Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked my email

Started by Farm , May 15 2011 12:14 PM

  • This topic is locked This topic is locked

#1
Farm
Posted 15 May 2011 - 12:14 PM

Farm

    New Member

  • Member
  • Pip
  • 2 posts
Something is going on with my home computer. I am pretty sure that it started trying to load something after my wife opened an email from a friend and clicked a link a couple of weeks ago. Apparently the friend's email had been hijacked. Anyway I started getting messages from firefox that something was trying to update unsuccessfully. I ran my usual almost daily scans (Avast, malwarebytes, superantispyware) but nothing ever turned up. And the computer otherwise seemed to be working fine. I decided to try to do a system restore to back it up as far as i could, but this was unsuccessful last night, even in safe mode. Early this am my email account sent out emails to all in my address book so obviously something is very wrong. Still have not been able to find anything on boottime and safe mode scans. Bit defender also found nothing.

Pasted below are the two oldtimer logs (OTL.Txt and Extras.Txt). Thanks for your time and help!

OTL logfile created on: 5/15/2011 12:51:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Farm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 33.85 Gb Free Space | 15.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.33 Gb Free Space | 63.27% Space Free | Partition Type: NTFS

Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 12:50:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Downloads\OTL.exe
PRC - [2011/04/18 12:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/01 11:25:58 | 002,228,536 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/10 10:12:31 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 12:50:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Farm\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/02 23:16:58 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/02 23:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/02 23:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/02/02 23:54:34 | 005,313,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/02/02 22:23:42 | 000,150,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/01/28 09:33:28 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/04/14 03:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/08/14 03:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4070718

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jacksonfreepress.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.c...p?hl=en&tab=wn"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/17 20:10:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/21 14:25:57 | 000,000,000 | ---D | M]

[2010/08/11 00:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\Mozilla\Extensions
[2011/05/15 00:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions
[2010/04/26 23:12:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/06 22:25:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(139)
[2010/06/12 18:41:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(147)
[2009/08/12 12:41:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(297)
[2010/08/10 09:47:49 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(42)
[2011/05/15 00:29:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/13 07:45:40 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\izer@camelcamelcamel(138).com
[2010/08/10 09:47:50 | 000,000,000 | ---D | M] (The Camelizer) -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\izer@camelcamelcamel(41).com
[2007/11/20 09:08:49 | 000,000,000 | ---D | M] ("Keepcash Coupon Toolbar") -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\extensions\[email protected]
[2009/05/31 09:32:20 | 000,002,749 | ---- | M] () -- C:\Users\Farm\AppData\Roaming\Mozilla\Firefox\Profiles\mli4hrsy.default\searchplugins\cuil.xml
[2011/04/17 20:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/05 11:09:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/16 00:09:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/11 08:20:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 20:46:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/28 05:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 08:48:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/11/17 19:45:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\FARM\APPDATA\ROAMING\MOVE NETWORKS
() (No name found) -- C:\USERS\FARM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MLI4HRSY.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI
() (No name found) -- C:\USERS\FARM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MLI4HRSY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FARM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MLI4HRSY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\FARM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MLI4HRSY.DEFAULT\EXTENSIONS\[email protected]
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 17:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2007/10/30 09:58:05 | 000,206,667 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7271 more lines...
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SetupWizard] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Farm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} https://portal.stdom...aredSession.dll (SharedSessionService Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} https://pacsweb.stdo...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa07)
O16 - DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} https://pacsweb.stdo...l/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa05)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} https://pacsweb.stdo...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa05)
O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://portal.stdom...s/mckapprun.cab (McKesson Application Launcher Control)
O16 - DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_09)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC14485E-0024-4B92-8063-CABBD66F9688} https://portal.stdom...p/LaunchHCS.ocx (LaunchHCS Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} https://portal.stdom...s/mckntauth.ocx (Mckntauth Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Farm\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Farm\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\Farm\AppData\Roaming\QuickScan
[2011/04/21 14:30:52 | 000,000,000 | ---D | C] -- C:\Users\Farm\Desktop\Lakeside

========== Files - Modified Within 30 Days ==========

[2011/05/15 12:26:18 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/15 12:26:18 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/15 09:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 08:58:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 08:58:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 08:53:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B13FB83C-9FC0-4913-927E-0EE395CDEE53}.job
[2011/05/15 08:48:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 00:19:02 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 08:22:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/22 00:25:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/04/21 16:39:22 | 000,012,288 | ---- | M] () -- C:\Users\Farm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 14:25:57 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/18 12:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 12:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/18 08:49:36 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/18 03:28:47 | 000,330,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/17 20:10:48 | 000,000,872 | ---- | M] () -- C:\Users\Farm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/17 20:10:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/17 17:18:39 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

