I didnd't see incognitosleep.com just now when opening browser. Will check on reboot.
OTL Extras logfile created on: 1/20/2011 10:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
Drive F: | 15.59 Mb Total Space | 9.25 Mb Free Space | 59.32% Space Free | Partition Type: FAT
Computer Name: RAAV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:EarthLink TotalAccess
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe" = C:\Documents and Settings\Owner\Desktop\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client
"C:\Documents and Settings\Owner\Desktop\WinSCP.exe" = C:\Documents and Settings\Owner\Desktop\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7814358B-1284-4305-AE5A-6667DBDF4771}" = ArcSoft WebCam Companion 2
"{812FF41B-6870-2964-2572-379477CEDA97}" = easy gadget
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}" = BCL easyPDF Printer Driver 5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BFF829B6-B433-42CE-9A19-E459D3E4E483}" = My.Freeze.com NetAssistant
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAFE753E-426C-41C9-826B-5396CC377FFC}" = BCL easyConverter Desktop 1.0
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = HoldAIM Toolbar
"AnyDVD" = AnyDVD
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = HoldAcrobat.com
"com.brighthouse.air.gadget.D76A18CCA16817C56F836CA64BA57EFAC2361D0A.1" = easy gadget
"Dell_HostCD" = Dell Printer Software Uninstall
"EarthLinkMailClient" = EarthLink MailBox
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow
"FileZilla Client" = FileZilla Client 3.2.4.1
"GoldWave v5.55" = GoldWave v5.55
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PHP Generator for MySQL_is1" = PHP Generator for MySQL 7.10
"SmartInstaller" = Smart Installer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"My.Freeze.com NetAssistant" = My.Freeze.com NetAssistant for Firefox
"Stamps.com" = Stamps.com
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 12/25/2010 6:53:38 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 12/25/2010 7:08:44 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 12/25/2010 7:36:14 PM | Computer Name = RAAV | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 2.1.6805.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 12/25/2010 8:30:50 PM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 12/26/2010 10:40:25 AM | Computer Name = RAAV | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 12/26/2010 10:40:25 AM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 12/26/2010 11:37:51 AM | Computer Name = RAAV | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 1/2/2011 9:19:01 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.3.2.100, faulting
module convertxtodvd.exe, version 3.3.2.100, fault address 0x0042c71d.
Error - 1/2/2011 9:29:23 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application convertxtodvd.exe, version 3.3.2.100, faulting
module convertxtodvd.exe, version 3.3.2.100, fault address 0x0042c71d.
Error - 1/13/2011 3:33:07 PM | Computer Name = RAAV | Source = Application Error | ID = 1000
Description = Faulting application handysnap.exe, version 0.5.0.3, faulting module
handysnap.exe, version 0.5.0.3, fault address 0x00012170.
[ System Events ]
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The AST Service service terminated unexpectedly. It has done this
1 time(s).
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/19/2011 10:46:56 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 1/19/2011 10:46:57 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 1/19/2011 10:56:18 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3
Error - 1/20/2011 10:02:20 AM | Computer Name = RAAV | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%3
< End of report >
OTL logfile created on: 1/20/2011 10:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 122.72 Gb Free Space | 52.70% Space Free | Partition Type: NTFS
Drive F: | 15.59 Mb Total Space | 9.25 Mb Free Space | 59.32% Space Free | Partition Type: FAT
Computer Name: RAAV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/12/17 12:38:43 | 004,763,256 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/09 14:53:39 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/09 14:53:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 14:08:03 | 000,142,336 | ---- | M] () -- C:\Program Files\easy gadget\easy gadget.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/06/11 09:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) -- C:\WINDOWS\system32\AstSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/03 16:48:02 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/05 10:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 09:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2006/09/11 03:40:34 | 000,086,960 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
========== Modules (SafeList) ========== MOD - [2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/04 13:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (GoToMyPC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/20 10:47:47 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/24 01:48:09 | 001,097,096 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/04/19 21:24:49 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/06/11 09:28:14 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Running] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
========== Driver Services (SafeList) ========== DRV - [2010/12/16 17:57:57 | 000,031,088 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/12/01 14:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/01 01:07:38 | 000,206,256 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/19 21:24:49 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/04/19 21:24:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/04/19 21:24:47 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 11:36:04 | 000,064,392 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/09/26 09:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 ED 1D 2F 17 B7 CB 01 [binary data]
IE - HKU\S-1-5-21-484763869-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001}:1.0
FF - prefs.js..extensions.enabledItems:
engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid=#netassistant_id#&Version=#netassistant_version#&Vintage=20100519&Defaultbrowserid=15&Productid=1704&Vendorid=3852&Offerid=6680&searchterm="
FF - user.js..browser.startup.homepage: "http://flyingincognitosleep.com/cgi-bin/h.pl" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:42:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 18:27:39 | 000,000,000 | ---D | M]
[2009/04/27 17:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/01/19 10:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions
[2009/09/03 13:57:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 15:13:35 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/04/22 09:51:16 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/12/19 09:26:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2009/09/26 15:34:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/19 09:26:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\engine@conduit.com
[2009/08/28 09:44:40 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mw5qncih.default\extensions\firebug@software.joehewitt.com
[2011/01/19 10:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 18:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/02 07:13:11 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
[2011/01/18 18:27:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/18 18:27:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2011/01/20 22:19:43 | 000,623,385 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1
http://www.accuserveadsystem.comO1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1
http://www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1
http://www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16473 more lines...
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-484763869-1500820517-725345543-1003..\Run: [msnmsgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 9602116875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/17 15:47:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98e05ef0-8504-11dd-b1e4-000f1fe1fe60}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell - "" = AutoRun
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a696ab98-109a-11de-b30a-000f1fe1fe60}\Shell\AutoRun\command - "" = E:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/01/20 22:21:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/20 09:52:33 | 000,356,352 | ---- | C] (funkytoad.com) -- C:\Documents and Settings\Owner\Desktop\HostsXpert.exe
[2011/01/19 20:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2011/01/19 10:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/19 10:13:07 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/19 10:07:13 | 001,349,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/01/19 09:34:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/18 18:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/18 18:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/18 18:27:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 18:27:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 18:27:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 18:27:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/18 18:27:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/18 18:18:46 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u23-windows-i586.exe
[2011/01/18 11:31:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/01/17 13:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/01/17 13:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/17 13:21:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/17 13:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/17 13:21:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/17 13:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/13 12:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVMARCH11
[2011/01/10 09:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Open Air Cinema
[2011/01/06 12:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Projector Doctor
[2011/01/03 12:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2011/01/02 20:56:50 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/12/29 11:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVAPRIL11
[2010/12/27 08:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVSEPT11
[2010/12/27 08:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVAUG11
[2010/12/27 08:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RAAVJUNE11
[2010/12/25 18:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2010/12/25 18:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/12/25 18:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Dell Inc
[2010/12/25 18:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\203E
[2010/12/25 18:17:55 | 000,802,820 | ---- | C] (NEC Corporation) -- C:\Documents and Settings\Owner\My Documents\NECND6500A_V203E.exe
[2010/12/25 18:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2010/12/24 16:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentBar
[2008/12/22 07:10:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[13 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/01/20 22:21:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/01/20 22:19:43 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.ini
[2011/01/20 22:15:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/01/20 15:50:12 | 000,659,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RAAV11.mdb
[2011/01/20 14:23:52 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/01/20 09:06:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/20 09:01:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/19 20:36:14 | 000,010,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hijackthis2
[2011/01/19 20:27:03 | 000,095,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\malwareremoval.JPG
[2011/01/19 20:25:33 | 000,000,880 | ---- | M] () -- C:\WINDOWS\HandySnap.INI
[2011/01/19 10:10:47 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2011/01/19 10:07:27 | 001,349,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/01/19 09:34:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2011/01/18 18:27:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 18:27:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 18:27:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 18:27:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/18 18:27:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/18 18:18:59 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u23-windows-i586.exe
[2011/01/18 11:32:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/01/18 11:15:51 | 000,719,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/17 13:21:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/17 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/16 11:42:26 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 16:22:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/14 11:55:23 | 000,032,997 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cream.JPG
[2011/01/09 15:31:36 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/01/06 20:25:19 | 000,659,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RAAV10.mdb
[2011/01/04 13:08:40 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2011/01/02 20:57:12 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2011/01/02 20:57:12 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/28 10:11:59 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/12/26 10:50:28 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/26 10:49:52 | 000,436,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/26 10:49:52 | 000,068,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/26 10:49:36 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/12/25 18:17:18 | 000,357,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\203E.zip
[2010/12/25 17:43:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/12/23 10:41:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[13 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/01/20 22:19:43 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.ini
[2011/01/19 20:36:14 | 000,010,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hijackthis2
[2011/01/19 20:25:33 | 000,095,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\malwareremoval.JPG
[2011/01/19 10:10:42 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2011/01/18 11:15:46 | 000,719,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/01/17 13:21:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 11:55:23 | 000,032,997 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cream.JPG
[2011/01/02 20:57:12 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ConvertXtoDVD 4.lnk
[2011/01/02 20:57:12 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/12/27 08:20:51 | 000,659,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RAAV11.mdb
[2010/12/25 18:17:16 | 000,357,724 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\203E.zip
[2010/06/13 20:52:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/06/13 20:52:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/06/13 12:04:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2010/06/13 11:55:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\EPSONRX600.ini
[2010/05/06 16:48:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/20 08:23:05 | 000,025,340 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2010/04/19 20:32:16 | 000,007,735 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).EML
[2010/04/19 12:49:14 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\xobni_installer_updater.log
[2010/02/26 12:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wfxmacro.INI
[2009/10/22 08:45:12 | 002,014,268 | ---- | C] () -- C:\Program Files\FileZilla_3.2.8.1_win32-setup.exe
[2009/10/15 12:07:48 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2009/03/15 09:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\monFDE.log
[2009/02/23 16:03:03 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/01/19 11:34:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2008/12/22 07:11:10 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2008/12/22 07:10:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2008/12/22 07:10:50 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2008/12/22 07:10:50 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2008/12/22 07:10:50 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2008/10/13 06:59:43 | 000,000,880 | ---- | C] () -- C:\WINDOWS\HandySnap.INI
[2008/10/01 13:35:53 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/09/29 08:30:48 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/09/18 07:06:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/09/17 23:05:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/09/17 21:55:59 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/17 21:55:58 | 000,000,350 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/17 20:10:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/17 20:10:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/09/17 17:30:40 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/17 17:14:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2008/09/17 11:32:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ========== [2009/02/02 10:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/12/12 01:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/28 14:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/19 11:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2009/05/25 11:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/25 13:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2010/12/15 13:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mEbNb06302
[2009/05/22 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/10/01 13:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/25 23:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/02 10:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/17 17:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/12/22 16:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/11 12:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/07 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/02 10:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/12/12 01:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Afkor
[2010/12/19 09:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/12/12 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cayron
[2008/09/17 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/14 11:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\deskUNPDF
[2009/03/16 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DevelCor
[2009/05/23 07:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/04/28 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Earthlink
[2009/02/16 10:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2011/01/19 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/12/15 09:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Igpel
[2008/09/18 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/12/11 12:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kicoin
[2008/09/17 21:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/05/06 16:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My.Freeze.com NetAssistant
[2010/12/12 07:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Piyson
[2011/01/18 08:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/02/12 14:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2010/06/13 21:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel
[2009/06/02 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPAMfighter
[2009/12/18 09:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2010/12/15 09:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ucfiq
[2009/12/04 14:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UDC Profiles
[2009/04/07 14:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uniblue
[2011/01/18 09:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/09/29 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uzehqe
[2011/01/09 15:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/10/30 16:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ypdour
[2011/01/20 09:06:59 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/20 22:15:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/01/17 00:33:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Program Files\SlySoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\My Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\VDPPROMO:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\RAAVWEB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\faxsend:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\DIXLOGO:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\DIXIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Owner\Desktop\CONTRACTS:Roxio EMC Stream
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:1ED49CE6F6EF3009
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >