/2013] 97097519E3BE76DB3CB6660BD03B46A0

C:\Users\MPOSSENER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV1GJUWR\search_zonealarm_com[1].htm --a---- 9436 bytes [23:17 03/01/2013] [23:17 03/01/2013] 37430B7967410073A16BFB897110B1AF

C:\Users\MPOSSENER\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\ZoneAlarm.log --a---- 278492 bytes [21:46 03/01/2013] [21:46 03/01/2013] 3F082BAC3FBB8F4EA44113E828EC355B

C:\Users\MPOSSENER\AppData\Roaming\Microsoft\Office\Recent\remove ZoneAlarm.LNK --a---- 1102 bytes [23:54 24/12/2012] [23:56 03/01/2013] 3E5CCBD7B86074889A9454BC11B6028E

C:\Users\MPOSSENER\AppData\Roaming\Microsoft\Windows\Recent\remove ZoneAlarm.lnk --a---- 2593 bytes [23:54 24/12/2012] [23:56 03/01/2013] FB6F9A96856DF0BFB17DD6C43EF95743

C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc --a---- 28160 bytes [00:18 03/12/2012] [20:40 26/12/2012] B612838A00397F43103B29810FC99E62

Searching for "*checkpoint*"

No files found.

========== folderfind ==========

Searching for "*zonealarm*"

C:\Users\MPOSSENER\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm d------ [21:25 03/01/2013]

C:\Users\MPOSSENER\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar d------ [21:46 03/01/2013]

Searching for "*checkpoint*"

C:\ProgramData\CheckPoint d------ [21:22 03/01/2013]

C:\Users\All Users\CheckPoint d------ [21:22 03/01/2013]

C:\Users\MPOSSENER\AppData\Roaming\CheckPoint d------ [21:46 03/01/2013]

C:\_OTL\MovedFiles\12192012_104913\C_Program Files (x86)\CheckPoint d------ [19:52 31/07/2012]

========== regfind ==========

Searching for "zonealarm"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"DisplayName"="Search By ZoneAlarm"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"URL"="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116244659838270-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ea4e98ba000000000000ec55f92d1c69&q={searchTerms}&r=716"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"OSDFileURL"="file:///C:/Users/MPOSSE~1/AppData/Local/Temp/Check%20Point%20Software%20Technologies%20LTD/zonealarm/1.6.7.4/zonealarm.xml"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"FaviconURL"="http://search.zonealarm.com/favicon.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url4"="http://www.zonealarm.com/"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 1"="[F00000000][T01CDEA0E04E439C0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\CheckPoint\ZoneAlarm\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\CheckPoint\ZoneAlarm\Help\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\zonealarm_base_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]

"Description"="ZoneAlarm LTD Toolbar Api"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]

"Product"="ZoneAlarm LTD Toolbar"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"DisplayName"="Search By ZoneAlarm"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"URL"="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116244659838270-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=ea4e98ba000000000000ec55f92d1c69&q={searchTerms}&r=716"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"OSDFileURL"="file:///C:/Users/MPOSSE~1/AppData/Local/Temp/Check%20Point%20Software%20Technologies%20LTD/zonealarm/1.6.7.4/zonealarm.xml"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F05AA7F-234C-4481-AC7B-767B4FDCB12B}]

"FaviconURL"="http://search.zonealarm.com/favicon.ico"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url4"="http://www.zonealarm.com/"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Office\14.0\Word\File MRU]

"Item 1"="[F00000000][T01CDEA0E04E439C0][O00000000]*C:\Users\MPOSSENER\Documents\remove ZoneAlarm.doc"

Searching for "checkpoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url22"="http://users/All%20Users/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]

"url23"="http://users/AllUsers/CheckPoint"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\CheckPoint\ZoneAlarm\Logs\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\CheckPoint\ZoneAlarm\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\CheckPoint\ZoneAlarm\Help\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]

"CheckPointSignature"="32bf89d3-705a-434d-a963-7c7a31043efc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]

"Path"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url22"="http://users/All%20Users/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Internet Explorer\TypedURLs]

"url23"="http://users/AllUsers/CheckPoint"

[HKEY_USERS\S-1-5-21-1995658937-3148030641-3140236263-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]

"h"="C:\ProgramData\CheckPoint\1"

-= EOF =-

Share this post


Link to post
Share on other sites

The thing is that if hypothetically there was a problem with the uninstaller and then uninstaller missed some files and folders, then with a re-implementation process they will be cleaned.

My suggestion is to contact ZoneAlarm Support team:

http://www.zonealarm.com/security/en-us/support/zonealarm-service-support.htm#

Give them the link from this thread and explain that we already uninstall their program. Then we used their cleaner for leftovers and still have some leftovers from the program.

Share this post


Link to post
Share on other sites

I suspect that the ZoneAlarm Support team will not be very interested in helping me to uninstall their product! The question really is does it matter if there are some leftovers from their program? Can I just leave them on my computer and forget them or will they cause trouble?

Share this post


Link to post
Share on other sites

Every signle installed program left some leftovers. One of them more, another less, but there is no chance to not leave any leftovers.

There is no problem to proceed with these.

Share this post


Link to post
Share on other sites

OK. I shall leave it there and let you know if there are any problems. Thank you very much for your help again.

Share this post


Link to post
Share on other sites

Glad I could help! :)

Please run OTL and click on CleanUp button. Next, manually delete Junkware Removal Tool and SecurityCheck.

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.