========== Files Created - No Company Name ==========

[2011/04/21 14:25:57 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/21 14:25:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/17 20:10:48 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/07/08 17:33:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/08 17:27:21 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/14 08:02:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/07 23:23:40 | 000,000,016 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\jdzarn.dat
[2010/02/02 22:22:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/04 16:17:18 | 000,198,341 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/09/24 00:55:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 00:55:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/18 13:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 16:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/09/20 07:27:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/12/15 12:29:57 | 000,017,396 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2007/08/05 09:37:34 | 000,024,064 | ---- | C] () -- C:\Users\Farm\AppData\Roaming\UserTile.png
[2007/08/01 09:29:48 | 000,000,488 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/07/28 21:54:10 | 000,002,272 | ---- | C] () -- C:\Windows\dhstatus.dat
[2007/07/28 21:21:04 | 000,002,065 | ---- | C] () -- C:\Windows\checkip.dat
[2007/07/28 09:42:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/28 01:34:54 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/07/28 01:34:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/07/27 18:15:00 | 000,012,288 | ---- | C] () -- C:\Users\Farm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 04:23:44 | 000,001,356 | ---- | C] () -- C:\Users\Farm\AppData\Local\d3d9caps.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,330,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/10/01 22:58:30 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Amazon
[2011/01/20 22:58:00 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/04/01 21:28:06 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Facebook
[2009/11/05 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\Netscape
[2011/05/15 08:28:28 | 000,000,000 | ---D | M] -- C:\Users\Farm\AppData\Roaming\QuickScan
[2011/04/22 00:25:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/05/15 08:58:37 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/15 08:53:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B13FB83C-9FC0-4913-927E-0EE395CDEE53}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 5/15/2011 12:51:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Farm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 33.85 Gb Free Space | 15.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.33 Gb Free Space | 63.27% Space Free | Partition Type: NTFS

Computer Name: FARM-PC | User Name: Farm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFB8196D-739F-4842-A9E8-C57A2E1A7F06}" = lport=4662 | protocol=6 | dir=in | name=edonk |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F10EB1-566A-491A-A4B9-740CF2369FC6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{48975618-DC12-4107-90A1-83EF515322F7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{7C594DBB-99D2-4FFB-9A07-A7269898A5C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{896B7A49-BB05-4808-9F9D-6C73F57D8325}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8D9F5E96-0EC7-49CF-914E-0FB4CD5CAD38}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{CFD7F723-738D-49C7-A8BA-4F449A1CFAD9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{EC21B1B3-96EE-441C-ABC8-F2BB4706BD18}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{EDCB1D4C-F703-4EB3-A873-A921597A0F93}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{EFF5BA91-2EDB-42FF-BE28-BA2C75557CD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{3AB0615D-1123-4E6A-99D6-649AAE7497BE}C:\program files\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe |
"TCP Query User{5A50FA75-4356-4198-B0B0-FFA7DBCBC847}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8445164A-00C7-46F5-A2BB-CDD77BD6CE64}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8E65A579-B844-4857-9D6F-4251A0F2C736}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F3844E8F-7E54-4D23-80A6-6036360CA4F6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5C83425F-8A48-49C5-97BD-4D17738EA8FF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6E8932CE-BD35-4D41-8D94-8066934F537A}C:\program files\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe |
"UDP Query User{B144F62A-1128-419A-8D3E-13EBD1D8CF7E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B88A62EF-669D-42FD-934F-C8D35EA5E8A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BFA68679-7B6C-4202-85E8-023C08AA4CB9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13453DAA-8424-4B9C-844F-FC44C621F9E3}" = OLYMPUS Master 2
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE9594B-E51F-9845-0466-C0D1D915FBB5}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7148F0A8-6813-11D6-A77B-00B0D0142090}" = Java 2 Runtime Environment, SE v1.4.2_09
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BEAED2F4-04C7-95C4-7D8F-500EFE6CD1F9}" = ccc-core-static
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DraftDominator_is1" = DraftDominator Version 11.0i
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monitors Matter CheckScreen 1.2" = Monitors Matter CheckScreen 1.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Printing Guide" = Canon Personal Printing Guide
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shutterfly Plugin" = Shutterfly Plugin
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SystemRequirementsLab" = System Requirements Lab
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.452
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/30/2008 3:26:59 PM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 3/31/2008 1:58:07 PM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/3/2008 5:45:43 PM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/7/2008 12:16:44 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/7/2008 9:17:54 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/7/2008 9:21:10 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/23/2008 8:27:56 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 5/7/2008 8:48:47 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 7/16/2008 9:55:51 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

Error - 4/29/2009 8:30:42 AM | Computer Name = Farm-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/9/2011 11:04:12 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:12 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:12 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:12 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:13 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:13 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:13 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/9/2011 11:04:13 AM | Computer Name = Farm-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/10/2011 11:43:58 PM | Computer Name = Farm-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/10/2011 11:43:58 PM | Computer Name = Farm-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 6/7/2008 5:17:30 PM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 10:17:21 AM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/6/2009 3:30:58 AM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:25:18 PM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:00:43 PM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/22/2010 4:34:19 PM | Computer Name = Farm-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/30/2009 4:29:19 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/30/2009 4:29:30 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/30/2009 4:29:42 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/30/2009 4:29:52 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/30/2009 4:30:02 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/30/2009 4:30:11 PM | Computer Name = Farm-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/31/2009 11:02:11 AM | Computer Name = Farm-PC | Source = HTTP | ID = 15016
Description =

Error - 7/31/2009 11:04:13 AM | Computer Name = Farm-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.63.422.0 Loading engine version: 1.1.4903.0

Error - 8/1/2009 11:15:44 PM | Computer Name = Farm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:37:47 PM on 7/31/2009 was unexpected.

Error - 8/2/2009 3:06:36 PM | Computer Name = Farm-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:19:24 PM on 8/1/2009 was unexpected.


< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 21 May 2011 - 06:16 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
It appears you are currently being assisted here.

Please do not post multiple requests for assistance in various forums, receiving help from more than one source simultaneously would undoubtedly lead to disaster.

This topic is now closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP