Inactive Using Firefox or IE if open Google, get redirect to Google.com.br

Broni · Apr 1, 2011

Reopened............

NutnFunny · Apr 4, 2011

Hey Broni,
out of town, but still redirecting google to google.com.br.
opened an email employment response, virus ware did not pick up on email or pc.
open to suggestions

Broni · Apr 4, 2011

Have you had a chance to call your ISP?

NutnFunny · Apr 4, 2011

Yes, stated they would check and repair or give me a new ip if required. Same ip.
I have not yet checked the Sprint wireless modem to see if that will relieve issue.

Broni · Apr 4, 2011

Well, call them back and see, if anything has been done.

I want you to try one more thing...

Please, follow this instructions in attempt to fix the issue: https://store.opendns.com/setup/router/
Once you set your new DNS settings reboot your computer.
Then go to http://opendns.com/welcome/ to see if it is working. If you see a checkmark then you switched to OpenDNS.

FiOS (Fiber Optic) go here: http://www22.verizon.com/ResidentialHelp/HighSpeed/Troubleshooting/Network/QuestionsOne/99031.htm

NutnFunny · Apr 5, 2011

Broni,
did the Open DNS, flush dns etc., no luck still a redirect on Google.
ISP is same ip, no change.

did notice on google at address bar: about:home

Broni · Apr 5, 2011

Which browser are we talking about here?

NutnFunny · Apr 5, 2011

firefox 4.0

Broni · Apr 5, 2011

I suggest, you completely uninstall FF, following all steps listed here (to the dot): http://kb.mozillazine.org/Uninstalling_Firefox and you install fresh copy.

NutnFunny · Apr 5, 2011

Removed Firefox 4.0
Rebooted PC
Uploaded Firefox 4.0 and installed
Did not import bookmarks
Did not make Default Browser

Still Google.com.br
wow i should have been a hacker.

NutnFunny · Apr 5, 2011

my original HOST FILE is not the same:
Here is the current:

127.0.0.1 localhost

Thats it.

NutnFunny · Apr 5, 2011

Loopback, me.... ???

Broni · Apr 6, 2011

Hosts file is correct.

Download FoxScan from HERE

Double click on FoxScan.exe to start the scan.
DOS-like window will pop-up.
Press 2 for English. Press Enter.
Be patient. It'll take few minutes.
When the tool is done, it'll display:

Search completed.
Press any key to coninue...

Press any key.
Notepad window titled Rapport-FS.txt will open.
Save the file to known location, and attach it to your next reply.

NutnFunny · Apr 6, 2011

FoxScan loaded, selected 2, States:
Version denied.

Also cannot access yahoo mail now.

NutnFunny · Apr 6, 2011

Disconnected from ISP, using mobile modem no redirect, on google and can easily load yahoo, yahoo mail.

FoxScan still not working here is actual text:

Microsoft WIndows [Version 6.0 6002]
Access is denied.
Searching...

Broni · Apr 6, 2011

Download fresh copy of OTL and post "Quick scan" results.

NutnFunny · Apr 6, 2011

OTL logfile created on: 4/6/2011 6:02:38 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\admin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 348.65 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe

========== Modules (SafeList) ==========

MOD - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/11/24 22:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/26 13:08:34 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/27 11:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2007/06/27 11:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2007/08/10 12:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 22:26:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 21:26:23 | 000,000,000 | ---D | M]

[2011/04/05 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2011/04/05 22:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/18 18:41:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/05 19:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/24 03:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/31 21:48:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [WorkForce 630(Network)] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253/SysCamInst.cab (AudioClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 76.239.149.89 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
O24 - Desktop BackupWallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 12:20:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011/04/05 20:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/04/05 20:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/03/31 22:09:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/31 21:40:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/31 21:40:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/31 21:40:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/31 21:40:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/31 21:40:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/20 17:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/03/20 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/03/20 17:09:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
[2011/03/20 17:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/03/20 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/03/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InstallShield
[2011/03/20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/03/20 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/03/20 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/03/20 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Linksys_LLC_-_A_Division_

========== Files - Modified Within 30 Days ==========

[2011/04/06 17:41:34 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/06 17:41:34 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/06 17:41:34 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 17:35:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 10:19:03 | 000,209,515 | ---- | M] () -- C:\Users\admin\Desktop\img009.pdf
[2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
[2011/04/05 22:26:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/05 20:45:58 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
[2011/04/05 20:32:14 | 000,153,431 | ---- | M] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
[2011/04/05 20:26:49 | 000,000,079 | ---- | M] () -- C:\Windows\EWF630.ini
[2011/04/05 20:21:21 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/04/05 19:44:25 | 000,144,857 | ---- | M] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
[2011/04/03 18:42:16 | 001,108,923 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.jpg
[2011/04/03 18:42:01 | 000,122,059 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.sdr
[2011/03/31 21:48:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
[2011/03/30 11:46:50 | 000,001,750 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
[2011/03/28 19:14:41 | 046,923,031 | ---- | M] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
[2011/03/27 04:37:11 | 000,032,768 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 09:10:34 | 000,345,514 | ---- | M] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
[2011/03/08 22:04:09 | 000,002,341 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/08 19:32:08 | 005,621,314 | ---- | M] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip

========== Files Created - No Company Name ==========

[2011/04/06 10:35:24 | 000,112,998 | ---- | C] () -- C:\Users\admin\Desktop\FoxScan.exe
[2011/04/06 10:19:49 | 000,209,515 | ---- | C] () -- C:\Users\admin\Desktop\img009.pdf
[2011/04/05 22:26:18 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/05 20:32:14 | 000,153,431 | ---- | C] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
[2011/04/05 20:21:21 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/04/05 19:44:25 | 000,144,857 | ---- | C] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
[2011/04/03 18:34:28 | 001,108,923 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.jpg
[2011/04/02 18:41:47 | 000,122,059 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.sdr
[2011/03/31 21:40:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 21:40:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 21:40:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 21:40:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 21:40:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:40:06 | 004,310,832 | R--- | C] () -- C:\Users\admin\Desktop\ComboFix.exe
[2011/03/28 19:14:20 | 046,923,031 | ---- | C] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
[2011/03/20 17:15:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
[2011/03/20 17:07:19 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/20 17:07:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/20 17:07:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/20 17:07:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/20 17:07:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/20 17:07:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/20 17:07:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/20 17:07:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/20 17:07:18 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011/03/20 17:07:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011/03/20 17:07:18 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011/03/20 17:07:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/20 17:07:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/20 17:07:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/20 17:06:11 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\epson.sep
[2011/03/20 17:04:11 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
[2011/03/18 09:10:33 | 000,345,514 | ---- | C] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
[2011/03/08 19:32:04 | 005,621,314 | ---- | C] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip
[2011/01/18 18:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/19 21:27:10 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/07/13 21:13:45 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/13 21:13:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/07/13 21:13:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/20 20:26:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/02/20 20:26:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2009/12/28 18:48:48 | 000,023,888 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
[2009/08/09 21:47:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2009/08/07 16:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/07 16:40:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/07 16:40:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/08 08:37:36 | 000,002,880 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
[2009/05/19 23:56:34 | 000,032,768 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 21:59:34 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2009/05/17 18:36:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/15 05:25:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/15 04:56:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/04/15 01:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/10 12:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

NutnFunny · Apr 6, 2011

========== LOP Check ==========

[2011/03/31 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Abine
[2010/04/30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
[2010/09/22 08:57:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
[2010/01/29 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook
[2010/06/22 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2011/01/22 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2009/12/28 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
[2010/12/18 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2009/06/08 08:37:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
[2011/04/06 17:34:13 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/27 16:13:54 | 000,025,084 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/03/31 21:50:37 | 000,078,549 | ---- | M] () -- C:\ComboFix.txt
[2009/04/15 05:30:07 | 000,004,884 | RH-- | M] () -- C:\dell.sdr
[2011/03/05 20:05:53 | 000,000,973 | ---- | M] () -- C:\desc.txt
[2011/03/05 20:02:57 | 000,000,973 | ---- | M] () -- C:\JavaRa.log
[2010/05/05 22:06:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/04/06 17:35:05 | 304,361,470 | -HS- | M] () -- C:\pagefile.sys
[2011/03/31 20:44:34 | 000,000,475 | ---- | M] () -- C:\rkill.log
[2011/03/28 19:59:31 | 000,000,461 | ---- | M] () -- C:\Sys_LogWin.log
[2011/03/03 01:20:53 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_03.03.2011_00.20.21_log.txt
[2011/03/05 11:23:54 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_10.19.10_log.txt
[2011/03/05 12:14:14 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_11.10.35_log.txt
[2011/03/06 13:05:08 | 000,059,750 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_06.03.2011_12.04.48_log.txt
[2011/03/31 20:59:50 | 000,060,482 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_31.03.2011_20.59.28_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/19 20:33:23 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2008/12/04 21:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010/12/31 19:48:38 | 000,000,010 | ---- | M] () -- C:\Program Files (x86)\eula.txt
[2010/12/31 19:04:56 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\option.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/19 20:54:21 | 000,000,286 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2009/05/16 18:53:58 | 037,452,296 | ---- | M] (Lavasoft ) -- C:\Users\admin\Desktop\Ad-AwareAE.exe
[2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
[2011/03/05 20:39:29 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
[2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
[2011/03/05 11:32:49 | 000,296,448 | ---- | M] () -- C:\Users\admin\Desktop\gmer.exe
[2011/03/03 00:47:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2011/03/05 20:02:15 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\admin\Desktop\JavaRa.exe
[2011/03/05 17:13:26 | 000,080,384 | ---- | M] () -- C:\Users\admin\Desktop\MBRCheck.exe
[2011/03/06 13:32:01 | 000,365,551 | ---- | M] () -- C:\Users\admin\Desktop\MiniToolBox.exe
[2011/03/05 18:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2009/03/30 22:35:58 | 011,748,680 | ---- | M] (ParetoLogic ) -- C:\Users\admin\Desktop\Pareto_AV_Setup_RW.exe
[2011/03/05 19:50:41 | 000,879,028 | ---- | M] () -- C:\Users\admin\Desktop\SecurityCheck.exe
[2011/03/03 01:19:59 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/12/19 20:53:28 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/12/19 20:52:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/17 13:48:10 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/20 19:34:05 | 000,006,149 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

NutnFunny · Apr 6, 2011

My mistake, uploaded new OTL.exe but added previous 'custom scan' elements from before
here is the basic Quick Scan:

OTL logfile created on: 4/6/2011 6:34:58 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\admin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 349.03 Gb Free Space | 60.06% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
PRC - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe

========== Modules (SafeList) ==========

MOD - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/09/30 20:02:17 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009/04/11 01:28:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/11/24 22:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/03/26 13:08:34 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/27 11:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2007/06/27 11:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2007/08/10 12:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 22:26:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 21:26:23 | 000,000,000 | ---D | M]

[2011/04/05 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2011/04/05 22:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/18 18:41:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/05 19:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/06/24 03:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/31 21:48:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [WorkForce 630(Network)] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253/SysCamInst.cab (AudioClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 76.239.149.89 192.168.1.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
O24 - Desktop BackupWallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 12:20:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mozilla
[2011/04/05 20:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/04/05 20:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/03/31 22:09:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/31 21:40:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/31 21:40:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/31 21:40:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/31 21:40:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/31 21:40:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/20 17:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2011/03/20 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/03/20 17:09:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
[2011/03/20 17:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011/03/20 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011/03/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InstallShield
[2011/03/20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011/03/20 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/03/20 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011/03/20 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Linksys_LLC_-_A_Division_

