bobonridge 0 Report post Posted November 30, 2011 Per posting instructions, I'm pasting in the two files OTL.txt and Extras.txt. Ad-Aware keeps finding win32.pup.bandoo(800) even after re-booting, re-Updating. Not found by Malwarebytes or Spybot. No apparent suspicious behavior. OTL: OTL logfile created on: 11/30/2011 5:07:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robert\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.33% Memory free 3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space Free | Partition Type: NTFS Computer Name: JEEVES | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Robert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical Systems U.S.A., Inc.) PRC - C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe (SonicWALL, Inc.) PRC - C:\Program Files\Quicken\bagent.exe (Intuit Inc.) PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com)) PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) PRC - C:\Program Files\Essentials Codec Pack\WECPUpdate.exe (MediaCodec.Org) PRC - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical Systems U.S.A., Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe () PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe () PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( ) PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) PRC - C:\WINDOWS\SYSTEM32\ImagecastInterface.exe (IDX Systems Corporation) PRC - C:\WINDOWS\SYSTEM32\dlbtcoms.exe (Dell) PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\unrar.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll () MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll () MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll () MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll () MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe () MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe () MOD - C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll () MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll () MOD - C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll () MOD - C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll () MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll () MOD - C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll () MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTSTRN.DLL () MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTPCFG.DLL () MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL () MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTUI5C.DLL () MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTDR5C.DLL () MOD - C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (SynapseUpdateSvc) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical Systems U.S.A., Inc.) SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com)) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( ) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell) SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.) SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation) SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\WINDOWS\SYSTEM32\DRIVERS\kl2.sys (Kaspersky Lab ZAO) DRV - (KLIF) -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys (Kaspersky Lab) DRV - (radpms) -- C:\WINDOWS\SYSTEM32\DRIVERS\radpms.sys (LogMeIn, Inc.) DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software) DRV - (FilterService) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys () DRV - (LMouFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys (Logitech, Inc.) DRV - (ctxusbm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys () DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (SIODRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\SIODRV.SYS (Intel Corporation) DRV - (SMBios) Intel (R) -- C:\WINDOWS\SYSTEM32\DRIVERS\SMBios.sys (Intel Corporation) DRV - (RCFOX) -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS (SonicWALL, Inc.) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation) DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.) DRV - (ZSMC302) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvm302.sys (VM) DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys () DRV - (rcvpn) -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys (SonicWALL, Inc.) DRV - (TBU11) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbu11.sys (Voyetra Turtle Beach, Inc.) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (dfrusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\dfrusb.sys (Identix Incorporated) DRV - (EPUSBSTOR) -- C:\WINDOWS\SYSTEM32\DRIVERS\epusbsto.sys (SEIKO EPSON CORPORATION) DRV - (msloop) -- C:\WINDOWS\SYSTEM32\DRIVERS\loop.sys (Microsoft Corporation) DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation) DRV - (Eplpdx02) -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS (MK Systems CO., LTD.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.ynhhs-mdlink.com/default.asp?/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.ynhhs-mdlink.com/default.asp?/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.med.yale.edu:3128 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0493D792-5C92 -440b-81A8-AD6CDFC75212}: C:\Program Files\Yamaha Corporation\Digital Music Notebook\Common\Bootstrapper\XpCom\ [2010/12/12 04:08:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3 -449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/08 18:15:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 20:04:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 20:04:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/17 07:15:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/14 21:32:29 | 000,000,000 | ---D | M] [2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions [2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/11/22 13:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions [2011/11/22 13:41:20 | 000,000,000 | ---D | M] (ZoneAlarm Security Suite Community Toolbar) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{3ce45c4f-bf ff-4988-9a3c-a75c1f491319} [2011/11/22 13:41:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{e4a8a97b-f2 ed-450b-b12d-ee082ba24781} [2011/10/30 19:32:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected] .com [2011/06/22 21:41:42 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\LogMeInClien [email