Per posting instructions, I'm pasting in the two files OTL.txt and Extras.txt. Ad-Aware keeps finding win32.pup.bandoo(800) even after re-booting, re-Updating. Not found by Malwarebytes or Spybot. No apparent suspicious behavior.
OTL:
OTL logfile created on: 11/30/2011 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and
Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy
2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory |
65.33% Memory free
3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging
File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space
Free | Partition Type: NTFS
Computer Name: JEEVES | User Name: Robert | Logged in as
Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company
Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Robert\Desktop\OTL.exe (OldTimer
Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft
Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft
Limited)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point
Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check
Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point
Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point
Software Technologies LTD)
PRC - C:\Program Files\Fuji Medical
System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical
Systems U.S.A., Inc.)
PRC - C:\Documents and Settings\Robert\Application
Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
(SonicWALL, Inc.)
PRC - C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Carbonite, Inc.)
PRC - C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
(MediaCodec.Org)
PRC - C:\Program Files\Fuji Medical
System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical
Systems U.S.A., Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech,
Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems,
Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems,
Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag
2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag
2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag
2\bin\aDefragService.exe ( )
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
(SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft
Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft
Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative
Technology Ltd)
PRC - C:\WINDOWS\SYSTEM32\ImagecastInterface.exe (IDX Systems
Corporation)
PRC - C:\WINDOWS\SYSTEM32\dlbtcoms.exe (Dell)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO
EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\unrar.dll ()
MOD - C:\Documents and Settings\All Users\Application
Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application
Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application
Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll ()
MOD - C:\Program
Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll ()
MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag
2\bin\defragTaskBar.exe ()
MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag
2\bin\defragActivityMonitor.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTSTRN.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTPCFG.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTUI5C.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTDR5C.DLL ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program
Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn,
Inc.)
SRV - (LMIGuardianSvc) -- C:\Program
Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies LTD)
SRV - (SynapseUpdateSvc) -- C:\Program Files\Fuji Medical
System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical
Systems U.S.A., Inc.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite
Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn,
Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common
Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LBTServ) -- C:\Program Files\Common
Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo
Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) --
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft,
Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN
Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel®
Corporation)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList)
==========
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program
Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
(LogMeIn, Inc.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
(Check Point Software Technologies)
DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point
Software Technologies LTD)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\SYSTEM32\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV - (KLIF) -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (radpms) -- C:\WINDOWS\SYSTEM32\DRIVERS\radpms.sys (LogMeIn,
Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS
(Avanquest Software)
DRV - (FilterService) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys
(Logitech Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) --
C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys ()
DRV - (LMouFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys
(Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys
(Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys (Logitech,
Inc.)
DRV - (ctxusbm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys (Citrix
Systems, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys
(LogMeIn, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch,
Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn,
Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys
(RealNetworks, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\SIODRV.SYS (Intel
Corporation)
DRV - (SMBios) Intel ® -- C:\WINDOWS\SYSTEM32\DRIVERS\SMBios.sys
(Intel Corporation)
DRV - (RCFOX) -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS (SonicWALL,
Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel®
Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel®
Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel®
Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel®
Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel®
Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel®
Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel®
Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel®
Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel®
Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel®
Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI
Technologies Inc.)
DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic
Networks, Inc.)
DRV - (ZSMC302) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvm302.sys (VM)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel
Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel
Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel
Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel
Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (rcvpn) -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys (SonicWALL,
Inc.)
DRV - (TBU11) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbu11.sys (Voyetra Turtle
Beach, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer
Corporation)
DRV - (dfrusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\dfrusb.sys (Identix
Incorporated)
DRV - (EPUSBSTOR) -- C:\WINDOWS\SYSTEM32\DRIVERS\epusbsto.sys (SEIKO
EPSON CORPORATION)
DRV - (msloop) -- C:\WINDOWS\SYSTEM32\DRIVERS\loop.sys (Microsoft
Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com
Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS (MK
Systems CO., LTD.)
========== Standard Registry (SafeList)
==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://www.ynhhs-mdlink.com/default.asp?/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore
= https://www.ynhhs-md...m/default.asp?/
IE - HKCU\SOFTWARE\Microsoft\Internet
Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} -
C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} -
C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
(FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyServer" = proxy.med.yale.edu:3128
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program
Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:
C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program
Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll (
Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
FF -
HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835:
C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks,
Inc.)
FF -
HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136:
C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF -
HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847:
C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
(RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=3: C:\Program
Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=9: C:\Program
Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program
Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program
Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google
Update;version=3: C:\Documents and Settings\Robert\Local
Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
(Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google
Update;version=9: C:\Documents and Settings\Robert\Local
Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
(Google Inc.)
