Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZA found backdoor.win32.androm.bmne


  • This topic is locked This topic is locked
10 replies to this topic

#1 kip123

kip123

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 04 February 2014 - 04:17 PM

ZA found backdoor.win32.androm.bmne - posted in Forum "Am I infected?". Was instructed to download DSS and post log here. Unfortunately I am unable to run DSS due to error message that the file is not compatible with my Windows version (Windows 7 Home, 64-bit).



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 04 February 2014 - 04:26 PM

Hi,

 

ZA found backdoor.win32.androm.bmne

Can you please post up the complete report of it (with filename and full path).

 

And give FRST a shot:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by aharonov, 04 February 2014 - 04:27 PM.


#3 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 04 February 2014 - 07:42 PM

unable to post. pages freezes. will try from non-infected machine......ZA log too long to post.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by KIP (administrator) on ONSCREENOFFICE on 04-02-2014 16:07:31
Running from C:\Users\KIP.OnscreenOffice\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(SonicWALL, Inc.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nitro PDF) C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nitro PDF) C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe
(Nitro PDF) C:\Program Files (x86)\Nitro\Pro 8\Nitro_PIPAssistant.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3037296 2011-05-06] (VIA)
HKLM-x32\...\Run: [RunAIShell] - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-426381243-3783371907-2229632007-1004\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-426381243-3783371907-2229632007-1004\...\Run: [Dashlane] - C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\Dashlane.exe [277688 2014-01-07] ()
Startup: C:\Users\KIP.OnscreenOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Onscreen Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6575DAE0C81BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - PackageTracer - {ff343558-d5a5-454a-bdd8-c5c81e179fed} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Google Docs) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-05]
CHR Extension: (Google Drive) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-05]
CHR Extension: (YouTube) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-05]
CHR Extension: (Google Search) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-05]
CHR Extension: (TOEFL 1200 Words in 30 Days) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jedheaebdffklhgodepimamapjcjhgfl [2013-08-16]
CHR Extension: (Dashlane) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\KIP.OnscreenOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-05]
CHR HKCU\...\Chrome\Extension: [mkjojgglmmcghgaiknnpgjgldgaocjfd] - C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Chrome_Extension\kwift.crx [2014-01-07]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-28] (Advanced Micro Devices, Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R0 23451690; C:\Windows\System32\DRIVERS\23451690.sys [460888 2013-12-03] (Kaspersky Lab ZAO)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-26] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-11-20] (AVG Technologies)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-15] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-17] (Kaspersky Lab ZAO)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34048 2013-03-13] (Citrix Systems, Inc.)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [143872 2008-03-27] (Mars Semiconductor Corp.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-04 16:07 - 2014-02-04 16:08 - 00021903 _____ () C:\Users\KIP.OnscreenOffice\Desktop\FRST.txt
2014-02-04 16:03 - 2014-02-04 16:03 - 02080256 _____ (Farbar) C:\Users\KIP.OnscreenOffice\Downloads\FRST64.exe
2014-02-04 16:03 - 2014-02-04 16:03 - 02080256 _____ (Farbar) C:\Users\KIP.OnscreenOffice\Desktop\FRST64.exe
2014-02-04 13:23 - 2014-02-04 13:23 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Downloads\dds (1).com
2014-02-04 13:18 - 2014-02-04 13:18 - 00001631 _____ () C:\Users\KIP.OnscreenOffice\Desktop\v5.0 NSHP CECPV Calculator.lnk
2014-02-04 13:18 - 2014-02-04 13:18 - 00000000 ____D () C:\CECPV50
2014-02-04 11:53 - 2014-02-04 11:53 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Desktop\dds (1).com
2014-02-04 11:50 - 2014-02-04 11:50 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Downloads\dds.com
2014-02-03 17:42 - 2014-02-03 17:42 - 00035152 _____ () C:\Users\KIP.OnscreenOffice\Downloads\AlphaDelta Document Index_1-29-14.xlsx
2014-02-03 16:25 - 2014-02-03 16:25 - 00000922 _____ () C:\Users\Public\Desktop\AutoDWG DWG2PDF Converter 2013.lnk
2014-02-03 16:25 - 2014-02-03 16:25 - 00000000 ____D () C:\Users\KIP~1~ONS
2014-02-03 16:25 - 2005-10-25 19:17 - 03194880 _____ () C:\windows\SysWOW64\gsdll321.dll
2014-02-03 16:25 - 2002-11-21 22:13 - 03907640 _____ () C:\windows\SysWOW64\gsdll32.dll
2014-02-03 16:24 - 2014-02-03 16:24 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\AutoDWG
2014-02-03 16:19 - 2014-02-03 16:25 - 00000000 ____D () C:\windows\SysWOW64\shxfont
2014-02-03 16:19 - 2014-02-03 16:25 - 00000000 ____D () C:\windows\SysWOW64\ps
2014-02-03 16:19 - 2014-02-03 16:25 - 00000000 ____D () C:\Program Files (x86)\AutoDWG
2014-02-03 16:19 - 2014-02-03 16:19 - 00000956 _____ () C:\Users\Public\Desktop\DWGSee Pro 2013.lnk
2014-02-03 16:19 - 2014-02-03 16:19 - 00000030 _____ () C:\windows\DWGSeePro.INI
2014-02-03 16:15 - 2014-02-03 16:19 - 22987152 _____ (AutoDWG) C:\Users\KIP.OnscreenOffice\Downloads\DWG2PDF2013.exe
2014-02-03 16:13 - 2014-02-03 16:16 - 20361704 _____ (Acresso Software Inc. ) C:\Users\KIP.OnscreenOffice\Downloads\DWGSeePro2013.exe
2014-02-03 16:12 - 2014-02-03 16:14 - 00402294 _____ () C:\Users\KIP.OnscreenOffice\Downloads\SoftonicDownloader_for_free-dwg-viewer.exe
2014-02-03 10:23 - 2014-02-03 10:24 - 00000022 _____ () C:\Users\KIP.OnscreenOffice\Downloads\filechck_7_3_6.zip
2014-02-03 09:43 - 2014-02-03 09:43 - 01905915 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Documents.zip
2014-02-03 09:29 - 2014-02-03 09:29 - 00185800 _____ (Лаборатория Касперского) C:\Users\KIP.OnscreenOffice\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-31 15:34 - 2014-01-31 15:36 - 87327510 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Don’t Get Burned. Learn About New Fire Code (UL 1703) Requirements and Compliance Options 1-31-14, 11.00 AM.mov
2014-01-31 10:55 - 2014-02-04 15:34 - 00000610 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004.job
2014-01-31 10:55 - 2014-01-31 10:55 - 00003644 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004
2014-01-31 09:54 - 2014-01-31 09:55 - 17557408 _____ (Barnes & Noble, Inc.) C:\Users\KIP.OnscreenOffice\Downloads\bndr2_setup_latest.exe
2014-01-31 08:41 - 2014-01-31 08:41 - 00018257 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (27).qbo
2014-01-31 08:37 - 2014-01-31 08:37 - 00002255 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (26).qbo
2014-01-31 08:37 - 2014-01-31 08:37 - 00000981 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (4).qbo
2014-01-31 08:36 - 2014-01-31 08:36 - 00012751 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (25).qbo
