can't remove win32.pup.bandoo(800)

bobonridge · November 30, 2011

Per posting instructions, I'm pasting in the two files OTL.txt and Extras.txt. Ad-Aware keeps finding win32.pup.bandoo(800) even after re-booting, re-Updating. Not found by Malwarebytes or Spybot. No apparent suspicious behavior.

OTL:

OTL logfile created on: 11/30/2011 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and

Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -

Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date

Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory |

65.33% Memory free
3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging

File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =

C:\Program Files
Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space

Free | Partition Type: NTFS

Computer Name: JEEVES | User Name: Robert | Logged in as

Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company

Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Robert\Desktop\OTL.exe (OldTimer

Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft

Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft

Limited)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point

Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check

Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point

Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point

Software Technologies LTD)
PRC - C:\Program Files\Fuji Medical

System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical

Systems U.S.A., Inc.)
PRC - C:\Documents and Settings\Robert\Application

Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe

(SonicWALL, Inc.)
PRC - C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

(Carbonite, Inc.)
PRC - C:\Program Files\Essentials Codec Pack\WECPUpdate.exe

(MediaCodec.Org)
PRC - C:\Program Files\Fuji Medical

System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical

Systems U.S.A., Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech,

Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Logitech Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems,

Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems,

Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\aDefragService.exe ( )
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

(SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

(SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft

Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft

Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative

Technology Ltd)
PRC - C:\WINDOWS\SYSTEM32\ImagecastInterface.exe (IDX Systems

Corporation)
PRC - C:\WINDOWS\SYSTEM32\dlbtcoms.exe (Dell)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO

EPSON CORPORATION)

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\unrar.dll ()
MOD - C:\Documents and Settings\All Users\Application

Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application

Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application

Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll ()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll

()
MOD - C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll ()
MOD - C:\Program

Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll ()
MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\defragTaskBar.exe ()
MOD - C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\defragActivityMonitor.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTSTRN.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTPCFG.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBTPP5C.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTUI5C.DLL ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBTDR5C.DLL ()
MOD - C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll ()

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (Lavasoft Ad-Aware Service) -- C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn,

Inc.)
SRV - (LMIGuardianSvc) -- C:\Program

Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

(Check Point Software Technologies)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

(Check Point Software Technologies LTD)
SRV - (SynapseUpdateSvc) -- C:\Program Files\Fuji Medical

System\Synapse\Workstation\SynapseUpdateManager.exe (FUJIFILM Medical

Systems U.S.A., Inc.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite

Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn,

Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common

Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LBTServ) -- C:\Program Files\Common

Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo

Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) --

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft,

Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (RampartSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN

Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R)

Corporation)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

[color=#E56717]========== Driver Services (SafeList)

==========[/color]

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program

Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

(LogMeIn, Inc.)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

(Check Point Software Technologies)
DRV - (Vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point

Software Technologies LTD)
DRV - (KL1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\SYSTEM32\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV - (KLIF) -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys (Kaspersky Lab)
DRV - (radpms) -- C:\WINDOWS\SYSTEM32\DRIVERS\radpms.sys (LogMeIn,

Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS

(Avanquest Software)
DRV - (FilterService) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys

(Logitech Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) --

C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys ()
DRV - (LMouFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys

(Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys

(Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys (Logitech,

Inc.)
DRV - (ctxusbm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys (Citrix

Systems, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys

(LogMeIn, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch,

Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn,

Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys

(RealNetworks, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\SIODRV.SYS (Intel

Corporation)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\SYSTEM32\DRIVERS\SMBios.sys

(Intel Corporation)
DRV - (RCFOX) -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS (SonicWALL,

Inc.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R)

Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R)

Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R)

Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R)

Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R)

Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R)

Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R)

Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R)

Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R)

Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R)

Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI

Technologies Inc.)
DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic

Networks, Inc.)
DRV - (ZSMC302) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbvm302.sys (VM)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel

Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel

Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel

Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel

Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (rcvpn) -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys (SonicWALL,

Inc.)
DRV - (TBU11) -- C:\WINDOWS\SYSTEM32\DRIVERS\tbu11.sys (Voyetra Turtle

Beach, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer

Corporation)
DRV - (dfrusb) -- C:\WINDOWS\SYSTEM32\DRIVERS\dfrusb.sys (Identix

Incorporated)
DRV - (EPUSBSTOR) -- C:\WINDOWS\SYSTEM32\DRIVERS\epusbsto.sys (SEIKO

EPSON CORPORATION)
DRV - (msloop) -- C:\WINDOWS\SYSTEM32\DRIVERS\loop.sys (Microsoft

Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com

Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS (MK

Systems CO., LTD.)

[color=#E56717]========== Standard Registry (SafeList)

==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant

= http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

https://www.ynhhs-mdlink.com/default.asp?/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore

= https://www.ynhhs-mdlink.com/default.asp?/
IE - HKCU\SOFTWARE\Microsoft\Internet

Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant

= http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} -

C:\Program Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} -

C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll

(FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyServer" = proxy.med.yale.edu:3128

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:

C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:

C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:

C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program

Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:

c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll (

Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:

c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\NPWPF.dll (Microsoft Corporation)
FF -

HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835:

C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks,

Inc.)
FF -

HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136:

C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF -

HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847:

C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

(RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google

Update;version=3: C:\Program

Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google

Update;version=9: C:\Program

Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program

Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program

Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:

C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google

Update;version=3: C:\Documents and Settings\Robert\Local

Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

(Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google

Update;version=9: C:\Documents and Settings\Robert\Local

Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll

(Google Inc.)