========== Files - Modified Within 30 Days ==========

[2011/04/06 17:41:34 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/06 17:41:34 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/06 17:41:34 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/06 17:35:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 10:19:03 | 000,209,515 | ---- | M] () -- C:\Users\admin\Desktop\img009.pdf
[2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
[2011/04/05 22:26:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/05 20:45:58 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
[2011/04/05 20:32:14 | 000,153,431 | ---- | M] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
[2011/04/05 20:26:49 | 000,000,079 | ---- | M] () -- C:\Windows\EWF630.ini
[2011/04/05 20:21:21 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/04/05 19:44:25 | 000,144,857 | ---- | M] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
[2011/04/03 18:42:16 | 001,108,923 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.jpg
[2011/04/03 18:42:01 | 000,122,059 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.sdr
[2011/03/31 21:48:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
[2011/03/30 11:46:50 | 000,001,750 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
[2011/03/28 19:14:41 | 046,923,031 | ---- | M] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
[2011/03/27 04:37:11 | 000,032,768 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 09:10:34 | 000,345,514 | ---- | M] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
[2011/03/08 22:04:09 | 000,002,341 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/08 19:32:08 | 005,621,314 | ---- | M] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip

========== Files Created - No Company Name ==========

[2011/04/06 10:35:24 | 000,112,998 | ---- | C] () -- C:\Users\admin\Desktop\FoxScan.exe
[2011/04/06 10:19:49 | 000,209,515 | ---- | C] () -- C:\Users\admin\Desktop\img009.pdf
[2011/04/05 22:26:18 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/05 20:32:14 | 000,153,431 | ---- | C] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
[2011/04/05 20:21:21 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/04/05 19:44:25 | 000,144,857 | ---- | C] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
[2011/04/03 18:34:28 | 001,108,923 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.jpg
[2011/04/02 18:41:47 | 000,122,059 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.sdr
[2011/03/31 21:40:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 21:40:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 21:40:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 21:40:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 21:40:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:40:06 | 004,310,832 | R--- | C] () -- C:\Users\admin\Desktop\ComboFix.exe
[2011/03/28 19:14:20 | 046,923,031 | ---- | C] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
[2011/03/20 17:15:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
[2011/03/20 17:07:19 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/20 17:07:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/20 17:07:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/20 17:07:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/20 17:07:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/20 17:07:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/20 17:07:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/20 17:07:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/20 17:07:18 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011/03/20 17:07:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011/03/20 17:07:18 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011/03/20 17:07:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/20 17:07:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/20 17:07:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/20 17:06:11 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\epson.sep
[2011/03/20 17:04:11 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
[2011/03/18 09:10:33 | 000,345,514 | ---- | C] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
[2011/03/08 19:32:04 | 005,621,314 | ---- | C] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip
[2011/01/18 18:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/19 21:27:10 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/07/13 21:13:45 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/13 21:13:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/07/13 21:13:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/20 20:26:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2010/02/20 20:26:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2009/12/28 18:48:48 | 000,023,888 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
[2009/08/09 21:47:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2009/08/07 16:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/07 16:40:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/07 16:40:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/08 08:37:36 | 000,002,880 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
[2009/05/19 23:56:34 | 000,032,768 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/18 21:59:34 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2009/05/17 18:36:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/15 05:25:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/15 04:56:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/04/15 01:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/10 12:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2011/03/31 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Abine
[2010/04/30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
[2010/09/22 08:57:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
[2010/01/29 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook
[2010/06/22 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
[2011/01/22 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2009/12/28 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
[2010/12/18 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
[2009/06/08 08:37:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
[2011/04/06 17:34:13 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========

< End of report >

Broni · Apr 7, 2011

I don't see anything suspicious.

Now...

Disconnected from ISP, using mobile modem no redirect, on google and can easily load yahoo, yahoo mail.

It clearly indicates, there is nothing wrong with your computer, as we actually already know.
It must be something wrong with your IP, modem, router, or combination of those.

At this point, there is nothing more I can do here.

Inactive Using Firefox or IE if open Google, get redirect to Google.com.br

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Similar threads