2014-01-30 15:38 - 2014-01-30 15:38 - 00003073 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Don-t Get Burned. Learn About New Fire Code (UL 1703) Requirements and Compliance Options.ics
2014-01-30 11:43 - 2014-01-30 11:43 - 00053248 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Bronze SD.xls
2014-01-30 11:16 - 2014-01-30 11:16 - 00001640 _____ () C:\Users\KIP.OnscreenOffice\Downloads\BillHistory (1).csv
2014-01-30 11:13 - 2014-01-30 11:13 - 00001149 _____ () C:\Users\KIP.OnscreenOffice\Downloads\BillHistory.csv
2014-01-29 21:35 - 2014-01-29 21:35 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 21:34 - 2014-01-29 21:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 21:34 - 2014-01-29 21:35 - 00000000 ____D () C:\Program Files\iTunes
2014-01-29 21:34 - 2014-01-29 21:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-29 21:34 - 2014-01-29 21:34 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 12:08 - 2014-01-29 12:08 - 00002120 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (24).qbo
2014-01-29 12:08 - 2014-01-29 12:08 - 00000981 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (3).qbo
2014-01-29 11:56 - 2014-01-29 11:56 - 00016081 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (23).qbo
2014-01-29 10:11 - 2014-01-29 10:11 - 02470578 _____ () C:\Users\KIP.OnscreenOffice\Downloads\GAET (1).zip
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-01-28 16:04 - 2014-01-28 16:13 - 00000000 ____D () C:\1099 Misc - Excel Upload
2014-01-28 16:02 - 2014-01-28 16:02 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Downloaded Installations
2014-01-28 16:00 - 2014-01-28 16:00 - 10730223 _____ () C:\Users\KIP.OnscreenOffice\Downloads\1099 Misc Excel-Upload.zip
2014-01-28 11:50 - 2014-01-28 11:50 - 00006144 _____ () C:\Users\KIP.OnscreenOffice\Downloads\DocumentListExport.xls
2014-01-28 11:35 - 2014-01-28 11:36 - 55915216 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-28 11:35 - 2014-01-28 11:36 - 24859352 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-28 11:35 - 2014-01-28 11:35 - 01005568 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\dotNetFx45_Full_setup.exe
2014-01-28 10:55 - 2014-01-28 10:55 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\ProcAlyzer Dumps
2014-01-27 17:45 - 2014-01-27 17:45 - 00009166 _____ () C:\Users\KIP.OnscreenOffice\Desktop\PV Clients.xlsm
2014-01-27 16:45 - 2014-01-27 16:45 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-01-27 16:43 - 2014-01-28 08:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-27 16:43 - 2014-01-27 16:43 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-27 16:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-01-27 15:23 - 2014-01-27 15:24 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\KIP.OnscreenOffice\Downloads\spybot-2.2.exe
2014-01-27 14:35 - 2014-01-27 14:35 - 00011808 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (22).qbo
2014-01-27 14:24 - 2014-01-27 14:24 - 00011808 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (21).qbo
2014-01-27 08:27 - 2014-01-27 08:33 - 07508364 _____ () C:\Users\KIP.OnscreenOffice\Downloads\CECPV4_1.msi
2014-01-27 08:26 - 2014-01-27 08:27 - 08264704 _____ () C:\Users\KIP.OnscreenOffice\Downloads\CECPV5_0.msi
2014-01-26 12:01 - 2014-01-26 12:01 - 00021432 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Essentials_Checking.csv
2014-01-26 12:00 - 2014-01-26 12:00 - 00004266 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Onscreen_Business_Essentials_Checking (1).qbo
2014-01-25 14:35 - 2014-01-25 14:35 - 00001785 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (20).qbo
2014-01-25 14:32 - 2014-01-25 14:32 - 00006302 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (19).qbo
2014-01-24 19:03 - 2014-01-24 19:03 - 00000396 _____ () C:\Users\KIP.OnscreenOffice\Downloads\solar_estimate_leads_20140124.csv
2014-01-24 09:40 - 2014-01-24 09:40 - 00010427 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (18).qbo
2014-01-23 15:29 - 2014-01-23 15:31 - 126709834 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Poseidon (Alethea Solar IV, LLC) (PJM# W2-050).zip
2014-01-22 12:37 - 2014-01-31 15:59 - 00015360 _____ () C:\Users\KIP.OnscreenOffice\Documents\InfoSheet.xlsx
2014-01-21 15:45 - 2014-01-21 15:45 - 00060083 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Project Contacts.xlsx
2014-01-21 09:22 - 2014-01-21 09:22 - 00000980 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (2).qbo
2014-01-21 09:21 - 2014-01-21 09:21 - 00001483 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (17).qbo
2014-01-21 09:05 - 2014-01-21 09:05 - 00006332 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (16).qbo
2014-01-20 07:42 - 2014-01-20 07:42 - 00011291 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (15).qbo
2014-01-16 15:32 - 2014-01-16 15:32 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-01-16 15:32 - 2014-01-16 15:32 - 00000000 ____D () C:\Program Files\Java
2014-01-16 14:28 - 2014-01-16 14:28 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Macromedia
2014-01-16 10:08 - 2014-01-16 10:08 - 00006492 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (14).qbo
2014-01-16 09:54 - 2014-01-16 09:55 - 85923441 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Leaf Cali FIT 2013.zip
2014-01-15 17:11 - 2014-01-15 17:11 - 00156373 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Essentials_Checking.qbo
2014-01-15 09:37 - 2014-01-15 09:37 - 00001470 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (13).qbo
2014-01-15 09:28 - 2014-01-15 09:28 - 00009394 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (12).qbo
2014-01-15 09:28 - 2014-01-15 09:28 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-15 09:02 - 2014-01-15 09:03 - 29406136 _____ (SUPERAntiSpyware) C:\Users\KIP.OnscreenOffice\Downloads\SUPERAntiSpyware (2).exe
2014-01-14 21:10 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-14 21:10 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-14 21:10 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-14 21:09 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-14 17:52 - 2014-01-14 17:52 - 00001470 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (11).qbo
2014-01-14 17:51 - 2014-01-14 17:51 - 00007987 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (10).qbo
2014-01-13 13:01 - 2014-01-13 13:01 - 00005784 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (8).qbo
2014-01-13 13:01 - 2014-01-13 13:01 - 00001001 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (9).qbo
2014-01-13 13:01 - 2014-01-13 13:01 - 00000980 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (1).qbo
2014-01-10 19:29 - 2014-01-10 19:29 - 21492248 _____ (SUPERAntiSpyware.com) C:\Users\KIP.OnscreenOffice\Downloads\SUPERAntiSpywarePro.exe
2014-01-10 17:50 - 2014-01-10 17:50 - 00247289 _____ () C:\Users\KIP.OnscreenOffice\Downloads\revit-mono-260-265-270.zip
2014-01-09 16:37 - 2014-01-09 16:37 - 00004484 _____ () C:\Users\KIP.OnscreenOffice\Downloads\downloadDetails (9).cfm
2014-01-09 11:13 - 2014-01-09 11:13 - 00001138 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings.qbo
2014-01-09 11:13 - 2014-01-09 11:13 - 00000960 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (7).qbo
2014-01-09 11:12 - 2014-01-09 11:12 - 00003556 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (6).qbo
2014-01-08 08:29 - 2014-01-08 08:29 - 00002869 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (5).qbo
2014-01-07 09:17 - 2014-01-07 09:17 - 00003547 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (4).qbo
 
==================== One Month Modified Files and Folders =======
 
2014-02-04 16:08 - 2014-02-04 16:07 - 00021903 _____ () C:\Users\KIP.OnscreenOffice\Desktop\FRST.txt
2014-02-04 16:07 - 2013-12-10 08:20 - 00000000 ____D () C:\FRST
2014-02-04 16:03 - 2014-02-04 16:03 - 02080256 _____ (Farbar) C:\Users\KIP.OnscreenOffice\Downloads\FRST64.exe
2014-02-04 16:03 - 2014-02-04 16:03 - 02080256 _____ (Farbar) C:\Users\KIP.OnscreenOffice\Desktop\FRST64.exe
2014-02-04 15:53 - 2012-05-09 08:24 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 15:53 - 2012-05-09 08:24 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 15:53 - 2012-05-09 08:24 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 15:53 - 2011-11-16 15:34 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 15:45 - 2013-07-09 08:57 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\Outlook Files
2014-02-04 15:34 - 2014-01-31 10:55 - 00000610 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004.job
2014-02-04 15:27 - 2012-06-03 05:18 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 15:27 - 2012-06-03 05:17 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 13:23 - 2014-02-04 13:23 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Downloads\dds (1).com
2014-02-04 13:18 - 2014-02-04 13:18 - 00001631 _____ () C:\Users\KIP.OnscreenOffice\Desktop\v5.0 NSHP CECPV Calculator.lnk
2014-02-04 13:18 - 2014-02-04 13:18 - 00000000 ____D () C:\CECPV50
2014-02-04 13:02 - 2013-07-12 11:37 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Nitro PDF
2014-02-04 12:04 - 2009-07-13 20:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 12:04 - 2009-07-13 20:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 11:53 - 2014-02-04 11:53 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Desktop\dds (1).com
2014-02-04 11:50 - 2014-02-04 11:50 - 00689196 _____ () C:\Users\KIP.OnscreenOffice\Downloads\dds.com
2014-02-04 10:33 - 2013-07-05 17:27 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dropbox
2014-02-04 09:38 - 2013-12-26 17:38 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\Onscreen
2014-02-04 09:38 - 2013-08-24 16:41 - 00000000 ____D () C:\windows\pss
2014-02-04 09:38 - 2013-07-05 17:23 - 00000000 ___RD () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-04 01:53 - 2012-04-08 05:46 - 01593949 _____ () C:\windows\WindowsUpdate.log
2014-02-03 20:49 - 2013-07-05 17:31 - 00000000 ___RD () C:\Users\KIP.OnscreenOffice\Dropbox
2014-02-03 17:42 - 2014-02-03 17:42 - 00035152 _____ () C:\Users\KIP.OnscreenOffice\Downloads\AlphaDelta Document Index_1-29-14.xlsx
2014-02-03 16:25 - 2014-02-03 16:25 - 00000922 _____ () C:\Users\Public\Desktop\AutoDWG DWG2PDF Converter 2013.lnk
2014-02-03 16:25 - 2014-02-03 16:25 - 00000000 ____D () C:\Users\KIP~1~ONS
2014-02-03 16:25 - 2014-02-03 16:19 - 00000000 ____D () C:\windows\SysWOW64\shxfont
2014-02-03 16:25 - 2014-02-03 16:19 - 00000000 ____D () C:\windows\SysWOW64\ps
2014-02-03 16:25 - 2014-02-03 16:19 - 00000000 ____D () C:\Program Files (x86)\AutoDWG
2014-02-03 16:25 - 2011-11-16 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-03 16:24 - 2014-02-03 16:24 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\AutoDWG
2014-02-03 16:19 - 2014-02-03 16:19 - 00000956 _____ () C:\Users\Public\Desktop\DWGSee Pro 2013.lnk
2014-02-03 16:19 - 2014-02-03 16:19 - 00000030 _____ () C:\windows\DWGSeePro.INI
2014-02-03 16:19 - 2014-02-03 16:15 - 22987152 _____ (AutoDWG) C:\Users\KIP.OnscreenOffice\Downloads\DWG2PDF2013.exe
2014-02-03 16:16 - 2014-02-03 16:13 - 20361704 _____ (Acresso Software Inc. ) C:\Users\KIP.OnscreenOffice\Downloads\DWGSeePro2013.exe
2014-02-03 16:14 - 2014-02-03 16:12 - 00402294 _____ () C:\Users\KIP.OnscreenOffice\Downloads\SoftonicDownloader_for_free-dwg-viewer.exe
2014-02-03 10:24 - 2014-02-03 10:23 - 00000022 _____ () C:\Users\KIP.OnscreenOffice\Downloads\filechck_7_3_6.zip
2014-02-03 09:43 - 2014-02-03 09:43 - 01905915 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Documents.zip
2014-02-03 09:29 - 2014-02-03 09:29 - 00185800 _____ (Лаборатория Касперского) C:\Users\KIP.OnscreenOffice\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-31 15:59 - 2014-01-22 12:37 - 00015360 _____ () C:\Users\KIP.OnscreenOffice\Documents\InfoSheet.xlsx
2014-01-31 15:36 - 2014-01-31 15:34 - 87327510 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Don’t Get Burned. Learn About New Fire Code (UL 1703) Requirements and Compliance Options 1-31-14, 11.00 AM.mov
2014-01-31 13:40 - 2013-12-30 12:08 - 00006169 ____H () C:\windows\SysWOW64\BTImages.dat
2014-01-31 11:02 - 2013-07-05 17:31 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\DBOX_BU
2014-01-31 10:55 - 2014-01-31 10:55 - 00003644 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004
2014-01-31 09:55 - 2014-01-31 09:54 - 17557408 _____ (Barnes & Noble, Inc.) C:\Users\KIP.OnscreenOffice\Downloads\bndr2_setup_latest.exe
2014-01-31 08:41 - 2014-01-31 08:41 - 00018257 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (27).qbo
2014-01-31 08:37 - 2014-01-31 08:37 - 00002255 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (26).qbo
2014-01-31 08:37 - 2014-01-31 08:37 - 00000981 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (4).qbo
2014-01-31 08:36 - 2014-01-31 08:36 - 00012751 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (25).qbo
2014-01-30 15:38 - 2014-01-30 15:38 - 00003073 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Don-t Get Burned. Learn About New Fire Code (UL 1703) Requirements and Compliance Options.ics
2014-01-30 11:43 - 2014-01-30 11:43 - 00053248 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Bronze SD.xls
2014-01-30 11:16 - 2014-01-30 11:16 - 00001640 _____ () C:\Users\KIP.OnscreenOffice\Downloads\BillHistory (1).csv
2014-01-30 11:13 - 2014-01-30 11:13 - 00001149 _____ () C:\Users\KIP.OnscreenOffice\Downloads\BillHistory.csv
2014-01-30 09:07 - 2013-07-20 09:19 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\Energy Projects
2014-01-30 09:00 - 2013-10-15 07:39 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Citrix
2014-01-29 21:35 - 2014-01-29 21:35 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-29 21:35 - 2014-01-29 21:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-29 21:35 - 2014-01-29 21:34 - 00000000 ____D () C:\Program Files\iTunes
2014-01-29 21:35 - 2014-01-29 21:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-29 21:34 - 2014-01-29 21:34 - 00000000 ____D () C:\Program Files\iPod
2014-01-29 12:08 - 2014-01-29 12:08 - 00002120 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (24).qbo
2014-01-29 12:08 - 2014-01-29 12:08 - 00000981 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (3).qbo
2014-01-29 11:56 - 2014-01-29 11:56 - 00016081 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (23).qbo
2014-01-29 11:34 - 2013-08-13 15:09 - 00001966 _____ () C:\Users\Public\Desktop\Nitro Pro 8.lnk
2014-01-29 10:11 - 2014-01-29 10:11 - 02470578 _____ () C:\Users\KIP.OnscreenOffice\Downloads\GAET (1).zip
2014-01-29 08:31 - 2013-06-28 14:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-01-28 16:13 - 2014-01-28 16:04 - 00000000 ____D () C:\1099 Misc - Excel Upload
2014-01-28 16:02 - 2014-01-28 16:02 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Downloaded Installations
2014-01-28 16:00 - 2014-01-28 16:00 - 10730223 _____ () C:\Users\KIP.OnscreenOffice\Downloads\1099 Misc Excel-Upload.zip
2014-01-28 11:50 - 2014-01-28 11:50 - 00006144 _____ () C:\Users\KIP.OnscreenOffice\Downloads\DocumentListExport.xls
2014-01-28 11:37 - 2013-12-11 03:08 - 00009285 _____ () C:\windows\IE11_main.log
2014-01-28 11:36 - 2014-01-28 11:35 - 55915216 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-28 11:36 - 2014-01-28 11:35 - 24859352 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-28 11:35 - 2014-01-28 11:35 - 01005568 _____ (Microsoft Corporation) C:\Users\KIP.OnscreenOffice\Downloads\dotNetFx45_Full_setup.exe
2014-01-28 10:55 - 2014-01-28 10:55 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\ProcAlyzer Dumps
2014-01-28 10:31 - 2013-07-01 18:33 - 00016279 _____ () C:\windows\setupact.log
2014-01-28 10:31 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-01-28 09:24 - 2013-09-04 13:31 - 00000000 ____D () C:\ProgramData\Apple
2014-01-28 08:10 - 2014-01-27 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-27 17:45 - 2014-01-27 17:45 - 00009166 _____ () C:\Users\KIP.OnscreenOffice\Desktop\PV Clients.xlsm
2014-01-27 16:45 - 2014-01-27 16:45 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-01-27 16:43 - 2014-01-27 16:43 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-27 15:24 - 2014-01-27 15:23 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\KIP.OnscreenOffice\Downloads\spybot-2.2.exe
2014-01-27 14:35 - 2014-01-27 14:35 - 00011808 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (22).qbo
2014-01-27 14:24 - 2014-01-27 14:24 - 00011808 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (21).qbo
2014-01-27 08:33 - 2014-01-27 08:27 - 07508364 _____ () C:\Users\KIP.OnscreenOffice\Downloads\CECPV4_1.msi
2014-01-27 08:27 - 2014-01-27 08:26 - 08264704 _____ () C:\Users\KIP.OnscreenOffice\Downloads\CECPV5_0.msi
2014-01-26 12:01 - 2014-01-26 12:01 - 00021432 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Essentials_Checking.csv
2014-01-26 12:00 - 2014-01-26 12:00 - 00004266 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Onscreen_Business_Essentials_Checking (1).qbo
2014-01-26 11:56 - 2013-11-12 12:24 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\Documents\Money Matters
2014-01-25 14:35 - 2014-01-25 14:35 - 00001785 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (20).qbo
2014-01-25 14:32 - 2014-01-25 14:32 - 00006302 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (19).qbo
2014-01-24 19:03 - 2014-01-24 19:03 - 00000396 _____ () C:\Users\KIP.OnscreenOffice\Downloads\solar_estimate_leads_20140124.csv
2014-01-24 09:40 - 2014-01-24 09:40 - 00010427 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (18).qbo
2014-01-23 15:31 - 2014-01-23 15:29 - 126709834 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Poseidon (Alethea Solar IV, LLC) (PJM# W2-050).zip
2014-01-22 18:33 - 2012-12-18 17:34 - 00001057 _____ () C:\Users\Onscreen Office\Desktop\Dropbox.lnk
2014-01-22 18:33 - 2012-12-18 17:34 - 00000000 ___RD () C:\Users\Onscreen Office\Dropbox
2014-01-22 18:33 - 2012-12-18 17:23 - 00000000 ____D () C:\Users\Onscreen Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-22 18:33 - 2012-12-18 17:22 - 00000000 ____D () C:\Users\Onscreen Office\AppData\Roaming\Dropbox
2014-01-22 18:33 - 2012-04-08 05:50 - 00000000 ___RD () C:\Users\Onscreen Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-22 09:34 - 2012-05-29 10:16 - 00000000 ____D () C:\ProgramData\Intuit
2014-01-21 15:45 - 2014-01-21 15:45 - 00060083 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Project Contacts.xlsx
2014-01-21 09:22 - 2014-01-21 09:22 - 00000980 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (2).qbo
2014-01-21 09:21 - 2014-01-21 09:21 - 00001483 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (17).qbo
2014-01-21 09:05 - 2014-01-21 09:05 - 00006332 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (16).qbo
2014-01-20 12:11 - 2009-07-13 21:13 - 00802218 _____ () C:\windows\system32\PerfStringBackup.INI
2014-01-20 07:42 - 2014-01-20 07:42 - 00011291 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (15).qbo
2014-01-16 15:32 - 2014-01-16 15:32 - 00312744 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-01-16 15:32 - 2014-01-16 15:32 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-01-16 15:32 - 2014-01-16 15:32 - 00000000 ____D () C:\Program Files\Java
2014-01-16 14:28 - 2014-01-16 14:28 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Macromedia
2014-01-16 10:08 - 2014-01-16 10:08 - 00006492 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (14).qbo
2014-01-16 09:55 - 2014-01-16 09:54 - 85923441 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Leaf Cali FIT 2013.zip
2014-01-15 17:11 - 2014-01-15 17:11 - 00156373 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Essentials_Checking.qbo
2014-01-15 16:11 - 2013-07-05 17:31 - 00001066 _____ () C:\Users\KIP.OnscreenOffice\Desktop\Dropbox.lnk
2014-01-15 16:11 - 2013-07-05 17:30 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 09:37 - 2014-01-15 09:37 - 00001470 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (13).qbo
2014-01-15 09:29 - 2012-05-17 16:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-15 09:28 - 2014-01-15 09:28 - 00009394 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (12).qbo
2014-01-15 09:28 - 2014-01-15 09:28 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-01-15 09:03 - 2014-01-15 09:02 - 29406136 _____ (SUPERAntiSpyware) C:\Users\KIP.OnscreenOffice\Downloads\SUPERAntiSpyware (2).exe
2014-01-15 03:21 - 2009-07-13 20:45 - 00442792 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-15 03:03 - 2013-08-02 02:00 - 00000000 ____D () C:\windows\system32\MRT
2014-01-14 17:52 - 2014-01-14 17:52 - 00001470 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (11).qbo
2014-01-14 17:51 - 2014-01-14 17:51 - 00007987 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (10).qbo
2014-01-14 11:02 - 2013-12-30 13:57 - 00002066 _____ () C:\Users\KIP.OnscreenOffice\Desktop\Dashlane.lnk
2014-01-14 11:02 - 2013-12-30 13:56 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane
2014-01-14 09:50 - 2013-07-01 18:33 - 00280216 _____ () C:\windows\PFRO.log
2014-01-13 13:01 - 2014-01-13 13:01 - 00005784 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (8).qbo
2014-01-13 13:01 - 2014-01-13 13:01 - 00001001 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (9).qbo
2014-01-13 13:01 - 2014-01-13 13:01 - 00000980 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings (1).qbo
2014-01-10 19:29 - 2014-01-10 19:29 - 21492248 _____ (SUPERAntiSpyware.com) C:\Users\KIP.OnscreenOffice\Downloads\SUPERAntiSpywarePro.exe
2014-01-10 17:50 - 2014-01-10 17:50 - 00247289 _____ () C:\Users\KIP.OnscreenOffice\Downloads\revit-mono-260-265-270.zip
2014-01-10 17:17 - 2013-07-05 17:23 - 00000000 ____D () C:\Users\KIP.OnscreenOffice\AppData\Local\Microsoft Help
2014-01-09 16:37 - 2014-01-09 16:37 - 00004484 _____ () C:\Users\KIP.OnscreenOffice\Downloads\downloadDetails (9).cfm
2014-01-09 11:13 - 2014-01-09 11:13 - 00001138 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Business_Savings.qbo
2014-01-09 11:13 - 2014-01-09 11:13 - 00000960 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (7).qbo
2014-01-09 11:12 - 2014-01-09 11:12 - 00003556 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (6).qbo
2014-01-08 08:29 - 2014-01-08 08:29 - 00002869 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (5).qbo
2014-01-07 09:17 - 2014-01-07 09:17 - 00003547 _____ () C:\Users\KIP.OnscreenOffice\Downloads\Small_Business_Checking (4).qbo
2014-01-06 16:20 - 2012-06-19 17:11 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 00:44
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by KIP at 2014-02-04 16:08:57
Running from C:\Users\KIP.OnscreenOffice\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 
==================== Installed Programs ======================
 
1099 Misc - Excel Upload (x32 Version: 1.0.0 - ComplyRight Distribution Services, Inc.)
1099 Misc - Excel Upload (x32 Version: 1.0.0 - ComplyRight Distribution Services, Inc.) Hidden
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
AI Manager (x32 Version: 1.09.06 - ASUSTeK Computer Inc.)
AI Suite II (x32 Version: 1.01.40 - ASUSTeK Computer Inc.)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0628.2340.40663 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Android USB Driver (x32 Version:  - )
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS Backup Wizard (x32 Version: 1.01.00 - ASUSTeK Computer Inc.)
AsusVibe2.0 (x32 Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43 - Atheros Communications Inc.)
Atheros Ethernet Utility (x32 Version: 1.1.0.9 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
AutoDWG DWG to PDF Converter 2013 (x32 Version:  - )
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J825DW (x32 Version: 1.1.6.0 - Brother Industries, Ltd.)
Brother Product Research and Support Program (x32 Version: 2.1.0.0000 - Brother Industries, Ltd.)
Carbonite (x32 Version: 5.4.7 build 3239 (Jun-13-2013) - Carbonite)
Carbonite Mirror Image (64-bit) (Version: 5.1.13813.2115 - x64) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0628.2340.40663 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden
ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden
Cisco WebEx Meetings (HKCU Version:  - Cisco WebEx LLC)
Citrix Online Launcher (x32 Version: 1.0.168 - Citrix)
ClueFinders® 4th Grade Adventures (x32 Version:  - )
Constant Contact InfoTransfer for QuickBooks (x32 Version: 2.1 - Constant Contact)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKCU Version: 2.3.3.52783 - Dashlane SAS)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Designer 2.0 (x32 Version: 7.9.4 - Fomanu AG)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
DWGSee Pro 2013 (x32 Version: 1.00.2011 - AutoDWG)
EPSON Printer Software (Version:  - SEIKO EPSON Corporation)
FamilySearch Indexing 3.13.1 (x32 Version: 3.13.1 - FamilySearch)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Earth Pro (x32 Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.1.0.1298 (HKCU Version: 6.1.0.1298 - CitrixOnline)
GoToMyPC (x32 Version: 8.0.943 - Citrix Online)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Math Advantage 2002 (x32 Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (x32 Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nitro Pro 8 (Version: 8.5.6.5 - Nitro)
Nitro Reader 3 (Version: 3.5.2.10 - Nitro)
Nuance PaperPort 12 (x32 Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290 - Nuance Communications, Inc)
PackageTracer Toolbar (x32 Version:  - Mindspark Interactive Network)
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software)
QBFC 12.0 (x32 Version: 12.0.0.29 - Intuit Developer Network)
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Contact Sync (x32 Version: 1.13.59 - Intuit)
QuickBooks Pro 2012 (x32 Version: 22.0.4015.2206 - Intuit Inc.)
QuickBooks Pro Timer (x32 Version: 8.00.0000 - )
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
RETScreen (x32 Version: 1.0.1 - Ressources Naturelles Canada)
RETScreen Version 4 (x32 Version: 4.0.14.0 - RETScreen International)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Secunia PSI (3.0.0.9015) (x32 Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Solmetric SunEye (x32 Version: 4.68.6218 - Solmetric Corporation)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (x32 Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (x32 Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (x32 Version:  - LeapFrog)
v5.0 NSHP CECPV Calculator (x32 Version: 5.0.0 - California Energy Commission)
VIA Platform Device Manager (x32 Version: 1.36 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (06/27/2012 6.3.0.48) (Version: 06/27/2012 6.3.0.48 - Citrix Systems)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Software Update (x32 Version:  - )
Yahoo! Toolbar (x32 Version:  - Yahoo! Inc.)
ZoneAlarm Antivirus (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm DataLock (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (x32 Version: 12.0.104.000 - Check Point)
ZoneAlarm Firewall (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD)
 
==================== Restore Points  =========================
 
28-01-2014 22:46:37 Windows Update
29-01-2014 00:02:11 Installed QBFC 12.0.
04-02-2014 00:19:06 Installed DWGSee Pro 2013
04-02-2014 09:51:28 Windows Update
04-02-2014 21:18:28 Installed v5.0 NSHP CECPV Calculator
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2013-12-11 09:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12609EDC-F4E6-452B-A234-041428DA99C5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2660F89D-1D05-4DAD-8DE0-8E30C80EC479} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {337CB1B0-E4C1-499D-ACBB-8310ADF5A836} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {7EAA0D7B-F88D-4B0F-9C55-C1F4323177A1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {A1EB3B03-75E2-43FD-81E6-2751C1C1FC8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {A30621FB-12AB-4C88-A619-0B49E522E9AC} - System32\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004 => C:\Users\KIP.OnscreenOffice\AppData\Local\Citrix\GoToMeeting\1298\g2mupdate.exe [2014-01-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A4A18A1F-6FA8-46E5-8390-E5039C47F9CA} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {D08A5504-50EC-4726-BA04-248E268CE3DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {EEA3333C-AC48-4012-AF9B-81FA95D0906E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F804A1E5-2E05-44C3-9711-3ECECE73369F} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {FCFA3AE0-06F3-4B76-A103-2697D9435142} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-426381243-3783371907-2229632007-1004.job => C:\Users\KIP.OnscreenOffice\AppData\Local\Citrix\GoToMeeting\1298\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-02 09:12 - 2011-04-19 17:06 - 00013632 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mlfhook64.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-11-16 15:35 - 2011-05-06 14:12 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-11-16 15:35 - 2011-05-06 14:12 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-11-16 15:35 - 2011-05-06 14:12 - 00621168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-12-02 09:12 - 2011-04-19 17:26 - 00110912 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\crsrpt64.dll
2013-12-02 09:12 - 2011-04-19 17:05 - 00370496 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk64.dll
2013-12-02 09:12 - 2011-04-19 17:01 - 00222528 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu64.dll
2011-06-28 22:02 - 2011-06-28 22:02 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-28 22:38 - 2011-06-28 22:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 00225976 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 00362680 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 00419512 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 28105912 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 00265912 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 04791480 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 04240568 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.3.3.52783.dll
2011-11-16 15:38 - 2014-01-28 10:32 - 00022528 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll
2011-11-16 15:38 - 2010-06-29 02:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll
2013-10-18 15:55 - 2013-10-18 15:55 - 25100288 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dropbox\bin\libcef.dll
2012-10-09 14:41 - 2012-10-09 14:41 - 00074928 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\FDE\fde_api.dll
2013-11-01 12:11 - 2013-11-01 12:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-01-27 16:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-27 16:43 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-27 16:43 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-27 16:43 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-27 16:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 12264120 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 01912504 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.3.3.52783.dll
2014-01-07 06:08 - 2014-01-07 06:08 - 00219832 _____ () C:\Users\KIP.OnscreenOffice\AppData\Roaming\Dashlane\2.3.3.52783\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_NPAPI_exports.2.3.3.52783.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-09 13:15 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-07-09 13:15 - 2012-08-28 10:51 - 00978944 ____N () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
2014-02-03 20:31 - 2014-02-01 15:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 20:31 - 2014-02-01 15:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 20:31 - 2014-02-01 15:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 20:31 - 2014-02-01 15:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 20:31 - 2014-02-01 15:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2013-07-24 20:22 - 2013-07-24 20:22 - 00555016 _____ () C:\Program Files (x86)\Nitro\Pro 8\js32.dll
2013-07-24 20:22 - 2013-07-24 20:22 - 00824840 _____ () C:\Program Files (x86)\Nitro\Pro 8\idrskrn14.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-02-03 20:31 - 2014-02-01 15:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/04/2014 03:56:29 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/04/2014 03:56:29 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/04/2014 03:56:29 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/04/2014 01:01:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.4.7.3239, time stamp: 0x51b98f46
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xc24
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3
 
Error: (02/04/2014 10:45:08 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program TrueVector Service because of this error.
 
Program: TrueVector Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (02/04/2014 10:45:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: vsmon.exe, version: 12.0.104.0, time stamp: 0x526b5ba9
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0x2218
Faulting application start time: 0xvsmon.exe0
Faulting application path: vsmon.exe1
Faulting module path: vsmon.exe2
Report Id: vsmon.exe3
 
Error: (02/04/2014 10:43:13 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
 
Error: (02/04/2014 10:43:13 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (02/04/2014 10:43:13 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\CleanTech2013_06_30.QBW;ENG=QB_data_engine_22;DBN=1b48cbb5df1e4bef8a727a9faca21546
 
Error: (02/04/2014 10:43:13 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection Error:Invalid user ID or password
 
 
System errors:
=============
Error: (02/04/2014 01:02:10 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: 
%%1056
 
Error: (02/04/2014 01:01:10 PM) (Source: Service Control Manager) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/04/2014 10:45:13 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (02/04/2014 10:24:43 AM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/02/2014 00:02:14 AM) (Source: Service Control Manager) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/29/2014 04:54:29 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (01/28/2014 10:34:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (01/28/2014 10:33:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/28/2014 10:29:29 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/27/2014 05:48:42 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-04 16:01:58.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 16:01:58.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 16:01:58.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 16:01:55.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 16:01:55.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 16:01:55.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 10:56:58.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 10:56:58.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 10:56:58.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-04 10:56:56.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 77%
Total physical RAM: 7657.33 MB
Available physical RAM: 1718.22 MB
Total Pagefile: 15312.84 MB
Available Pagefile: 9054.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (WIN7) (Fixed) (Total:372.6 GB) (Free:189.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:544.63 GB) (Free:544.54 GB) NTFS
Drive g: (Virtual CD) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive h: (Mirror Image Drive) (Fixed) (Total:930.83 GB) (Free:664.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6D54B56E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=373 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=545 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================

Edited by kip123, 04 February 2014 - 08:43 PM.


#4 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 04 February 2014 - 10:36 PM

logs are posted above



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 05 February 2014 - 06:12 AM

ZA log too long to post.

I don't need the whole log. Just the part that shows which file (with full path) was identified to be a threat.

#6 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 05 February 2014 - 06:42 PM

Here is the ZA log excerpt:
AV/treatment,2014/02/03,18:57:18 -8:00 GMT,Backdoor.Win32.Androm.bmne,C:\Users\KIP.OnscreenOffice\AppData\Roaming\Thunderbird\Profiles\ssxfjd6q.default\ImapMail\imap.mail.yahoo-1.com\Trash,File Repaired,Manual
,2014/02/03,18:57:18 -8:00 GMT,

Nothing was found in today's scan.

#7 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 09 February 2014 - 05:40 PM

Hi, just politely inquiring whether I'm still in the queue.  It's been 5 days since I posted the requested information.  Thank you for your assistance.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 10 February 2014 - 03:58 AM

Sorry for the delay.
Your antivirus program has found an infected email-attachement only. So this is not a problem at all unless you've opened this attachement.
How is your computer running? Do you experience any symptoms?

#9 kip123

kip123
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 February 2014 - 12:02 PM

Thanks for yr response.  Continue to have symptoms:  1. Unable to update Malwarebytes  - 2. Overall sluggishness - 3. Tried to download Firefox (because Chrome became unresponsive) and received error notice that "file is not compatible with my operating system", same as the error message I received when trying to download DSS.  4. I have to check my Windows Firewall several times a day, because it is being turned off by s.th.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 25 February 2014 - 06:03 AM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 12 March 2014 - 12:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users