FF -

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0493D792-5C92

-440b-81A8-AD6CDFC75212}: C:\Program Files\Yamaha Corporation\Digital

Music Notebook\Common\Bootstrapper\XpCom\ [2010/12/12 04:08:59 |

000,000,000 | ---D | M]
FF -

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3

-449D-B827-DB661701C6BB}: C:\Program

Files\CheckPoint\ZAForceField\TrustChecker [2011/09/08 18:15:16 |

000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox

7.0.1\extensions\\Components: C:\Program Files\Mozilla

Firefox\components [2011/11/04 20:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox

7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/04 20:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird

8.0\extensions\\Components: C:\Program Files\Mozilla

Thunderbird\components [2011/08/17 07:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird

8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/14 21:32:29 | 000,000,000 | ---D | M]

[2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2010/07/04 21:26:09 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Robert\Application

Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/22 13:41:28 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions
[2011/11/22 13:41:20 | 000,000,000 | ---D | M] (ZoneAlarm Security

Suite Community Toolbar) -- C:\Documents and

Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{3ce45c4f-bf

ff-4988-9a3c-a75c1f491319}
[2011/11/22 13:41:28 | 000,000,000 | ---D | M] (Greasemonkey) --

C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\{e4a8a97b-f2

ed-450b-b12d-ee082ba24781}
[2011/10/30 19:32:10 | 000,000,000 | ---D | M] ("Xmarks") --

C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected]

.com
[2011/06/22 21:41:42 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote

Access Plugin) -- C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\LogMeInClien

[email protected]
[2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) --

C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\searchtoolba

[email protected]
[2009/10/03 10:05:58 | 000,000,000 | ---D | M] (Ancestry.com Advanced

Image Viewer) -- C:\Documents and Settings\Robert\Application

Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected]

stry.com
[2011/10/21 05:32:12 | 000,000,000 | ---D | M] (No name found) --

C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 21:38:30 | 000,000,000 | ---D | M] (Skype extension for

Firefox) -- C:\Program Files\Mozilla

Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/24 20:07:07 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 06:56:41 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 19:23:41 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 06:29:39 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 00:44:53 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 20:56:55 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/21 05:32:14 | 000,000,000 | ---D | M] (Java Console) --

C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/12 21:08:05 | 000,134,104 | ---- | M] (Mozilla Foundation) --

C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.)

-- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.)

-- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.)

-- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.)

-- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems,

Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) --

C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program

Files\mozilla firefox\plugins\npicaN.dll
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program

Files\mozilla firefox\plugins\npRACtrl.dll
[2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program

Files\mozilla firefox\plugins\npsnapfish.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.)

-- C:\Program Files\mozilla firefox\plugins\NPUploader.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program

Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.)

-- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation)

-- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2011/10/12 21:08:00 | 000,002,252 | ---- | M] () -- C:\Program

Files\mozilla firefox\searchplugins\bing.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url =

{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:

originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:i

nstantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={s

earchTerms}
CHR - default_search_provider: suggest_url =

{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{googl

e:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searc

hTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and

Settings\Robert\Local Settings\Application

Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) =

C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program

Files\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program

Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program

Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader

10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program

Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program

Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)

(Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library

(Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and

Settings\Robert\Local Settings\Application

Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.d

ll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and

Settings\Robert\Local Settings\Application

Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and

Settings\Robert\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\np

LogitechDeviceDetection.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla

Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program

Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.381

(Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program

Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program

Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Shutterfly Upload Plugin 2.0.4.0 (Enabled) = C:\Program

Files\Mozilla Firefox\plugins\NPUploader.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows

Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows

Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and

Settings\Robert\Local Settings\Application

Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program

Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program

Files\Picasa2\npPicasa3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program

Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program

Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) =

c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation

Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Logitech Device Detection = C:\Documents and

Settings\Robert\Local Settings\Application Data\Google\Chrome\User

Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\

O1 HOSTS File: ([2008/11/14 00:55:51 | 000,287,978 | R--- | M]) -

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.254.254.253 Xdrive
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9925 more lines...
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D}

- C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll

(FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (ZoneAlarm Security Suite Toolbar) -

{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program

Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer

Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890}

- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Security Engine Registrar) -

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl

l (Check Point Software Technologies)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} -

C:\Program Files\Search Toolbar\SearchToolbar.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) -

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) -

{3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program

Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) -

{9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search

Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) -

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl

l (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZeroBar) -

{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program

Files\NetZero\Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) -

{2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -

{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -

{2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) -

{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program

Files\ZoneAlarm_Security_Suite\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) -

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dl

l (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) -

{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program

Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program

Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA

Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop

Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo

Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [DLBTCATS]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program

Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical

System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical

Systems U.S.A., Inc.)
O4 - HKLM..\Run: [ISW] C:\Program

Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software

Technologies)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program

Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program

Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM

Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows

Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program

Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software

Technologies LTD)
O4 - HKCU..\Run: [MtdAcqu] C:\Program

Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program

Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Robert\Start

Menu\Programs\Startup\Dropbox.lnk = C:\Documents and

Settings\Robert\Application Data\Dropbox\bin\Dropbox.exe (Dropbox,

Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery

present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O9 - Extra Button: Share in Hello -

{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello -

{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in

Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in

Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted

sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in

Trusted sites)
O15 - HKCU\..Trusted Domains: ynhh.org ([citrix] https in Trusted

sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01}

http://site.ebrary.com/support/plugins/ebraryRdr.cab (Infotl Control)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE}

http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft

Script Runner Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}

http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0D07C1FF-49FF-49A4-B453-6E067B51F1AE}

https://radpacs.ynhh.org/iSite3_0.cab (ISiteNonVisual Control 3.01)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine

Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001}

https://yalepacs.ynhh.org (Synapse)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C}

http://download.zonelabs.com/bin/free/cm/ICSCM.cab (ICSScannerLight

Class)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}

http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.