FF -
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0493D792-5C92
-440b-81A8-AD6CDFC75212}: C:\Program Files\Yamaha Corporation\Digital
Music Notebook\Common\Bootstrapper\XpCom\ [2010/12/12 04:08:59 |
000,000,000 | ---D | M]
FF -
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3
-449D-B827-DB661701C6BB}: C:\Program
Files\CheckPoint\ZAForceField\TrustChecker [2011/09/08 18:15:16 |
000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
7.0.1\extensions\\Components: C:\Program Files\Mozilla
Firefox\components [2011/11/04 20:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/11/04 20:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird
8.0\extensions\\Components: C:\Program Files\Mozilla
Thunderbird\components [2011/08/17 07:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird
8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/09/14 21:32:29 | 000,000,000 | ---D | M]
[2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Robert\Application
Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/22 13:41:28 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions
[2011/11/22 13:41:20 | 000,000,000 | ---D | M] (ZoneAlarm Security
Suite Community Toolbar) -- C:\Documents and
Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{3ce45c4f-bf
ff-4988-9a3c-a75c1f491319}
[2011/11/22 13:41:28 | 000,000,000 | ---D | M] (Greasemonkey) --
C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{e4a8a97b-f2
ed-450b-b12d-ee082ba24781}
[2011/10/30 19:32:10 | 000,000,000 | ---D | M] ("Xmarks") --
C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\foxmarks@kei
.com
[2011/06/22 21:41:42 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote
Access Plugin) -- C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\LogMeInClien
t@logmein.com
[2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) --
C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\searchtoolba
r@zugo.com
[2009/10/03 10:05:58 | 000,000,000 | ---D | M] (Ancestry.com Advanced
Image Viewer) -- C:\Documents and Settings\Robert\Application
Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\support@ance
stry.com
[2011/10/21 05:32:12 | 000,000,000 | ---D | M] (No name found) --
C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 21:38:30 | 000,000,000 | ---D | M] (Skype extension for
Firefox) -- C:\Program Files\Mozilla
Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/24 20:07:07 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 06:56:41 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 19:23:41 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 06:29:39 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 00:44:53 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 20:56:55 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/21 05:32:14 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/12 21:08:05 | 000,134,104 | ---- | M] (Mozilla Foundation) --
C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.)
-- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.)
-- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.)
-- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.)
-- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems,
Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) --
C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program
Files\mozilla firefox\plugins\npicaN.dll
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program
Files\mozilla firefox\plugins\npRACtrl.dll
[2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program
Files\mozilla firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.)
-- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program
Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.)
-- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation)
-- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2011/10/12 21:08:00 | 000,002,252 | ---- | M] () -- C:\Program
Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url =
{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:
originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:i
nstantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={s
earchTerms}
CHR - default_search_provider: suggest_url =
{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{googl
e:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searc
hTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and
Settings\Robert\Local Settings\Application
Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) =
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program
Files\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program
Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program
Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader
10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program
Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program
Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
(Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library
(Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and
Settings\Robert\Local Settings\Application
Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.d
ll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and
Settings\Robert\Local Settings\Application
Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and
Settings\Robert\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\np
LogitechDeviceDetection.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla
Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program
Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.381
(Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program
Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program
Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Shutterfly Upload Plugin 2.0.4.0 (Enabled) = C:\Program
Files\Mozilla Firefox\plugins\NPUploader.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows
Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows
Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and
Settings\Robert\Local Settings\Application
Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Program
Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program
Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program
Files\Picasa2\npPicasa3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program
Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program
Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) =
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Logitech Device Detection = C:\Documents and
Settings\Robert\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\
O1 HOSTS File: ([2008/11/14 00:55:51 | 000,287,978 | R--- | M]) -
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 Xdrive
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9925 more lines...
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D}
- C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
(FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) -
{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program
Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer
Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) -
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program
Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl
l (Check Point Software Technologies)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} -
C:\Program Files\Search Toolbar\SearchToolbar.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) -
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) -
{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program
Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) -
{9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search
Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) -
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program
Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl
l (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZeroBar) -
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program
Files\NetZero\Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) -
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) -
{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program
Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) -
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program
Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl
l (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) -
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program
Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program
Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA
Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop
Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo
Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [DLBTCATS]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program
Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical
System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical
Systems U.S.A., Inc.)
O4 - HKLM..\Run: [ISW] C:\Program
Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software
Technologies)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program
Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program
Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM
Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows
Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program
Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software
Technologies LTD)
O4 - HKCU..\Run: [MtdAcqu] C:\Program
Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program
Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Robert\Start
Menu\Programs\Startup\Dropbox.lnk = C:\Documents and
Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox,
Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery
present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O9 - Extra Button: Share in Hello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello -
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program
Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in
Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in
Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted
sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in
Trusted sites)
O15 - HKCU\..Trusted Domains: ynhh.org ([citrix] https in Trusted
sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01}
http://site.ebrary.com/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE}
http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft
Script Runner Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0D07C1FF-49FF-49A4-B453-6E067B51F1AE}
https://radpacs.ynhh.org/iSite3_0.cab (ISiteNonVisual Control 3.01)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine
Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001}
https://yalepacs.ynhh.org (Synapse)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}
http://download.zonelabs.com/bin/free/cm/ICSCM.cab (ICSScannerLight
Class)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}
http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.
6.0.6.cab (AOL Pictures Uploader Class)
O16 - DPF: {2EC77245-C97C-4F5E-80D1-9B280C4CD820}
http://download.mailfrontier.com/matador/instmtdr.cab (Reg Error: Key
error.)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}
https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data
Collection Control)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
http://www.pestscan.com/scanner/axscanner.cab
(PPSDKActiveXScanner.MainScreen)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71}
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-9
4901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdate/content/opuc2.cab (Office
Update Installation Engine)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1}
https://www.backup.com/user/webrestore.cab (WRXCtl Class)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}
http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
(Install Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c
lient/muweb_site.cab?1297990860779 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win
32/activex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {734F0ACB-CB01-4426-A8AB-A496C2583A40}
https://idxwebssl.ynhh.org/fuji-idxrad/integration/ICAPI/ImagecastInte
rface.CAB (DesktopSync Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
http://www.pandasoftware.com/activescan/as5/asinst.cab (ActiveScan
Installer Class)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931}
ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP!