protected] [2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\searchtoolba [email protected] [2009/10/03 10:05:58 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected] stry.com [2011/10/21 05:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/14 21:38:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/24 20:07:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/05 06:56:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/05 19:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/05 06:29:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/05 00:44:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/02 20:56:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/10/21 05:32:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/10/12 21:08:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll [2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll [2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\mozilla firefox\plugins\NPUploader.dll [2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll [2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll [2011/10/12 21:08:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google: originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:i nstantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={s earchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{googl e:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searc hTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin8.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.d ll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\np LogitechDeviceDetection.dll CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.381 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll CHR - plugin: Shutterfly Upload Plugin 2.0.4.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\ O1 HOSTS File: ([2008/11/14 00:55:51 | 000,287,978 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.254.254.253 Xdrive O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com O1 - Hosts: 9925 more lines... O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.) O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl l (Check Point Software Technologies) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl l (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl l (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe () O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL () O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical Systems U.S.A., Inc.) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.) O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.) O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O15 - HKCU\..Trusted Domains: ynhh.org ([citrix] https in Trusted sites) O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com/support/plugins/ebraryRdr.cab (Infotl Control) O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft Script Runner Class) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {0D07C1FF-49FF-49A4-B453-6E067B51F1AE} https://radpacs.ynhh.org/iSite3_0.cab (ISiteNonVisual Control 3.01) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} https://yalepacs.ynhh.org (Synapse) O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM.cab (ICSScannerLight Class) O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10. 6.0.6.cab (AOL Pictures Uploader Class) O16 - DPF: {2EC77245-C97C-4F5E-80D1-9B280C4CD820} http://download.mailfrontier.com/matador/instmtdr.cab (Reg Error: Key error.) O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data Collection Control) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://www.pestscan.com/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-9 4901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine) O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://www.backup.com/user/webrestore.cab (WRXCtl Class) O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab (Install Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c lient/muweb_site.cab?1297990860779 (MUWebControl Class) O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win 32/activex/hcImpl.cab (Housecall ActiveX 6.5) O16 - DPF: {734F0ACB-CB01-4426-A8AB-A496C2583A40} https://idxwebssl.ynhh.org/fuji-idxrad/integration/ICAPI/ImagecastInte rface.CAB (DesktopSync Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoftware.com/activescan/as5/asinst.cab (ActiveScan Installer Class) O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP! Control) O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Registry Information Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c ab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c ab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://fujimed.webex.com/client/T25L/support/ieatgpc.cab (Reg Error: Key error.) O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab (Creative Product Registration ActiveX Control Module) O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60954C4F-C59A-49 7C-8D75-BDE3EF14B2CA}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 () - http://swedish-weaving.com/images/smalloom.jpg O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell - "" = AutoRun O33 - MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun\comm and - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/30 17:05:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe [2011/11/26 23:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Programs [2011/11/16 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2011/11/04 20:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix [2011/11/04 20:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Citrix [2010/11/09 08:27:15 | 000,237,568 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinsr.dll [2010/11/09 08:27:15 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtins.dll [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/30 17:06:32 | 000,007,542 | ---- | M] () -- C:\WINDOWS\ECCO.CFX [2011/11/30 17:06:32 | 000,006,068 | ---- | M] () -- C:\WINDOWS\ecco.fdb [2011/11/30 17:06:27 | 000,000,662 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2011/11/30 17:04:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe [2011/11/30 17:03:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21 71021228-1006UA.job [2011/11/30 16:27:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/11/30 12:03:06 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21 71021228-1006Core.job [2011/11/30 08:19:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job [2011/11/30 08:08:39 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/11/30 08:03:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2011/11/30 08:02:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/11/30 08:02:19 | 2683,359,232 | -HS- | M] () -- C:\hiberfil.sys [2011/11/30 08:02:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2011/11/28 18:14:04 | 000,434,566 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2011/11/28 18:14:04 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2011/11/28 08:38:41 | 000,537,965 | ---- | M] () -- C:\WINDOWS\ecco.alm [2011/11/26 08:46:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/11/25 20:52:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/11/25 20:52:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/11/23 12:01:49 | 000,052,220 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF [2011/11/19 00:32:31 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Medical Expenses.lnk [2011/11/15 18:38:37 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk [2011/11/12 19:48:14 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk [2011/11/12 08:14:43 | 000,001,241 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\LogMeIn Full Screen.lnk [2011/11/09 17:38:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/23 12:01:49 | 000,052,220 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF [2011/11/19 00:32:31 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Medical Expenses.lnk [2011/09/07 10:32:58 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/04/30 22:58:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/30 22:58:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2010/12/12 20:49:25 | 000,000,033 | ---- | C] () -- C:\WINDOWS\MSFDM.INI [2010/12/12 04:12:11 | 000,000,622 | ---- | C] () -- C:\WINDOWS\DMN.INI [2010/11/09 08:30:28 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll [2010/11/09 08:30:27 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll [2010/11/09 08:27:15 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe [2010/11/09 08:27:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll [2010/11/09 08:27:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll [2010/11/09 08:27:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll [2010/11/09 08:27:05 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll [2010/11/09 08:26:57 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll [2010/07/14 21:43:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/07/14 21:22:30 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2008/05/25 08:04:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2008/02/28 14:30:08 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2008/02/19 23:03:45 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe [2008/02/19 23:03:45 | 000,003,464 | ---- | C] () -- C:\WINDOWS\unins000.dat [2007/06/30 23:49:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe [2007/04/26 13:45:50 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2007/04/18 15:53:36 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/04 14:57:10 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2007/01/03 11:57:53 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2006/12/07 22:54:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/06/17 16:57:53 | 000,007,160 | ---- | C] () -- C:\WINDOWS\mozver.dat [2006/03/22 17:32:15 | 000,019,968 | ---- | C] () -- C:\WINDOWS\PHCREMOV.EXE [2006/03/22 17:32:15 | 000,016,384 | R--- | C] () -- C:\WINDOWS\System32\pcl2pdfnt.dll [2006/03/20 19:24:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/02/19 18:35:54 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/02/19 18:35:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/02/19 18:35:54 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/02/19 18:35:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BD7220.dat [2006/02/19 18:35:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/02/19 18:35:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2006/02/18 17:34:05 | 000,000,039 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI [2006/02/18 17:33:48 | 000,000,077 | ---- | C] () -- C:\WINDOWS\Viewer.ini [2006/02/18 17:33:40 | 000,000,454 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI [2006/02/18 16:50:01 | 000,000,371 | ---- | C] () -- C:\WINDOWS\wmw.ini [2006/01/18 19:37:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Robert\Application Data\L8457789_1 [2006/01/05 18:44:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\npbdwn32.dll [2005/10/26 14:59:49 | 000,002,330 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini [2005/10/09 05:34:09 | 000,000,403 | ---- | C] () -- C:\WINDOWS\musicstr.ini [2005/10/09 05:28:49 | 000,000,087 | ---- | C] () -- C:\WINDOWS\inst.ini [2005/10/08 21:00:32 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Musicbox.INI [2005/10/08 20:04:15 | 000,000,443 | ---- | C] () -- C:\WINDOWS\MUSBOX32.INI [2005/06/28 19:37:30 | 000,000,662 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2005/06/28 19:35:03 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll [2005/06/28 19:35:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll [2005/05/30 20:32:30 | 000,003,013 | ---- | C] () -- C:\WINDOWS\System32\ole4lr.dll [2005/03/22 21:12:52 | 000,184,808 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\shb.dat [2005/02/07 23:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PezDownload.INI [2005/02/07 19:45:14 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini [2005/02/07 19:45:12 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\inetwh16.dll [2004/12/22 13:34:55 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2004/12/08 22:23:53 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll [2004/11/16 20:36:05 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys [2004/11/16 20:36:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys [2004/08/29 05:04:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/07/02 18:24:15 | 000,795,904 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2004/06/04 20:48:34 | 000,000,607 | ---- | C] () -- C:\WINDOWS\EZAudio_trk.INI [2004/06/04 18:41:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2004/06/04 18:39:54 | 000,000,083 | ---- | C] () -- C:\WINDOWS\magix.ini [2004/05/01 10:13:29 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI [2004/04/26 19:54:07 | 000,023,455 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/04/18 00:06:07 | 000,001,998 | ---- | C] () -- C:\WINDOWS\tbs_bna.ini [2004/04/18 00:06:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\tbs_job.ini [2004/04/18 00:06:00 | 000,002,665 | ---- | C] () -- C:\WINDOWS\tbs_quiz.ini [2004/04/18 00:06:00 | 000,001,072 | ---- | C] () -- C:\WINDOWS\tbs_juke.ini [2004/04/18 00:06:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\tbs_tbh.ini [2004/04/18 00:05:59 | 000,001,159 | ---- | C] () -- C:\WINDOWS\tbs_bows.ini [2004/04/18 00:05:57 | 000,000,744 | ---- | C] () -- C:\WINDOWS\tbs_ss.ini [2004/04/18 00:05:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\tbs_menu.ini [2004/04/17 05:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VM.INI [2004/04/17 05:23:50 | 000,004,374 | ---- | C] () -- C:\WINDOWS\WORDACE1.INI [2004/04/17 05:19:02 | 000,000,280 | ---- | C] () -- C:\WINDOWS\EReg196.dat [2004/04/15 19:56:57 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT [2004/04/13 21:03:51 | 000,001,498 | ---- | C] () -- C:\WINDOWS\genviewer.ini [2004/04/12 06:48:59 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ECCO.INI [2004/04/10 19:40:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI [2004/04/10 19:40:36 | 000,006,472 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat [2004/04/10 15:56:56 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI [2004/04/09 18:56:01 | 000,000,482 | ---- | C] () -- C:\WINDOWS\SmtBook.INI [2004/04/08 21:13:45 | 000,007,168 | ---- | C] () -- C:\WINDOWS\SMTB953X.DLL [2004/04/08 21:13:45 | 000,002,879 | ---- | C] () -- C:\WINDOWS\BOOKS2X.DLL [2004/04/08 21:13:45 | 000,001,792 | ---- | C] () -- C:\WINDOWS\SMTBK3X.DLL [2004/04/07 20:51:30 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI [2004/04/07 20:50:48 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2004/04/07 20:50:48 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2004/04/07 20:42:43 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/04/06 23:16:18 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat [2004/04/06 22:01:00 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MFPD.INI [2004/04/06 21:26:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/04/06 21:11:21 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT [2004/04/06 21:08:30 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2004/04/06 21:07:40 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2004/04/06 20:49:57 | 000,000,106 | ---- | C] () -- C:\WINDOWS\webica.ini [2004/04/06 19:18:35 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\Datcrt.exe [2004/04/02 02:41:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/04/02 02:35:50 | 000,034,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2004/04/02 02:32:44 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2004/04/02 02:30:19 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2004/04/02 02:29:37 | 000,000,624 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/04/02 02:20:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT [2004/04/02 02:19:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/04/02 02:18:54 | 000,434,566 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT [2004/04/02 02:18:54 | 000,068,470 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT [2004/04/02 02:06:02 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/01/23 10:05:02 | 000,371,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/01/23 10:03:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2003/11/20 14:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002/09/03 14:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2002/09/03 14:31:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT [2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT [2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT [2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN [2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT [2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe [2000/09/14 01:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [1999/08/05 15:07:42 | 000,313,344 | ---- | C] () -- C:\WINDOWS\WF6REMOV.EXE [1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [color=#E56717]========== LOP Check ==========[/color] [2008/10/18 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo [2008/10/17 19:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite [2011/09/08 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2011/11/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/11/07 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK [2011/11/30 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2007/11/30 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2007/01/07 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2005/04/02 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg [2004/04/16 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2010/12/04 11:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Open Window Software [2010/03/13 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2007/06/27 22:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/03/13 08:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent [2006/03/19 00:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/01/27 22:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2008/01/04 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA [2010/12/12 04:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yamaha Corporation [2011/03/13 08:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{171E062A-F0D3-40F6-9A2F-10C4987C1939} [2011/03/13 08:47:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AFF419FB-6682-4A74-AA85-F3CE495D0346} [2006/03/19 00:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Aim [2007/05/05 16:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anix Software [2009/11/07 10:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\CheckPoint [2004/09/24 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DMCache [2011/11/30 16:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Dropbox [2010/09/18 19:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics [2008/05/18 16:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Flickr [2004/08/23 18:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FTW [2009/10/02 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\genline [2011/11/04 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ICAClient [2009/07/20 17:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Image Zone Express [2007/05/31 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\JAM Software [2004/04/06 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech [2004/10/08 19:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Learn2.com [2010/07/12 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MailFrontier [2005/09/23 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MyFamily.com [2004/04/17 11:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MyKey [2006/04/16 17:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Ofoto [2004/04/09 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Qualcomm [2007/01/04 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft [2006/04/02 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Serif [2007/08/12 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Snapfish [2011/11/28 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spotify [2010/07/04 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Thunderbird [2009/10/25 17:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\W Photo Studio Viewer [2007/01/04 15:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Xdrive [2011/11/30 08:08:39 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011/11/30 08:19:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:333B9FFC < End of report > Extras.txt: OTL Extras logfile created on: 11/30/2011 5:07:26 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robert\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.33% Memory free 3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space Free | Partition Type: NTFS Computer Name: JEEVES | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe:*:Enabled:AOL Services "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) "C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{03A4FDE6-BEDB-4C54-96D8-A7C5D0CE67AD}" = Identity Finder Enterprise Edition "{03B7F3F1-5A2C-4FC8-A4C1-AF6FE3F8E9AA}" = Genline FamilyFinder "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{06B8DAD8-2809-475E-BA9D-C34479A0D58A}" = Dell TrueMobile 2300 Control Utility "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web) "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{0FE68635-AB17-4548-B631-5C3629CCD19A}" = Microsoft Office Live Meeting 2005 Replay Wrapper "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{178FDCAC-0CC9-433B-8E1C-96251615DCBE}" = Netflix Movie Viewer "{1EAD84B8-0075-432A-BFFF-B197581265AF}" = Transparent Language System "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003 "{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3 "{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware "{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011 "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox "{490082D5-9BCF-11D5-8EC3-00D0B75DD247}" = DataFlow "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware "{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB) "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5EA24DA8-F398-42C7-8CDC-39273493C514}" = MicScope "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011 "{62CB99B1-532B-40CC-8C14-3049473CB941}" = Synapse Workstation "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero "{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04 "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{73108923-1D58-4C00-8E22-D71D98D0E0B4}" = ABF Outlook Express Backup "{7426CE93-9C84-4EB0-A143-3ADDF9CC02FB}" = The Music Box - A Personal Ear Trainer 3.0 "{74B0050D-709E-4BD4-A5F4-5A7819F324FA}" = Turtle Beach USB MIDI 1x1 "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX) "{81929079-8CA2-4378-BCAA-620C666BF531}" = Scheduler "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018 "{856D4888-3B48-4D0C-99D4-39AA7CF9DB2E}" = HP Photosmart Essential "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4004E8B-6A95-4FA4-AA05-731FC6510474}" = Family Tree Maker 2005 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1 "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{B40902A8-9A11-4FB5-8445-68075A504943}" = Yamaha's Digital Music Notebook "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B43B2355-E258-4C28-8A36-48E521862673}" = New York Times - Times Reader "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE7C3758-7CAF-4F1D-8F84-F4F09CFCC26C}" = Flishr "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV) "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5 "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48BE6D9-D8D4-434C-A199-7226A19FEA54}" = QuickLink Desktop "{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client "{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Across Lite 2.0" = Across Lite 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AOL Instant Messenger" = AOL Instant Messenger "AOL Pictures" = AOL Pictures Tools (version 10.6.0.6) "Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2 "AudibleManager" = AudibleManager "Belarc Advisor" = Belarc Advisor 8.1 "Birds of North America V2.5" = Birds of North America V2.5 "Byki Standard" = Byki Standard "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "Carbonite Backup" = Carbonite "Citrix ICA Client" = Citrix ICA Client "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "Creative Removable Disk Manager" = Creative Removable Disk Manager "CSCLIB" = Canon Camera Support Core Library "DBXanalyzer" = DBXanalyzer "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922 "ECCO Pro" = NetManage ECCO Pro "Ecco Spell" = Ecco Spell "EOS Utility" = Canon Utilities EOS Utility "EPSON Printer and Utilities" = EPSON Printer Software "ExModule_is1" = ExModule 1.0 "Family Tree Maker 2010" = Family Tree Maker 2010 "Family Tree Maker 2011" = Family Tree Maker 2011 "Flickr Uploadr" = Flickr Uploadr 3.0.5 "GenSmarts_is1" = GenSmarts "GENViewer_is1" = GENViewer version 1.21 "HP Photo Printing Software" = HP Photo Printing Software "ie8" = Windows Internet Explorer 8 "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem "KGFs Databas 2004" = KGFs Databas 2004 "LanguageNow!" = LanguageNow! "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Medicos" = Medicos "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MightyFax" = MightyFax "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "MySlideShow2_is1" = MySlideShow 2.7.5 "MyThumbs_is1" = MyThumbnails Pro 1.9 "Ninotech Path Copy" = Ninotech Path Copy 4.0 "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "OLYMPUS CAMEDIA Master 1.11" = OLYMPUS CAMEDIA Master 1.11 "Picasa 3" = Picasa 3 "Picasa2" = Picasa 2 "PicasaNet" = Hello (remove only) "Picture Easy 3.0" = Picture Easy 3.1 "PicViewer_is1" = PicViewer 2.74 "PingPlotter" = PingPlotter "PROSet" = Intel(R) PRO Network Adapters and Drivers "QuickStitch" = QuickStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 6.0" = RealOne Player "Registry Mechanic_is1" = Registry Mechanic "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "Shockwave" = Shockwave "Shutterfly Plugin" = Shutterfly Plugin "Sony´s EZ Audio (TM) Transfer & Restoration Kit" = Sony´s EZ Audio (TM) Transfer & Restoration Kit "SP6" = Logitech SetPoint 6.15 "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20 "StreetPlugin" = Learn2 Player (Uninstall Only) "Swat It v2.1" = Swat It v2.1 "SysInfo" = Creative System Information "Tolken99 v4.2" = Tolken99 v4.2 "Transparent Language System" = Transparent Language System "TreeSize Professional_is1" = TreeSize Professional 4.3.2 "Tweak UI 2.10" = Tweak UI "Video ToolBox_is1" = Video ToolBox "VideoGen_is1" = MySlideShow Video Generator Plug-in 2.8.7 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.2 "Vocabulary Master" = Vocabulary Master "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit] "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "Win-Family 6.0" = Win-Family 6.0 "WinFlash Educator v10_is1" = WinFlash Educator v10 "WinFlash Educator v11_is1" = WinFlash Educator v11 "WinFlash Educator_is1" = WinFlash Educator 10.0 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "ZENcast Organizer" = ZENcast Organizer "ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite "ZoneAlarm Toolbar" = ZoneAlarm Toolbar "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.5.0.457 "Spotify" = Spotify [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 10/21/2011 8:53:19 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 10/22/2011 7:17:34 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x037e9136. Error - 10/22/2011 7:20:09 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x037e9136. Error - 10/22/2011 7:20:19 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x03749136. Error - 10/24/2011 8:27:49 AM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x037e9136. Error - 10/25/2011 8:53:30 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 10/26/2011 9:01:20 AM | Computer Name = JEEVES | Source = Application Hang | ID = 1002 Description = Hanging application spotify.exe, version 0.6.2.243, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 10/28/2011 8:08:35 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x038e9136. Error - 10/28/2011 8:16:18 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x037e9136. Error - 10/28/2011 8:21:11 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x038e9136. [ SLEvtLog Events ] Error - 1/15/2007 3:28:16 PM | Computer Name = JEEVES | Source = SLSource | ID = 0 Description = Error - 1/27/2007 6:01:55 AM | Computer Name = JEEVES | Source = SLSource | ID = 0 Description = [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Share this post Link to post Share on other sites
bobonridge 0 Report post Posted December 1, 2011 Additional info/question: I saw a suggestion to run Ad-Aware in Safe Mode: but when I try that I get the message "Unable to connect to service" and the program never starts. I unchecked the options for automatically checking for updates, etc and the same thing happens. -- Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 1, 2011 Hi bobonridge, Please, tell us which file that Ad-Aware does not like and in which folder it is located. Note that PUP in the name stands for "Potentially Unwanted Program". This toolbar in Firefox is not recommended and should be uninstalled. See comments on http://www.mywot.com/en/scorecard/zugo.com [2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected] Read about "ZoneAlarm Toolbar" on http://www.systemlookup.com/CLSID/71489-tbZone_dll_tbZon0_dll_tbZon1_dll_tbZon2_dll_prxtbZone_dll_prxtbZon0_dll_prxtbZon1_dll_prxtbZon2_dll.html J2SE Runtime Environment 5.0 Update 4 Java 2 Runtime Environment, SE v1.4.2 Java 2 Runtime Environment, SE v1.4.2_04 are very old Java versions with a lot of vulnerabilities, which makes it easy to infect the computer. Share this post Link to post Share on other sites
bobonridge 0 Report post Posted December 2, 2011 Copied from the log file: Logfile created: 11/29/2011 05:44:20 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Robert *********************** Definitions database information *********************** Lavasoft definition file: 150.631 Genotype definition file version: 2011/10/12 12:14:17 Extended engine definition file: 11173.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 217410 Objects detected: 1 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 [b]Skipped items:[/b] [b]Description: c:\documents and settings\robert\my documents\downloads\ilividsetupv1.exe Family Name: Win32.PUP.Bandoo[800] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 4013134a2420f46ffc63bfbe31bea0ac[/b] Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 2, 2011 The file is listed under the header "Skipped items". Have you told Ad-Aware to ignore the file? Can you delete the file yourself (if you want to delete it)? Bando Media get rather bad remarks according to [url="http://www.mywot.com/en/scorecard/bandoo.com"]http://www.mywot.com...card/bandoo.com[/url] If you want Lavasoft to investigate if it really is a possible unwanted program or if it is a false positive, please provide a download link to the file. Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted January 10, 2012 Due to lack of feedback, this topic has been closed.If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.Thank You ! Share this post Link to post Share on other sites