6.0.6.cab (AOL Pictures Uploader Class)
O16 - DPF: {2EC77245-C97C-4F5E-80D1-9B280C4CD820}

http://download.mailfrontier.com/matador/instmtdr.cab (Reg Error: Key

error.)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}

https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data

Collection Control)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}

http://www.pestscan.com/scanner/axscanner.cab

(PPSDKActiveXScanner.MainScreen)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71}

http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-9

4901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}

http://office.microsoft.com/officeupdate/content/opuc2.cab (Office

Update Installation Engine)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1}

https://www.backup.com/user/webrestore.cab (WRXCtl Class)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E}

http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

(Install Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/c

lient/muweb_site.cab?1297990860779 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win

32/activex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {734F0ACB-CB01-4426-A8AB-A496C2583A40}

https://idxwebssl.ynhh.org/fuji-idxrad/integration/ICAPI/ImagecastInte

rface.CAB (DesktopSync Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

(Java Plug-in 1.6.0_29)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

http://www.pandasoftware.com/activescan/as5/asinst.cab (ActiveScan

Installer Class)
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931}

ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP!

Control)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

(Symantec RuFSI Registry Information Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c

ab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c

ab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

(Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

(Java Plug-in 1.6.0_29)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

(ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

(Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

https://fujimed.webex.com/client/T25L/support/ieatgpc.cab (Reg Error:

Key error.)
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC}

http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab (Creative

Product Registration ActiveX Control Module)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

(ActiveDataObj Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}

https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance

Viewer Activex Control)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg

Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

192.168.1.1
O17 -

HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60954C4F-C59A-49

7C-8D75-BDE3EF14B2CA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -

C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common

Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data

{91774881-D725-4E58-B298-07617B9B86A8} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe

(Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe)

-C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common

files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common

Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) -

C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () -

http://swedish-weaving.com/images/smalloom.jpg
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local

Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local

Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} -

C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -

C:\Program Files\Qualcomm\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] ()

- C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell - "" =

AutoRun
O33 -

MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun - ""

= Auto&Play
O33 -

MountPoints2\{6903e5a7-dda0-11de-b90a-006073e17f59}\Shell\AutoRun\comm

and - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days

==========[/color]

[2011/11/30 17:05:03 | 000,584,192 | ---- | C] (OldTimer Tools) --

C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/11/26 23:07:23 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Robert\Local Settings\Application Data\Programs
[2011/11/16 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/04 20:06:15 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\All Users\Application Data\Citrix
[2011/11/04 20:05:17 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Robert\Local Settings\Application Data\Citrix
[2010/11/09 08:27:15 | 000,237,568 | ---- | C] ( ) --

C:\WINDOWS\System32\dlbtinsr.dll
[2010/11/09 08:27:15 | 000,110,592 | ---- | C] ( ) --

C:\WINDOWS\System32\dlbtins.dll
[2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) --

C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) --

C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) --

C:\WINDOWS\System32\dlbthbn3.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days

==========[/color]

[2011/11/30 17:06:32 | 000,007,542 | ---- | M] () --

C:\WINDOWS\ECCO.CFX
[2011/11/30 17:06:32 | 000,006,068 | ---- | M] () --

C:\WINDOWS\ecco.fdb
[2011/11/30 17:06:27 | 000,000,662 | ---- | M] () --

C:\WINDOWS\dellstat.ini
[2011/11/30 17:04:55 | 000,584,192 | ---- | M] (OldTimer Tools) --

C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/11/30 17:03:00 | 000,000,982 | ---- | M] () --

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21

71021228-1006UA.job
[2011/11/30 16:27:14 | 000,000,886 | ---- | M] () --

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () --

C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/30 12:03:06 | 000,000,930 | ---- | M] () --

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246077919-1552412502-21

71021228-1006Core.job
[2011/11/30 08:19:35 | 000,000,350 | ---- | M] () --

C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/11/30 08:08:39 | 000,000,486 | ---- | M] () --

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/30 08:03:21 | 000,001,170 | ---- | M] () --

C:\WINDOWS\System32\WPA.DBL
[2011/11/30 08:02:51 | 000,000,882 | ---- | M] () --

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 08:02:19 | 2683,359,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 08:02:19 | 000,002,048 | --S- | M] () --

C:\WINDOWS\BOOTSTAT.DAT
[2011/11/28 18:14:04 | 000,434,566 | ---- | M] () --

C:\WINDOWS\System32\PERFH009.DAT
[2011/11/28 18:14:04 | 000,068,470 | ---- | M] () --

C:\WINDOWS\System32\PERFC009.DAT
[2011/11/28 08:38:41 | 000,537,965 | ---- | M] () --

C:\WINDOWS\ecco.alm
[2011/11/26 08:46:27 | 000,414,368 | ---- | M] (Adobe Systems

Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/25 20:52:55 | 000,000,064 | ---- | M] () --

C:\WINDOWS\System32\rp_stats.dat
[2011/11/25 20:52:55 | 000,000,044 | ---- | M] () --

C:\WINDOWS\System32\rp_rules.dat
[2011/11/23 12:01:49 | 000,052,220 | ---- | M] () -- C:\Documents and

Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF
[2011/11/19 00:32:31 | 000,000,831 | ---- | M] () -- C:\Documents and

Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick

Launch\Medical Expenses.lnk
[2011/11/15 18:38:37 | 000,002,271 | ---- | M] () -- C:\Documents and

Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick

Launch\Microsoft Word.lnk
[2011/11/12 19:48:14 | 000,002,259 | ---- | M] () -- C:\Documents and

Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick

Launch\Microsoft Excel.lnk
[2011/11/12 08:14:43 | 000,001,241 | ---- | M] () -- C:\Documents and

Settings\Robert\Desktop\LogMeIn Full Screen.lnk
[2011/11/09 17:38:09 | 000,001,374 | ---- | M] () --

C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name

==========[/color]

[2011/11/23 12:01:49 | 000,052,220 | ---- | C] () -- C:\Documents and

Settings\Robert\My Documents\11-23-2011 12;01;16PM.RTF
[2011/11/19 00:32:31 | 000,000,831 | ---- | C] () -- C:\Documents and

Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick

Launch\Medical Expenses.lnk
[2011/09/07 10:32:58 | 000,016,432 | ---- | C] () --

C:\WINDOWS\System32\lsdelete.exe
[2011/04/30 22:58:26 | 000,000,064 | ---- | C] () --

C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 22:58:26 | 000,000,044 | ---- | C] () --

C:\WINDOWS\System32\rp_rules.dat
[2010/12/12 20:49:25 | 000,000,033 | ---- | C] () --

C:\WINDOWS\MSFDM.INI
[2010/12/12 04:12:11 | 000,000,622 | ---- | C] () --

C:\WINDOWS\DMN.INI
[2010/11/09 08:30:28 | 000,131,072 | R--- | C] () --

C:\WINDOWS\System32\dlbtsnls.dll
[2010/11/09 08:30:27 | 000,143,360 | R--- | C] () --

C:\WINDOWS\System32\dlbtcoin.dll
[2010/11/09 08:27:15 | 000,294,912 | ---- | C] () --

C:\WINDOWS\System32\dlbtih.exe
[2010/11/09 08:27:15 | 000,040,960 | ---- | C] () --

C:\WINDOWS\System32\dlbtvs.dll
[2010/11/09 08:27:12 | 000,114,688 | ---- | C] () --

C:\WINDOWS\System32\dlbtcur.dll
[2010/11/09 08:27:12 | 000,069,632 | ---- | C] () --

C:\WINDOWS\System32\dlbtcu.dll
[2010/11/09 08:27:05 | 000,573,440 | ---- | C] () --

C:\WINDOWS\System32\dlbtjswr.dll
[2010/11/09 08:26:57 | 000,405,504 | ---- | C] () --

C:\WINDOWS\System32\dlbtutil.dll
[2010/07/14 21:43:34 | 000,000,056 | -H-- | C] () --

C:\WINDOWS\System32\ezsidmv.dat
[2010/07/14 21:22:30 | 000,090,071 | ---- | C] () --

C:\WINDOWS\System32\lvcoinst.ini
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () --

C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () --

C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () --

C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () --

C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () --

C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/05/25 08:04:02 | 000,000,029 | ---- | C] () --

C:\WINDOWS\atid.ini
[2008/02/28 14:30:08 | 000,462,848 | ---- | C] () --

C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/02/19 23:03:45 | 000,691,545 | ---- | C] () --

C:\WINDOWS\unins000.exe
[2008/02/19 23:03:45 | 000,003,464 | ---- | C] () --

C:\WINDOWS\unins000.dat
[2007/06/30 23:49:27 | 000,049,152 | ---- | C] () --

C:\WINDOWS\amcap.exe
[2007/04/26 13:45:50 | 000,051,304 | ---- | C] () --

C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/18 15:53:36 | 000,001,755 | ---- | C] () -- C:\Documents and

Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/04 14:57:10 | 000,055,808 | ---- | C] () --

C:\WINDOWS\System32\zlib1.dll
[2007/01/03 11:57:53 | 000,003,840 | ---- | C] () --

C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/12/07 22:54:08 | 000,000,002 | ---- | C] () --

C:\WINDOWS\msoffice.ini
[2006/06/17 16:57:53 | 000,007,160 | ---- | C] () --

C:\WINDOWS\mozver.dat
[2006/03/22 17:32:15 | 000,019,968 | ---- | C] () --

C:\WINDOWS\PHCREMOV.EXE
[2006/03/22 17:32:15 | 000,016,384 | R--- | C] () --

C:\WINDOWS\System32\pcl2pdfnt.dll
[2006/03/20 19:24:58 | 000,001,793 | ---- | C] () --

C:\WINDOWS\System32\fxsperf.ini
[2006/02/19 18:35:54 | 000,000,209 | ---- | C] () --

C:\WINDOWS\Brpfx04a.ini
[2006/02/19 18:35:54 | 000,000,092 | ---- | C] () --

C:\WINDOWS\brpcfx.ini
[2006/02/19 18:35:54 | 000,000,052 | ---- | C] () --

C:\WINDOWS\BRPP2KA.INI
[2006/02/19 18:35:54 | 000,000,050 | ---- | C] () --

C:\WINDOWS\System32\BD7220.dat
[2006/02/19 18:35:54 | 000,000,000 | ---- | C] () --

C:\WINDOWS\brwmark.ini
[2006/02/19 18:35:16 | 000,106,496 | ---- | C] () --

C:\WINDOWS\System32\BrMuSNMP.dll
[2006/02/18 17:34:05 | 000,000,039 | ---- | C] () --

C:\WINDOWS\REGPSD20.INI
[2006/02/18 17:33:48 | 000,000,077 | ---- | C] () --

C:\WINDOWS\Viewer.ini
[2006/02/18 17:33:40 | 000,000,454 | ---- | C] () --

C:\WINDOWS\PSDWIN.INI
[2006/02/18 16:50:01 | 000,000,371 | ---- | C] () --

C:\WINDOWS\wmw.ini
[2006/01/18 19:37:22 | 000,000,000 | -H-- | C] () -- C:\Documents and

Settings\Robert\Application Data\L8457789_1
[2006/01/05 18:44:43 | 000,045,056 | ---- | C] () --

C:\WINDOWS\System32\npbdwn32.dll
[2005/10/26 14:59:49 | 000,002,330 | ---- | C] () --

C:\WINDOWS\hpdj5600.ini
[2005/10/09 05:34:09 | 000,000,403 | ---- | C] () --

C:\WINDOWS\musicstr.ini
[2005/10/09 05:28:49 | 000,000,087 | ---- | C] () --

C:\WINDOWS\inst.ini
[2005/10/08 21:00:32 | 000,000,443 | ---- | C] () --

C:\WINDOWS\Musicbox.INI
[2005/10/08 20:04:15 | 000,000,443 | ---- | C] () --

C:\WINDOWS\MUSBOX32.INI
[2005/06/28 19:37:30 | 000,000,662 | ---- | C] () --

C:\WINDOWS\dellstat.ini
[2005/06/28 19:35:03 | 000,176,128 | ---- | C] () --

C:\WINDOWS\System32\dlbtinsb.dll
[2005/06/28 19:35:03 | 000,086,016 | ---- | C] () --

C:\WINDOWS\System32\dlbtcub.dll
[2005/05/30 20:32:30 | 000,003,013 | ---- | C] () --

C:\WINDOWS\System32\ole4lr.dll
[2005/03/22 21:12:52 | 000,184,808 | ---- | C] () -- C:\Documents and

Settings\Robert\Application Data\shb.dat
[2005/02/07 23:46:52 | 000,000,000 | ---- | C] () --

C:\WINDOWS\PezDownload.INI
[2005/02/07 19:45:14 | 000,000,113 | ---- | C] () --

C:\WINDOWS\Picture Easy 3.ini
[2005/02/07 19:45:12 | 000,009,136 | ---- | C] () --

C:\WINDOWS\System32\inetwh16.dll
[2004/12/22 13:34:55 | 000,004,272 | ---- | C] () --

C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/08 22:23:53 | 000,011,776 | ---- | C] () --

C:\WINDOWS\System32\ZPORT4AS.dll
[2004/11/16 20:36:05 | 000,285,216 | ---- | C] () --

C:\WINDOWS\System32\drivers\Onsio.sys
[2004/11/16 20:36:05 | 000,007,680 | ---- | C] () --

C:\WINDOWS\System32\drivers\Onsreged.sys
[2004/08/29 05:04:26 | 000,004,569 | ---- | C] () --

C:\WINDOWS\System32\secupd.dat
[2004/07/02 18:24:15 | 000,795,904 | ---- | C] () --

C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2004/06/04 20:48:34 | 000,000,607 | ---- | C] () --

C:\WINDOWS\EZAudio_trk.INI
[2004/06/04 18:41:03 | 000,010,240 | ---- | C] () --

C:\WINDOWS\System32\vidx16.dll
[2004/06/04 18:39:54 | 000,000,083 | ---- | C] () --

C:\WINDOWS\magix.ini
[2004/05/01 10:13:29 | 000,000,035 | ---- | C] () --

C:\WINDOWS\Ulead32.INI
[2004/04/26 19:54:07 | 000,023,455 | ---- | C] () --

C:\WINDOWS\cdPlayer.ini
[2004/04/18 00:06:07 | 000,001,998 | ---- | C] () --

C:\WINDOWS\tbs_bna.ini
[2004/04/18 00:06:01 | 000,000,038 | ---- | C] () --

C:\WINDOWS\tbs_job.ini
[2004/04/18 00:06:00 | 000,002,665 | ---- | C] () --

C:\WINDOWS\tbs_quiz.ini
[2004/04/18 00:06:00 | 000,001,072 | ---- | C] () --

C:\WINDOWS\tbs_juke.ini
[2004/04/18 00:06:00 | 000,000,034 | ---- | C] () --

C:\WINDOWS\tbs_tbh.ini
[2004/04/18 00:05:59 | 000,001,159 | ---- | C] () --

C:\WINDOWS\tbs_bows.ini
[2004/04/18 00:05:57 | 000,000,744 | ---- | C] () --

C:\WINDOWS\tbs_ss.ini
[2004/04/18 00:05:55 | 000,000,040 | ---- | C] () --

C:\WINDOWS\tbs_menu.ini
[2004/04/17 05:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VM.INI
[2004/04/17 05:23:50 | 000,004,374 | ---- | C] () --

C:\WINDOWS\WORDACE1.INI
[2004/04/17 05:19:02 | 000,000,280 | ---- | C] () --

C:\WINDOWS\EReg196.dat
[2004/04/15 19:56:57 | 000,000,145 | ---- | C] () --

C:\WINDOWS\System32\EBPPORT3.DAT
[2004/04/13 21:03:51 | 000,001,498 | ---- | C] () --

C:\WINDOWS\genviewer.ini
[2004/04/12 06:48:59 | 000,000,059 | ---- | C] () --

C:\WINDOWS\ECCO.INI
[2004/04/10 19:40:37 | 000,000,064 | ---- | C] () --

C:\WINDOWS\QBWCD.INI
[2004/04/10 19:40:36 | 000,006,472 | ---- | C] () --

C:\WINDOWS\Icoadb32.dat
[2004/04/10 15:56:56 | 000,000,067 | ---- | C] () --

C:\WINDOWS\IDMan.INI
[2004/04/09 18:56:01 | 000,000,482 | ---- | C] () --

C:\WINDOWS\SmtBook.INI
[2004/04/08 21:13:45 | 000,007,168 | ---- | C] () --

C:\WINDOWS\SMTB953X.DLL
[2004/04/08 21:13:45 | 000,002,879 | ---- | C] () --

C:\WINDOWS\BOOKS2X.DLL
[2004/04/08 21:13:45 | 000,001,792 | ---- | C] () --

C:\WINDOWS\SMTBK3X.DLL
[2004/04/07 20:51:30 | 000,000,082 | ---- | C] () --

C:\WINDOWS\MPLAYER.INI
[2004/04/07 20:50:48 | 000,338,944 | ---- | C] () --

C:\WINDOWS\System32\lffpx7.dll
[2004/04/07 20:50:48 | 000,122,880 | ---- | C] () --

C:\WINDOWS\System32\LFKODAK.DLL
[2004/04/07 20:42:43 | 000,028,160 | ---- | C] () -- C:\Documents and

Settings\Robert\Local Settings\Application

Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/06 23:16:18 | 000,000,129 | ---- | C] () -- C:\Documents and

Settings\Robert\Local Settings\Application Data\fusioncache.dat
[2004/04/06 22:01:00 | 000,000,092 | ---- | C] () --

C:\WINDOWS\MFPD.INI
[2004/04/06 21:26:30 | 000,000,376 | ---- | C] () --

C:\WINDOWS\ODBC.INI
[2004/04/06 21:11:21 | 000,000,030 | ---- | C] () --

C:\WINDOWS\INTURS.DAT
[2004/04/06 21:08:30 | 000,000,078 | ---- | C] () --

C:\WINDOWS\qwimp.ini
[2004/04/06 21:07:40 | 000,000,165 | ---- | C] () --

C:\WINDOWS\QUICKEN.INI
[2004/04/06 20:49:57 | 000,000,106 | ---- | C] () --

C:\WINDOWS\webica.ini
[2004/04/06 19:18:35 | 000,042,166 | ---- | C] () --

C:\WINDOWS\System32\Datcrt.exe
[2004/04/02 02:41:14 | 000,000,061 | ---- | C] () --

C:\WINDOWS\smscfg.ini
[2004/04/02 02:35:50 | 000,034,864 | ---- | C] () --

C:\WINDOWS\UNWISE.EXE
[2004/04/02 02:32:44 | 000,000,258 | ---- | C] () --

C:\WINDOWS\System32\BDEMERGE.INI
[2004/04/02 02:30:19 | 000,000,335 | ---- | C] () --

C:\WINDOWS\nsreg.dat
[2004/04/02 02:29:37 | 000,000,624 | ---- | C] () --

C:\WINDOWS\wininit.ini
[2004/04/02 02:20:32 | 000,002,048 | --S- | C] () --

C:\WINDOWS\BOOTSTAT.DAT
[2004/04/02 02:19:18 | 000,363,520 | ---- | C] () --

C:\WINDOWS\System32\psisdecd.dll
[2004/04/02 02:18:54 | 000,434,566 | ---- | C] () --

C:\WINDOWS\System32\PERFH009.DAT
[2004/04/02 02:18:54 | 000,068,470 | ---- | C] () --

C:\WINDOWS\System32\PERFC009.DAT
[2004/04/02 02:06:02 | 000,000,550 | ---- | C] () --

C:\WINDOWS\System32\OEMINFO.INI
[2004/01/23 10:05:02 | 000,371,280 | ---- | C] () --

C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/23 10:03:50 | 000,000,791 | ---- | C] () --

C:\WINDOWS\ORUN32.INI
[2003/11/20 14:39:58 | 000,000,000 | ---- | C] () --

C:\WINDOWS\System32\px.ini
[2002/09/03 14:35:18 | 000,004,161 | ---- | C] () --

C:\WINDOWS\ODBCINST.INI
[2002/09/03 14:31:48 | 000,021,640 | ---- | C] () --

C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () --

C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () --

C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () --

C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () --

C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () --

C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () --

C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () --

C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () --

C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () --

C:\WINDOWS\System32\NOISE.DAT
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () --

C:\WINDOWS\System32\pcpbios.exe
[2000/09/14 01:03:00 | 000,000,145 | ---- | C] () --

C:\WINDOWS\System32\EBPPORT.DAT
[1999/08/05 15:07:42 | 000,313,344 | ---- | C] () --

C:\WINDOWS\WF6REMOV.EXE
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () --

C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () --

C:\WINDOWS\System32\sysres.dll
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () --

C:\WINDOWS\System32\e100bmsg.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008/10/18 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Ashampoo
[2008/10/17 19:38:31 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Carbonite
[2011/09/08 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\CheckPoint
[2011/11/04 20:06:15 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Citrix
[2009/11/07 11:13:40 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Kaspersky SDK
[2011/11/30 08:00:45 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\LogMeIn
[2007/11/30 23:08:21 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\MailFrontier
[2007/01/07 19:45:52 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Napster
[2005/04/02 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\NETg
[2004/04/16 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\OLYMPUS
[2010/12/04 11:46:34 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Open Window Software
[2010/03/13 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\SupportSoft
[2007/06/27 22:32:25 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\TEMP
[2011/03/13 08:45:56 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Transparent
[2006/03/19 00:04:38 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Viewpoint
[2007/01/27 22:27:23 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\YAHOO
[2008/01/04 19:42:57 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\YAMAHA
[2010/12/12 04:08:44 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\All Users\Application Data\Yamaha Corporation
[2011/03/13 08:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and

Settings\All Users\Application

Data\{171E062A-F0D3-40F6-9A2F-10C4987C1939}
[2011/03/13 08:47:03 | 000,000,000 | -H-D | M] -- C:\Documents and

Settings\All Users\Application

Data\{AFF419FB-6682-4A74-AA85-F3CE495D0346}
[2006/03/19 00:04:49 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Aim
[2007/05/05 16:12:53 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Anix Software
[2009/11/07 10:44:15 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\CheckPoint
[2004/09/24 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\DMCache
[2011/11/30 16:04:01 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Dropbox
[2010/09/18 19:42:59 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\ElevatedDiagnostics
[2008/05/18 16:52:18 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Flickr
[2004/08/23 18:18:52 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\FTW
[2009/10/02 18:51:18 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\genline
[2011/11/04 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\ICAClient
[2009/07/20 17:28:03 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Image Zone Express
[2007/05/31 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\JAM Software
[2004/04/06 23:03:55 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Leadertech
[2004/10/08 19:55:58 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Learn2.com
[2010/07/12 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\MailFrontier
[2005/09/23 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\MyFamily.com
[2004/04/17 11:53:51 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\MyKey
[2006/04/16 17:08:51 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Ofoto
[2004/04/09 22:09:29 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Qualcomm
[2007/01/04 10:51:22 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\ScanSoft
[2006/04/02 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Serif
[2007/08/12 18:29:31 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Snapfish
[2011/11/28 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Spotify
[2010/07/04 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Thunderbird
[2009/10/25 17:46:02 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\W Photo Studio Viewer
[2007/01/04 15:06:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Robert\Application Data\Xdrive
[2011/11/30 08:08:39 | 000,000,486 | ---- | M] () --

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/30 13:00:31 | 000,000,330 | -H-- | M] () --

C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/30 08:19:35 | 000,000,350 | ---- | M] () --

C:\WINDOWS\Tasks\Windows Codec Update Service.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All

Users\Application Data\TEMP:333B9FFC

< End of report >

Extras.txt:

OTL Extras logfile created on: 11/30/2011 5:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 65.33% Memory free
3.09 Gb Paging File | 2.15 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 40.92 Gb Free Space | 36.63% Space Free | Partition Type: NTFS

Computer Name: JEEVES | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1167940654\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Robert\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03A4FDE6-BEDB-4C54-96D8-A7C5D0CE67AD}" = Identity Finder Enterprise Edition
"{03B7F3F1-5A2C-4FC8-A4C1-AF6FE3F8E9AA}" = Genline FamilyFinder
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{06B8DAD8-2809-475E-BA9D-C34479A0D58A}" = Dell TrueMobile 2300 Control Utility
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{0FE68635-AB17-4548-B631-5C3629CCD19A}" = Microsoft Office Live Meeting 2005 Replay Wrapper
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{178FDCAC-0CC9-433B-8E1C-96251615DCBE}" = Netflix Movie Viewer
"{1EAD84B8-0075-432A-BFFF-B197581265AF}" = Transparent Language System
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine for Microtek
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{490082D5-9BCF-11D5-8EC3-00D0B75DD247}" = DataFlow
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EA24DA8-F398-42C7-8CDC-39273493C514}" = MicScope
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62CB99B1-532B-40CC-8C14-3049473CB941}" = Synapse Workstation
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73108923-1D58-4C00-8E22-D71D98D0E0B4}" = ABF Outlook Express Backup
"{7426CE93-9C84-4EB0-A143-3ADDF9CC02FB}" = The Music Box - A Personal Ear Trainer 3.0
"{74B0050D-709E-4BD4-A5F4-5A7819F324FA}" = Turtle Beach USB MIDI 1x1
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{81929079-8CA2-4378-BCAA-620C666BF531}" = Scheduler
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{856D4888-3B48-4D0C-99D4-39AA7CF9DB2E}" = HP Photosmart Essential
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4004E8B-6A95-4FA4-AA05-731FC6510474}" = Family Tree Maker 2005
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B40902A8-9A11-4FB5-8445-68075A504943}" = Yamaha's Digital Music Notebook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43B2355-E258-4C28-8A36-48E521862673}" = New York Times - Times Reader
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE7C3758-7CAF-4F1D-8F84-F4F09CFCC26C}" = Flishr
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48BE6D9-D8D4-434C-A199-7226A19FEA54}" = QuickLink Desktop
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}" = Family Tree Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Pictures" = AOL Pictures Tools (version 10.6.0.6)
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"AudibleManager" = AudibleManager
"Belarc Advisor" = Belarc Advisor 8.1
"Birds of North America V2.5" = Birds of North America V2.5
"Byki Standard" = Byki Standard
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Carbonite Backup" = Carbonite
"Citrix ICA Client" = Citrix ICA Client
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSCLIB" = Canon Camera Support Core Library
"DBXanalyzer" = DBXanalyzer
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"ECCO Pro" = NetManage ECCO Pro
"Ecco Spell" = Ecco Spell
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ExModule_is1" = ExModule 1.0
"Family Tree Maker 2010" = Family Tree Maker 2010
"Family Tree Maker 2011" = Family Tree Maker 2011
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"GenSmarts_is1" = GenSmarts
"GENViewer_is1" = GENViewer version 1.21
"HP Photo Printing Software" = HP Photo Printing Software
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"KGFs Databas 2004" = KGFs Databas 2004
"LanguageNow!" = LanguageNow!
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Medicos" = Medicos
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MightyFax" = MightyFax
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MySlideShow2_is1" = MySlideShow 2.7.5
"MyThumbs_is1" = MyThumbnails Pro 1.9
"Ninotech Path Copy" = Ninotech Path Copy 4.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OLYMPUS CAMEDIA Master 1.11" = OLYMPUS CAMEDIA Master 1.11
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"PicasaNet" = Hello (remove only)
"Picture Easy 3.0" = Picture Easy 3.1
"PicViewer_is1" = PicViewer 2.74
"PingPlotter" = PingPlotter
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickStitch" = QuickStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealOne Player
"Registry Mechanic_is1" = Registry Mechanic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"Shutterfly Plugin" = Shutterfly Plugin
"Sony´s EZ Audio (TM) Transfer & Restoration Kit" = Sony´s EZ Audio (TM) Transfer & Restoration Kit
"SP6" = Logitech SetPoint 6.15
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Swat It v2.1" = Swat It v2.1
"SysInfo" = Creative System Information
"Tolken99 v4.2" = Tolken99 v4.2
"Transparent Language System" = Transparent Language System
"TreeSize Professional_is1" = TreeSize Professional 4.3.2
"Tweak UI 2.10" = Tweak UI
"Video ToolBox_is1" = Video ToolBox
"VideoGen_is1" = MySlideShow Video Generator Plug-in 2.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"Vocabulary Master" = Vocabulary Master
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit]
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Win-Family 6.0" = Win-Family 6.0
"WinFlash Educator v10_is1" = WinFlash Educator v10
"WinFlash Educator v11_is1" = WinFlash Educator v11
"WinFlash Educator_is1" = WinFlash Educator 10.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Spotify" = Spotify