Control)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
(Symantec RuFSI Registry Information Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c
ab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c
ab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
(Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
(ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
(Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://fujimed.webex.com/client/T25L/support/ieatgpc.cab (Reg Error:
Key error.)
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC}
http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab (Creative
Product Registration ActiveX Control Module)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
(ActiveDataObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance
Viewer Activex Control)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg
Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
192.168.1.1
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60954C4F-C59A-49
7C-8D75-BDE3EF14B2CA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -
C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common
Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data
{91774881-D725-4E58-B298-07617B9B86A8} - C:\Program
Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe)
-C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common
files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common
Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) -
C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () -
http://swedish-weaving.com/images/smalloom.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} -
C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -
C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] ()
- C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell - "" =
AutoRun
O33 -
MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun - ""
= Auto&Play
O33 -
MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun\comm
and - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days
==========
[2011/11/30 17:05:03 | 000,584,192 | ---- | C] (OldTimer Tools) --
C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/11/26 23:07:23 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Robert\Local Settings\Application Data\Programs
[2011/11/16 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/04 20:06:15 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\Citrix
[2011/11/04 20:05:17 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Robert\Local Settings\Application Data\Citrix
[2010/11/09 08:27:15 | 000,237,568 | ---- | C] ( ) --
C:\WINDOWS\System32\dlbtinsr.dll
[2010/11/09 08:27:15 | 000,110,592 | ---- | C] ( ) --
C:\WINDOWS\System32\dlbtins.dll
[2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) --
C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) --
C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) --
C:\WINDOWS\System32\dlbthbn3.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days
==========
[2011/11/30 17:06:32 | 000,007,542 | ---- | M] () --
C:\WINDOWS\ECCO.CFX
[2011/11/30 17:06:32 | 000,006,068 | ---- | M] () --
C:\WINDOWS\ecco.fdb
[2011/11/30 17:06:27 | 000,000,662 | ---- | M] () --
C:\WINDOWS\dellstat.ini
[2011/11/30 17:04:55 | 000,584,192 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/11/30 17:03:00 | 000,000,982 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21
71021228-1006UA.job
[2011/11/30 16:27:14 | 000,000,886 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () --
C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/30 12:03:06 | 000,000,930 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21
71021228-1006Core.job
[2011/11/30 08:19:35 | 000,000,350 | ---- | M] () --
C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/11/30 08:08:39 | 000,000,486 | ---- | M] () --
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/30 08:03:21 | 000,001,170 | ---- | M] () --
C:\WINDOWS\System32\WPA.DBL
[2011/11/30 08:02:51 | 000,000,882 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 08:02:19 | 2683,359,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 08:02:19 | 000,002,048 | --S- | M] () --
C:\WINDOWS\BOOTSTAT.DAT
[2011/11/28 18:14:04 | 000,434,566 | ---- | M] () --
C:\WINDOWS\System32\PERFH009.DAT
[2011/11/28 18:14:04 | 000,068,470 | ---- | M] () --
C:\WINDOWS\System32\PERFC009.DAT
[2011/11/28 08:38:41 | 000,537,965 | ---- | M] () --
C:\WINDOWS\ecco.alm
[2011/11/26 08:46:27 | 000,414,368 | ---- | M] (Adobe Systems
Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/25 20:52:55 | 000,000,064 | ---- | M] () --
C:\WINDOWS\System32\rp_stats.dat
[2011/11/25 20:52:55 | 000,000,044 | ---- | M] () --
C:\WINDOWS\System32\rp_rules.dat
[2011/11/23 12:01:49 | 000,052,220 | ---- | M] () -- C:\Documents and
Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF
[2011/11/19 00:32:31 | 000,000,831 | ---- | M] () -- C:\Documents and
Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick
Launch\Medical Expenses.lnk
[2011/11/15 18:38:37 | 000,002,271 | ---- | M] () -- C:\Documents and
Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick
Launch\Microsoft Word.lnk
[2011/11/12 19:48:14 | 000,002,259 | ---- | M] () -- C:\Documents and
Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick
Launch\Microsoft Excel.lnk
[2011/11/12 08:14:43 | 000,001,241 | ---- | M] () -- C:\Documents and
Settings\Robert\Desktop\LogMeIn Full Screen.lnk
[2011/11/09 17:38:09 | 000,001,374 | ---- | M] () --
C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name
==========
[2011/11/23 12:01:49 | 000,052,220 | ---- | C] () -- C:\Documents and
Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF
[2011/11/19 00:32:31 | 000,000,831 | ---- | C] () -- C:\Documents and
Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick
Launch\Medical Expenses.lnk
[2011/09/07 10:32:58 | 000,016,432 | ---- | C] () --
C:\WINDOWS\System32\lsdelete.exe
[2011/04/30 22:58:26 | 000,000,064 | ---- | C] () --
C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 22:58:26 | 000,000,044 | ---- | C] () --
C:\WINDOWS\System32\rp_rules.dat
[2010/12/12 20:49:25 | 000,000,033 | ---- | C] () --
C:\WINDOWS\MSFDM.INI
[2010/12/12 04:12:11 | 000,000,622 | ---- | C] () --
C:\WINDOWS\DMN.INI
[2010/11/09 08:30:28 | 000,131,072 | R--- | C] () --
C:\WINDOWS\System32\dlbtsnls.dll
[2010/11/09 08:30:27 | 000,143,360 | R--- | C] () --
C:\WINDOWS\System32\dlbtcoin.dll
[2010/11/09 08:27:15 | 000,294,912 | ---- | C] () --
C:\WINDOWS\System32\dlbtih.exe
[2010/11/09 08:27:15 | 000,040,960 | ---- | C] () --
C:\WINDOWS\System32\dlbtvs.dll
[2010/11/09 08:27:12 | 000,114,688 | ---- | C] () --
C:\WINDOWS\System32\dlbtcur.dll
[2010/11/09 08:27:12 | 000,069,632 | ---- | C] () --
C:\WINDOWS\System32\dlbtcu.dll
[2010/11/09 08:27:05 | 000,573,440 | ---- | C] () --
C:\WINDOWS\System32\dlbtjswr.dll
[2010/11/09 08:26:57 | 000,405,504 | ---- | C] () --
C:\WINDOWS\System32\dlbtutil.dll
[2010/07/14 21:43:34 | 000,000,056 | -H-- | C] () --
C:\WINDOWS\System32\ezsidmv.dat
[2010/07/14 21:22:30 | 000,090,071 | ---- | C] () --
C:\WINDOWS\System32\lvcoinst.ini
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () --
C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () --
C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () --
C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () --
C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () --
C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/25 08:04:02 | 000,000,029 | ---- | C] () --
C:\WINDOWS\atid.ini
[2008/02/28 14:30:08 | 000,462,848 | ---- | C] () --
C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/02/19 23:03:45 | 000,691,545 | ---- | C] () --
C:\WINDOWS\unins000.exe
[2008/02/19 23:03:45 | 000,003,464 | ---- | C] () --
C:\WINDOWS\unins000.dat
[2007/06/30 23:49:27 | 000,049,152 | ---- | C] () --
C:\WINDOWS\amcap.exe
[2007/04/26 13:45:50 | 000,051,304 | ---- | C] () --
C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/18 15:53:36 | 000,001,755 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/04 14:57:10 | 000,055,808 | ---- | C] () --
C:\WINDOWS\System32\zlib1.dll
[2007/01/03 11:57:53 | 000,003,840 | ---- | C] () --
C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/07 22:54:08 | 000,000,002 | ---- | C] () --
C:\WINDOWS\msoffice.ini
[2006/06/17 16:57:53 | 000,007,160 | ---- | C] () --
C:\WINDOWS\mozver.dat
[2006/03/22 17:32:15 | 000,019,968 | ---- | C] () --
C:\WINDOWS\PHCREMOV.EXE
[2006/03/22 17:32:15 | 000,016,384 | R--- | C] () --
C:\WINDOWS\System32\pcl2pdfnt.dll
[2006/03/20 19:24:58 | 000,001,793 | ---- | C] () --
C:\WINDOWS\System32\fxsperf.ini
[2006/02/19 18:35:54 | 000,000,209 | ---- | C] () --
C:\WINDOWS\Brpfx04a.ini
[2006/02/19 18:35:54 | 000,000,092 | ---- | C] () --
C:\WINDOWS\brpcfx.ini
[2006/02/19 18:35:54 | 000,000,052 | ---- | C] () --
C:\WINDOWS\BRPP2KA.INI
[2006/02/19 18:35:54 | 000,000,050 | ---- | C] () --
C:\WINDOWS\System32\BD7220.dat
[2006/02/19 18:35:54 | 000,000,000 | ---- | C] () --
C:\WINDOWS\brwmark.ini
[2006/02/19 18:35:16 | 000,106,496 | ---- | C] () --
C:\WINDOWS\System32\BrMuSNMP.dll
[2006/02/18 17:34:05 | 000,000,039 | ---- | C] () --
C:\WINDOWS\REGPSD20.INI
[2006/02/18 17:33:48 | 000,000,077 | ---- | C] () --
C:\WINDOWS\Viewer.ini
[2006/02/18 17:33:40 | 000,000,454 | ---- | C] () --
C:\WINDOWS\PSDWIN.INI
[2006/02/18 16:50:01 | 000,000,371 | ---- | C] () --
C:\WINDOWS\wmw.ini
[2006/01/18 19:37:22 | 000,000,000 | -H-- | C] () -- C:\Documents and
Settings\Robert\Application Data\L8457789_1
[2006/01/05 18:44:43 | 000,045,056 | ---- | C] () --
C:\WINDOWS\System32\npbdwn32.dll
[2005/10/26 14:59:49 | 000,002,330 | ---- | C] () --
C:\WINDOWS\hpdj5600.ini
[2005/10/09 05:34:09 | 000,000,403 | ---- | C] () --
C:\WINDOWS\musicstr.ini
[2005/10/09 05:28:49 | 000,000,087 | ---- | C] () --
C:\WINDOWS\inst.ini
[2005/10/08 21:00:32 | 000,000,443 | ---- | C] () --
C:\WINDOWS\Musicbox.INI
[2005/10/08 20:04:15 | 000,000,443 | ---- | C] () --
C:\WINDOWS\MUSBOX32.INI
[2005/06/28 19:37:30 | 000,000,662 | ---- | C] () --
C:\WINDOWS\dellstat.ini
[2005/06/28 19:35:03 | 000,176,128 | ---- | C] () --
C:\WINDOWS\System32\dlbtinsb.dll
[2005/06/28 19:35:03 | 000,086,016 | ---- | C] () --
C:\WINDOWS\System32\dlbtcub.dll
[2005/05/30 20:32:30 | 000,003,013 | ---- | C] () --
C:\WINDOWS\System32\ole4lr.dll
[2005/03/22 21:12:52 | 000,184,808 | ---- | C] () -- C:\Documents and
Settings\Robert\Application Data\shb.dat
[2005/02/07 23:46:52 | 000,000,000 | ---- | C] () --
C:\WINDOWS\PezDownload.INI
[2005/02/07 19:45:14 | 000,000,113 | ---- | C] () --
C:\WINDOWS\Picture Easy 3.ini
[2005/02/07 19:45:12 | 000,009,136 | ---- | C] () --
C:\WINDOWS\System32\inetwh16.dll
[2004/12/22 13:34:55 | 000,004,272 | ---- | C] () --
C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/08 22:23:53 | 000,011,776 | ---- | C] () --
C:\WINDOWS\System32\ZPORT4AS.dll
[2004/11/16 20:36:05 | 000,285,216 | ---- | C] () --
C:\WINDOWS\System32\drivers\Onsio.sys
[2004/11/16 20:36:05 | 000,007,680 | ---- | C] () --
C:\WINDOWS\System32\drivers\Onsreged.sys
[2004/08/29 05:04:26 | 000,004,569 | ---- | C] () --
C:\WINDOWS\System32\secupd.dat
[2004/07/02 18:24:15 | 000,795,904 | ---- | C] () --
C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/06/04 20:48:34 | 000,000,607 | ---- | C] () --
C:\WINDOWS\EZAudio_trk.INI
[2004/06/04 18:41:03 | 000,010,240 | ---- | C] () --
C:\WINDOWS\System32\vidx16.dll
[2004/06/04 18:39:54 | 000,000,083 | ---- | C] () --
C:\WINDOWS\magix.ini
[2004/05/01 10:13:29 | 000,000,035 | ---- | C] () --
C:\WINDOWS\Ulead32.INI
[2004/04/26 19:54:07 | 000,023,455 | ---- | C] () --
C:\WINDOWS\cdPlayer.ini
[2004/04/18 00:06:07 | 000,001,998 | ---- | C] () --
C:\WINDOWS\tbs_bna.ini
[2004/04/18 00:06:01 | 000,000,038 | ---- | C] () --
C:\WINDOWS\tbs_job.ini
[2004/04/18 00:06:00 | 000,002,665 | ---- | C] () --
C:\WINDOWS\tbs_quiz.ini
[2004/04/18 00:06:00 | 000,001,072 | ---- | C] () --
C:\WINDOWS\tbs_juke.ini
[2004/04/18 00:06:00 | 000,000,034 | ---- | C] () --
C:\WINDOWS\tbs_tbh.ini
[2004/04/18 00:05:59 | 000,001,159 | ---- | C] () --
C:\WINDOWS\tbs_bows.ini
[2004/04/18 00:05:57 | 000,000,744 | ---- | C] () --
C:\WINDOWS\tbs_ss.ini
[2004/04/18 00:05:55 | 000,000,040 | ---- | C] () --
C:\WINDOWS\tbs_menu.ini
[2004/04/17 05:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VM.INI
[2004/04/17 05:23:50 | 000,004,374 | ---- | C] () --
C:\WINDOWS\WORDACE1.INI
[2004/04/17 05:19:02 | 000,000,280 | ---- | C] () --
C:\WINDOWS\EReg196.dat
[2004/04/15 19:56:57 | 000,000,145 | ---- | C] () --
C:\WINDOWS\System32\EBPPORT3.DAT
[2004/04/13 21:03:51 | 000,001,498 | ---- | C] () --
C:\WINDOWS\genviewer.ini
[2004/04/12 06:48:59 | 000,000,059 | ---- | C] () --
C:\WINDOWS\ECCO.INI
[2004/04/10 19:40:37 | 000,000,064 | ---- | C] () --
C:\WINDOWS\QBWCD.INI
[2004/04/10 19:40:36 | 000,006,472 | ---- | C] () --
C:\WINDOWS\Icoadb32.dat
[2004/04/10 15:56:56 | 000,000,067 | ---- | C] () --
C:\WINDOWS\IDMan.INI
[2004/04/09 18:56:01 | 000,000,482 | ---- | C] () --
C:\WINDOWS\SmtBook.INI
[2004/04/08 21:13:45 | 000,007,168 | ---- | C] () --
C:\WINDOWS\SMTB953X.DLL
[2004/04/08 21:13:45 | 000,002,879 | ---- | C] () --
C:\WINDOWS\BOOKS2X.DLL
[2004/04/08 21:13:45 | 000,001,792 | ---- | C] () --
C:\WINDOWS\SMTBK3X.DLL
[2004/04/07 20:51:30 | 000,000,082 | ---- | C] () --
C:\WINDOWS\MPLAYER.INI
[2004/04/07 20:50:48 | 000,338,944 | ---- | C] () --
C:\WINDOWS\System32\lffpx7.dll
[2004/04/07 20:50:48 | 000,122,880 | ---- | C] () --
C:\WINDOWS\System32\LFKODAK.DLL
[2004/04/07 20:42:43 | 000,028,160 | ---- | C] () -- C:\Documents and
Settings\Robert\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/06 23:16:18 | 000,000,129 | ---- | C] () -- C:\Documents and
Settings\Robert\Local Settings\Application Data\fusioncache.dat
[2004/04/06 22:01:00 | 000,000,092 | ---- | C] () --
C:\WINDOWS\MFPD.INI
[2004/04/06 21:26:30 | 000,000,376 | ---- | C] () --
C:\WINDOWS\ODBC.INI
[2004/04/06 21:11:21 | 000,000,030 | ---- | C] () --
C:\WINDOWS\INTURS.DAT
[2004/04/06 21:08:30 | 000,000,078 | ---- | C] () --
C:\WINDOWS\qwimp.ini
[2004/04/06 21:07:40 | 000,000,165 | ---- | C] () --
C:\WINDOWS\QUICKEN.INI
[2004/04/06 20:49:57 | 000,000,106 | ---- | C] () --
C:\WINDOWS\webica.ini
[2004/04/06 19:18:35 | 000,042,166 | ---- | C] () --
C:\WINDOWS\System32\Datcrt.exe
[2004/04/02 02:41:14 | 000,000,061 | ---- | C] () --
C:\WINDOWS\smscfg.ini
[2004/04/02 02:35:50 | 000,034,864 | ---- | C] () --
C:\WINDOWS\UNWISE.EXE
[2004/04/02 02:32:44 | 000,000,258 | ---- | C] () --
C:\WINDOWS\System32\BDEMERGE.INI
[2004/04/02 02:30:19 | 000,000,335 | ---- | C] () --
C:\WINDOWS\nsreg.dat
[2004/04/02 02:29:37 | 000,000,624 | ---- | C] () --
C:\WINDOWS\wininit.ini
[2004/04/02 02:20:32 | 000,002,048 | --S- | C] () --
C:\WINDOWS\BOOTSTAT.DAT
[2004/04/02 02:19:18 | 000,363,520 | ---- | C] () --
C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 02:18:54 | 000,434,566 | ---- | C] () --
C:\WINDOWS\System32\PERFH009.DAT
[2004/04/02 02:18:54 | 000,068,470 | ---- | C] () --
C:\WINDOWS\System32\PERFC009.DAT
[2004/04/02 02:06:02 | 000,000,550 | ---- | C] () --
C:\WINDOWS\System32\OEMINFO.INI
[2004/01/23 10:05:02 | 000,371,280 | ---- | C] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/23 10:03:50 | 000,000,791 | ---- | C] () --
C:\WINDOWS\ORUN32.INI
[2003/11/20 14:39:58 | 000,000,000 | ---- | C] () --
C:\WINDOWS\System32\px.ini
[2002/09/03 14:35:18 | 000,004,161 | ---- | C] () --
C:\WINDOWS\ODBCINST.INI
[2002/09/03 14:31:48 | 000,021,640 | ---- | C] () --
C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () --
C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () --
C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () --
C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () --
C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () --
C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () --
C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () --
C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () --
C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () --
C:\WINDOWS\System32\NOISE.DAT
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () --
C:\WINDOWS\System32\pcpbios.exe
[2000/09/14 01:03:00 | 000,000,145 | ---- | C] () --
C:\WINDOWS\System32\EBPPORT.DAT
[1999/08/05 15:07:42 | 000,313,344 | ---- | C] () --
C:\WINDOWS\WF6REMOV.EXE
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () --
C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () --
C:\WINDOWS\System32\sysres.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () --
C:\WINDOWS\System32\e100bmsg.dll
========== LOP Check ==========
[2008/10/18 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Ashampoo
[2008/10/17 19:38:31 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Carbonite
[2011/09/08 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\CheckPoint
[2011/11/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Citrix
[2009/11/07 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Kaspersky SDK
[2011/11/30 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\LogMeIn
[2007/11/30 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\MailFrontier
[2007/01/07 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Napster
[2005/04/02 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\NETg
[2004/04/16 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\OLYMPUS
[2010/12/04 11:46:34 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Open Window Software
[2010/03/13 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\SupportSoft
[2007/06/27 22:32:25 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\TEMP
[2011/03/13 08:45:56 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Transparent
[2006/03/19 00:04:38 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Viewpoint
[2007/01/27 22:27:23 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\YAHOO
[2008/01/04 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\YAMAHA
[2010/12/12 04:08:44 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Yamaha Corporation
[2011/03/13 08:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and
Settings\All Users\Application
Data\{171E062A-F0D3-40F6-9A2F-10C4987C1939}
[2011/03/13 08:47:03 | 000,000,000 | -H-D | M] -- C:\Documents and
Settings\All Users\Application
Data\{AFF419FB-6682-4A74-AA85-F3CE495D0346}
[2006/03/19 00:04:49 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Aim
[2007/05/05 16:12:53 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Anix Software
[2009/11/07 10:44:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\CheckPoint
[2004/09/24 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\DMCache
[2011/11/30 16:04:01 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Dropbox
[2010/09/18 19:42:59 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\ElevatedDiagnostics
[2008/05/18 16:52:18 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Flickr
[2004/08/23 18:18:52 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\FTW
[2009/10/02 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\genline
[2011/11/04 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\ICAClient
[2009/07/20 17:28:03 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Image Zone Express
[2007/05/31 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\JAM Software
[2004/04/06 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Leadertech
[2004/10/08 19:55:58 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Learn2.com
[2010/07/12 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\MailFrontier
[2005/09/23 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\MyFamily.com
[2004/04/17 11:53:51 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\MyKey
[2006/04/16 17:08:51 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Ofoto
[2004/04/09 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Qualcomm
[2007/01/04 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\ScanSoft
[2006/04/02 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Serif
[2007/08/12 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Snapfish
[2011/11/28 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Spotify
[2010/07/04 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Thunderbird
[2009/10/25 17:46:02 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\W Photo Studio Viewer
[2007/01/04 15:06:11 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Robert\Application Data\Xdrive
[2011/11/30 08:08:39 | 000,000,486 | ---- | M] () --
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () --
C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/30 08:19:35 | 000,000,350 | ---- | M] () --
C:\WINDOWS\Tasks\Windows Codec Update Service.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:333B9FFC
< End of report >
Extras.txt:
OTL Extras logfile created on: 11/30/2011 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.33% Memory free
3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space Free | Partition Type: NTFS