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/21/2011 8:53:19 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 10/22/2011 7:17:34 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.

Error - 10/22/2011 7:20:09 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.

Error - 10/22/2011 7:20:19 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03749136.

Error - 10/24/2011 8:27:49 AM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.

Error - 10/25/2011 8:53:30 PM | Computer Name = JEEVES | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 10/26/2011 9:01:20 AM | Computer Name = JEEVES | Source = Application Hang | ID = 1002
Description = Hanging application spotify.exe, version 0.6.2.243, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/28/2011 8:08:35 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x038e9136.

Error - 10/28/2011 8:16:18 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x037e9136.

Error - 10/28/2011 8:21:11 PM | Computer Name = JEEVES | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x038e9136.

[ SLEvtLog Events ]
Error - 1/15/2007 3:28:16 PM | Computer Name = JEEVES | Source = SLSource | ID = 0
Description =

Error - 1/27/2007 6:01:55 AM | Computer Name = JEEVES | Source = SLSource | ID = 0
Description =

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

bobonridge · December 1, 2011

Additional info/question: I saw a suggestion to run Ad-Aware in Safe Mode: but when I try that I get the message "Unable to connect to service" and the program never starts. I unchecked the options for automatically checking for updates, etc and the same thing happens.
--

CeciliaB · December 1, 2011

Hi bobonridge,

Please, tell us which file that Ad-Aware does not like and in which folder it is located. Note that PUP in the name stands for "Potentially Unwanted Program".

This toolbar in Firefox is not recommended and should be uninstalled. See comments on http://www.mywot.com/en/scorecard/zugo.com
[2011/04/23 15:35:00 | 000,000,000 | ---D | M] (Search Toolbar) --
C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\gbieqipb.default\extensions\[email protected]

Read about "ZoneAlarm Toolbar" on http://www.systemlookup.com/CLSID/71489-tbZone_dll_tbZon0_dll_tbZon1_dll_tbZon2_dll_prxtbZone_dll_prxtbZon0_dll_prxtbZon1_dll_prxtbZon2_dll.html

J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
are very old Java versions with a lot of vulnerabilities, which makes it easy to infect the computer.

bobonridge · December 2, 2011

Copied from the log file:

Logfile created: 11/29/2011 05:44:20
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Robert

*********************** Definitions database information ***********************
Lavasoft definition file: 150.631
Genotype definition file version: 2011/10/12 12:14:17
Extended engine definition file: 11173.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 217410
Objects detected: 1

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0

[b]Skipped items:[/b]
[b]Description: c:\documents and settings\robert\my documents\downloads\ilividsetupv1.exe Family Name: Win32.PUP.Bandoo[800] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 4013134a2420f46ffc63bfbe31bea0ac[/b]

CeciliaB · December 2, 2011

The file is listed under the header "Skipped items". Have you told Ad-Aware to ignore the file?
Can you delete the file yourself (if you want to delete it)?

Bando Media get rather bad remarks according to [url="http://www.mywot.com/en/scorecard/bandoo.com"]http://www.mywot.com...card/bandoo.com[/url]

If you want Lavasoft to investigate if it really is a possible unwanted program or if it is a false positive, please provide a download link to the file.

CeciliaB · January 10, 2012

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Sign In

Welcome to adaware forum

Announcements

Support for other products than adaware, ad block, web protection and Web Companion 05/05/2017

can't remove win32.pup.bandoo(800)

6 posts in this topic

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Browse

Activity