Computer Name: JEEVES | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03A4FDE6-BEDB-4C54-96D8-A7C5D0CE67AD}" = Identity Finder Enterprise Edition
"{03B7F3F1-5A2C-4FC8-A4C1-AF6FE3F8E9AA}" = Genline FamilyFinder
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{06B8DAD8-2809-475E-BA9D-C34479A0D58A}" = Dell TrueMobile 2300 Control Utility
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0FE68635-AB17-4548-B631-5C3629CCD19A}" = Microsoft Office Live Meeting 2005 Replay Wrapper
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{178FDCAC-0CC9-433B-8E1C-96251615DCBE}" = Netflix Movie Viewer
"{1EAD84B8-0075-432A-BFFF-B197581265AF}" = Transparent Language System
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{490082D5-9BCF-11D5-8EC3-00D0B75DD247}" = DataFlow
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EA24DA8-F398-42C7-8CDC-39273493C514}" = MicScope
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62CB99B1-532B-40CC-8C14-3049473CB941}" = Synapse Workstation
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73108923-1D58-4C00-8E22-D71D98D0E0B4}" = ABF Outlook Express Backup
"{7426CE93-9C84-4EB0-A143-3ADDF9CC02FB}" = The Music Box - A Personal Ear Trainer 3.0
"{74B0050D-709E-4BD4-A5F4-5A7819F324FA}" = Turtle Beach USB MIDI 1x1
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{81929079-8CA2-4378-BCAA-620C666BF531}" = Scheduler
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{856D4888-3B48-4D0C-99D4-39AA7CF9DB2E}" = HP Photosmart Essential
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4004E8B-6A95-4FA4-AA05-731FC6510474}" = Family Tree Maker 2005
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B40902A8-9A11-4FB5-8445-68075A504943}" = Yamaha's Digital Music Notebook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43B2355-E258-4C28-8A36-48E521862673}" = New York Times - Times Reader
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE7C3758-7CAF-4F1D-8F84-F4F09CFCC26C}" = Flishr
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48BE6D9-D8D4-434C-A199-7226A19FEA54}" = QuickLink Desktop
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Pictures" = AOL Pictures Tools (version 10.6.0.6)
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"AudibleManager" = AudibleManager
"Belarc Advisor" = Belarc Advisor 8.1
"Birds of North America V2.5" = Birds of North America V2.5
"Byki Standard" = Byki Standard
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Carbonite Backup" = Carbonite
"Citrix ICA Client" = Citrix ICA Client
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSCLIB" = Canon Camera Support Core Library
"DBXanalyzer" = DBXanalyzer
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"ECCO Pro" = NetManage ECCO Pro
"Ecco Spell" = Ecco Spell
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ExModule_is1" = ExModule 1.0
"Family Tree Maker 2010" = Family Tree Maker 2010
"Family Tree Maker 2011" = Family Tree Maker 2011
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"GenSmarts_is1" = GenSmarts
"GENViewer_is1" = GENViewer version 1.21
"HP Photo Printing Software" = HP Photo Printing Software
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KGFs Databas 2004" = KGFs Databas 2004
"LanguageNow!" = LanguageNow!
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Medicos" = Medicos
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MightyFax" = MightyFax
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MySlideShow2_is1" = MySlideShow 2.7.5
"MyThumbs_is1" = MyThumbnails Pro 1.9
"Ninotech Path Copy" = Ninotech Path Copy 4.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OLYMPUS CAMEDIA Master 1.11" = OLYMPUS CAMEDIA Master 1.11
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"PicasaNet" = Hello (remove only)
"Picture Easy 3.0" = Picture Easy 3.1
"PicViewer_is1" = PicViewer 2.74
"PingPlotter" = PingPlotter
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickStitch" = QuickStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealOne Player
"Registry Mechanic_is1" = Registry Mechanic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"Shutterfly Plugin" = Shutterfly Plugin
"Sony´s EZ Audio ™ Transfer & Restoration Kit" = Sony´s EZ Audio ™ Transfer & Restoration Kit
"SP6" = Logitech SetPoint 6.15
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Swat It v2.1" = Swat It v2.1
"SysInfo" = Creative System Information
"Tolken99 v4.2" = Tolken99 v4.2
"Transparent Language System" = Transparent Language System
"TreeSize Professional_is1" = TreeSize Professional 4.3.2
"Tweak UI 2.10" = Tweak UI
"Video ToolBox_is1" = Video ToolBox
"VideoGen_is1" = MySlideShow Video Generator Plug-in 2.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"Vocabulary Master" = Vocabulary Master
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit]
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Win-Family 6.0" = Win-Family 6.0
"WinFlash Educator v10_is1" = WinFlash Educator v10
"WinFlash Educator v11_is1" = WinFlash Educator v11
"WinFlash Educator_is1" = WinFlash Educator 10.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/21/2011 8:53:19 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 10/22/2011 7:17:34 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.
Error - 10/22/2011 7:20:09 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.
Error - 10/22/2011 7:20:19 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03749136.
Error - 10/24/2011 8:27:49 AM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.
Error - 10/25/2011 8:53:30 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 10/26/2011 9:01:20 AM | Computer Name = JEEVES | Source = Application Hang | ID = 1002
Description = Hanging application spotify.exe, version 0.6.2.243, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/28/2011 8:08:35 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x038e9136.
Error - 10/28/2011 8:16:18 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.
Error - 10/28/2011 8:21:11 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x038e9136.
[ SLEvtLog Events ]
Error - 1/15/2007 3:28:16 PM | Computer Name = JEEVES | Source = SLSource | ID = 0
Description =
Error - 1/27/2007 6:01:55 AM | Computer Name = JEEVES | Source = SLSource | ID = 0
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
can't remove win32.pup.bandoo(800)
Started by
bobonridge
, Nov 30 2011 11:34 PM
-
This topic is locked
5 replies to this topic
#2
bobonridge
-
- Members
-
- 3 posts
Newbie
Posted 01 December 2011 - 11:16 PM
Additional info/question: I saw a suggestion to run Ad-Aware in Safe Mode: but when I try that I get the message "Unable to connect to service" and the program never starts. I unchecked the options for automatically checking for updates, etc and the same thing happens.
--
--
#3
CeciliaB
-
- Moderator
-
- 5381 posts
Volunteer
Posted 02 December 2011 - 12:53 AM
Hi bobonridge,
Please, tell us which file that Ad-Aware does not like and in which folder it is located. Note that PUP in the name stands for "Potentially Unwanted Program".
This toolbar in Firefox is not recommended and should be uninstalled. See comments on http://www.mywot.com...recard/zugo.com
[2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) --
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\searchtoolbar@zugo.com
Read about "ZoneAlarm Toolbar" on http://www.systemloo...tbZon2_dll.html
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
are very old Java versions with a lot of vulnerabilities, which makes it easy to infect the computer.
Please, tell us which file that Ad-Aware does not like and in which folder it is located. Note that PUP in the name stands for "Potentially Unwanted Program".
This toolbar in Firefox is not recommended and should be uninstalled. See comments on http://www.mywot.com...recard/zugo.com
[2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) --
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\searchtoolbar@zugo.com
Read about "ZoneAlarm Toolbar" on http://www.systemloo...tbZon2_dll.html
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
are very old Java versions with a lot of vulnerabilities, which makes it easy to infect the computer.
#4
bobonridge
-
- Members
-
- 3 posts
Newbie
Posted 02 December 2011 - 02:04 AM
Copied from the log file:
Logfile created: 11/29/2011 05:44:20
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Robert
*********************** Definitions database information ***********************
Lavasoft definition file: 150.631
Genotype definition file version: 2011/10/12 12:14:17
Extended engine definition file: 11173.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 217410
Objects detected: 1
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Skipped items:
Description: c:\documents and settings\robert\my documents\downloads\ilividsetupv1.exe Family Name: Win32.PUP.Bandoo[800] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 4013134a2420f46ffc63bfbe31bea0ac
Logfile created: 11/29/2011 05:44:20
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Robert
*********************** Definitions database information ***********************
Lavasoft definition file: 150.631
Genotype definition file version: 2011/10/12 12:14:17
Extended engine definition file: 11173.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 217410
Objects detected: 1
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Skipped items:
Description: c:\documents and settings\robert\my documents\downloads\ilividsetupv1.exe Family Name: Win32.PUP.Bandoo[800] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 4013134a2420f46ffc63bfbe31bea0ac
#5
CeciliaB
-
- Moderator
-
- 5381 posts
Volunteer
Posted 02 December 2011 - 09:13 AM
The file is listed under the header "Skipped items". Have you told Ad-Aware to ignore the file?
Can you delete the file yourself (if you want to delete it)?
Bando Media get rather bad remarks according to http://www.mywot.com...card/bandoo.com
If you want Lavasoft to investigate if it really is a possible unwanted program or if it is a false positive, please provide a download link to the file.
Can you delete the file yourself (if you want to delete it)?
Bando Media get rather bad remarks according to http://www.mywot.com...card/bandoo.com
If you want Lavasoft to investigate if it really is a possible unwanted program or if it is a false positive, please provide a download link to the file.
#6
CeciliaB
-
- Moderator
-
- 5381 posts
Volunteer
Posted 10 January 2012 - 04:17 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
