TechSpot

Using Firefox or IE if open Google, get redirect to Google.com.br

Inactive
By NutnFunny
Mar 4, 2011
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Reopened............
     
  2. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Hey Broni,
    out of town, but still redirecting google to google.com.br.
    opened an email employment response, virus ware did not pick up on email or pc.
    open to suggestions
     
  3. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Have you had a chance to call your ISP?
     
  4. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Yes, stated they would check and repair or give me a new ip if required. Same ip.
    I have not yet checked the Sprint wireless modem to see if that will relieve issue.
     
  5. Broni

    Broni Malware Annihilator Posts: 46,868   +254

  6. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Broni,
    did the Open DNS, flush dns etc., no luck still a redirect on Google.
    ISP is same ip, no change.

    did notice on google at address bar: about:home
     
  7. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Which browser are we talking about here?
     
  8. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    firefox 4.0
     
  9. Broni

    Broni Malware Annihilator Posts: 46,868   +254

  10. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Removed Firefox 4.0
    Rebooted PC
    Uploaded Firefox 4.0 and installed
    Did not import bookmarks
    Did not make Default Browser

    Still Google.com.br
    wow i should have been a hacker.
     
  11. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    my original HOST FILE is not the same:
    Here is the current:

    127.0.0.1 localhost

    Thats it.
     
     
  12. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Loopback, me.... ???
     
  13. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Hosts file is correct.

    Download FoxScan from HERE

    Double click on FoxScan.exe to start the scan.
    DOS-like window will pop-up.
    Press 2 for English. Press Enter.
    Be patient. It'll take few minutes.
    When the tool is done, it'll display:

    Search completed.
    Press any key to coninue...


    Press any key.
    Notepad window titled Rapport-FS.txt will open.
    Save the file to known location, and attach it to your next reply.
     
  14. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    FoxScan loaded, selected 2, States:
    Version denied.

    Also cannot access yahoo mail now.
     
  15. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    Disconnected from ISP, using mobile modem no redirect, on google and can easily load yahoo, yahoo mail.

    FoxScan still not working here is actual text:

    Microsoft WIndows [Version 6.0 6002]
    Access is denied.
    Searching...
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download fresh copy of OTL and post "Quick scan" results.
     
  17. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    OTL logfile created on: 4/6/2011 6:02:38 PM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\admin\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.10 Gb Total Space | 348.65 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
    PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/02/02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
    PRC - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
    PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
    MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/11/24 22:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/03/26 13:08:34 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
    SRV - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
    DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/06/27 11:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV:64bit: - [2007/06/27 11:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV - [2007/08/10 12:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 22:26:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 21:26:23 | 000,000,000 | ---D | M]

    [2011/04/05 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
    [2011/04/05 22:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/18 18:41:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/03/05 19:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2009/06/24 03:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/03/31 21:48:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [WorkForce 630(Network)] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253/SysCamInst.cab (AudioClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 76.239.149.89 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O24 - Desktop BackupWallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/30 12:20:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/05 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mozilla
    [2011/04/05 20:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
    [2011/04/05 20:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
    [2011/03/31 22:09:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/31 21:40:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/31 21:40:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/31 21:40:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/31 21:40:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/31 21:40:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/20 17:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
    [2011/03/20 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
    [2011/03/20 17:09:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
    [2011/03/20 17:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2011/03/20 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2011/03/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InstallShield
    [2011/03/20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2011/03/20 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2011/03/20 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2011/03/20 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Linksys_LLC_-_A_Division_

    ========== Files - Modified Within 30 Days ==========

    [2011/04/06 17:41:34 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/06 17:41:34 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/06 17:41:34 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/06 17:35:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/06 10:19:03 | 000,209,515 | ---- | M] () -- C:\Users\admin\Desktop\img009.pdf
    [2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
    [2011/04/05 22:26:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/05 20:45:58 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
    [2011/04/05 20:32:14 | 000,153,431 | ---- | M] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
    [2011/04/05 20:26:49 | 000,000,079 | ---- | M] () -- C:\Windows\EWF630.ini
    [2011/04/05 20:21:21 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2011/04/05 19:44:25 | 000,144,857 | ---- | M] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
    [2011/04/03 18:42:16 | 001,108,923 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.jpg
    [2011/04/03 18:42:01 | 000,122,059 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.sdr
    [2011/03/31 21:48:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/30 11:46:50 | 000,001,750 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
    [2011/03/28 19:14:41 | 046,923,031 | ---- | M] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
    [2011/03/27 04:37:11 | 000,032,768 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/18 09:10:34 | 000,345,514 | ---- | M] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
    [2011/03/08 22:04:09 | 000,002,341 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/03/08 19:32:08 | 005,621,314 | ---- | M] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip

    ========== Files Created - No Company Name ==========

    [2011/04/06 10:35:24 | 000,112,998 | ---- | C] () -- C:\Users\admin\Desktop\FoxScan.exe
    [2011/04/06 10:19:49 | 000,209,515 | ---- | C] () -- C:\Users\admin\Desktop\img009.pdf
    [2011/04/05 22:26:18 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/05 20:32:14 | 000,153,431 | ---- | C] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
    [2011/04/05 20:21:21 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2011/04/05 19:44:25 | 000,144,857 | ---- | C] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
    [2011/04/03 18:34:28 | 001,108,923 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.jpg
    [2011/04/02 18:41:47 | 000,122,059 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.sdr
    [2011/03/31 21:40:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/31 21:40:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/31 21:40:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/31 21:40:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/31 21:40:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/31 21:40:06 | 004,310,832 | R--- | C] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/28 19:14:20 | 046,923,031 | ---- | C] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
    [2011/03/20 17:15:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
    [2011/03/20 17:07:19 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/03/20 17:07:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/03/20 17:07:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/03/20 17:07:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/03/20 17:07:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/03/20 17:07:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/03/20 17:07:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/03/20 17:07:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/03/20 17:07:18 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2011/03/20 17:07:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2011/03/20 17:07:18 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2011/03/20 17:07:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/03/20 17:07:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/03/20 17:07:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/03/20 17:06:11 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\epson.sep
    [2011/03/20 17:04:11 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
    [2011/03/18 09:10:33 | 000,345,514 | ---- | C] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
    [2011/03/08 19:32:04 | 005,621,314 | ---- | C] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip
    [2011/01/18 18:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/08/19 21:27:10 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/07/13 21:13:45 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/07/13 21:13:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/07/13 21:13:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/02/20 20:26:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
    [2010/02/20 20:26:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
    [2009/12/28 18:48:48 | 000,023,888 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
    [2009/08/09 21:47:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
    [2009/08/07 16:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/07 16:40:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/08/07 16:40:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/08 08:37:36 | 000,002,880 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
    [2009/05/19 23:56:34 | 000,032,768 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 21:59:34 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
    [2009/05/17 18:36:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/04/15 05:25:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/04/15 04:56:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2009/04/15 01:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/08/10 12:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
     
  18. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    ========== LOP Check ==========

    [2011/03/31 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Abine
    [2010/04/30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
    [2010/09/22 08:57:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
    [2010/01/29 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook
    [2010/06/22 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
    [2011/01/22 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2009/12/28 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
    [2010/12/18 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
    [2009/06/08 08:37:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
    [2011/04/06 17:34:13 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/27 16:13:54 | 000,025,084 | ---- | M] () -- C:\aaw7boot.log
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/03/31 21:50:37 | 000,078,549 | ---- | M] () -- C:\ComboFix.txt
    [2009/04/15 05:30:07 | 000,004,884 | RH-- | M] () -- C:\dell.sdr
    [2011/03/05 20:05:53 | 000,000,973 | ---- | M] () -- C:\desc.txt
    [2011/03/05 20:02:57 | 000,000,973 | ---- | M] () -- C:\JavaRa.log
    [2010/05/05 22:06:21 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2011/04/06 17:35:05 | 304,361,470 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/31 20:44:34 | 000,000,475 | ---- | M] () -- C:\rkill.log
    [2011/03/28 19:59:31 | 000,000,461 | ---- | M] () -- C:\Sys_LogWin.log
    [2011/03/03 01:20:53 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_03.03.2011_00.20.21_log.txt
    [2011/03/05 11:23:54 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_10.19.10_log.txt
    [2011/03/05 12:14:14 | 000,061,448 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_05.03.2011_11.10.35_log.txt
    [2011/03/06 13:05:08 | 000,059,750 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_06.03.2011_12.04.48_log.txt
    [2011/03/31 20:59:50 | 000,060,482 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_31.03.2011_20.59.28_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/12/19 20:33:23 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2008/12/04 21:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2010/12/31 19:48:38 | 000,000,010 | ---- | M] () -- C:\Program Files (x86)\eula.txt
    [2010/12/31 19:04:56 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\option.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/19 20:54:21 | 000,000,286 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2009/05/16 18:53:58 | 037,452,296 | ---- | M] (Lavasoft ) -- C:\Users\admin\Desktop\Ad-AwareAE.exe
    [2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/05 20:39:29 | 002,322,184 | ---- | M] (ESET) -- C:\Users\admin\Desktop\esetsmartinstaller_enu.exe
    [2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
    [2011/03/05 11:32:49 | 000,296,448 | ---- | M] () -- C:\Users\admin\Desktop\gmer.exe
    [2011/03/03 00:47:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
    [2011/03/05 20:02:15 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\admin\Desktop\JavaRa.exe
    [2011/03/05 17:13:26 | 000,080,384 | ---- | M] () -- C:\Users\admin\Desktop\MBRCheck.exe
    [2011/03/06 13:32:01 | 000,365,551 | ---- | M] () -- C:\Users\admin\Desktop\MiniToolBox.exe
    [2011/03/05 18:45:39 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2009/03/30 22:35:58 | 011,748,680 | ---- | M] (ParetoLogic ) -- C:\Users\admin\Desktop\Pareto_AV_Setup_RW.exe
    [2011/03/05 19:50:41 | 000,879,028 | ---- | M] () -- C:\Users\admin\Desktop\SecurityCheck.exe
    [2011/03/03 01:19:59 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/12/19 20:53:28 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/12/19 20:52:57 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2009/12/19 20:52:57 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/05/17 13:48:10 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/20 19:34:05 | 000,006,149 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  19. NutnFunny

    NutnFunny TS Rookie Topic Starter Posts: 44

    My mistake, uploaded new OTL.exe but added previous 'custom scan' elements from before
    here is the basic Quick Scan:

    OTL logfile created on: 4/6/2011 6:34:58 PM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\admin\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.10 Gb Total Space | 349.03 Gb Free Space | 60.06% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.72 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
    PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/02/02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
    PRC - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
    PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    PRC - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/06 18:00:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe
    MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2009/09/30 20:02:17 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
    MOD - [2009/04/11 01:28:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
    MOD - [2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
    MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/11/24 22:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/03/26 13:08:34 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/13 21:13:44 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2007/08/29 15:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files (x86)\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
    SRV - [2006/12/19 10:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/23 09:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/11/09 21:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
    DRV:64bit: - [2010/11/09 21:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/11/09 21:42:34 | 000,024,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2009/11/24 22:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/12/12 19:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2008/12/12 19:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/06/27 11:47:12 | 000,089,216 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV:64bit: - [2007/06/27 11:46:22 | 000,114,688 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV - [2007/08/10 12:08:50 | 000,027,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z045&form=ZGAPHP
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/05 22:26:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/26 21:26:23 | 000,000,000 | ---D | M]

    [2011/04/05 22:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
    [2011/04/05 22:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/18 18:41:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/03/05 19:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2009/06/24 03:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/03/31 21:48:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000..\Run: [WorkForce 630(Network)] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3792922179-2174670505-3486552871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://192.168.1.253/SysCamInst.cab (AudioClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 76.239.149.89 192.168.1.1
    O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O24 - Desktop BackupWallPaper: C:\Users\admin\Pictures\101MSDCF\DSC00820.JPG
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/30 12:20:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/05 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Mozilla
    [2011/04/05 20:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
    [2011/04/05 20:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
    [2011/03/31 22:09:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/31 21:40:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/31 21:40:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/31 21:40:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/31 21:40:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/31 21:40:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/20 17:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
    [2011/03/20 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
    [2011/03/20 17:09:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Epson
    [2011/03/20 17:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2011/03/20 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2011/03/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\InstallShield
    [2011/03/20 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2011/03/20 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2011/03/20 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2011/03/20 15:53:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Linksys_LLC_-_A_Division_

    ========== Files - Modified Within 30 Days ==========

    [2011/04/06 17:41:34 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/06 17:41:34 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/06 17:41:34 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/06 17:35:13 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/06 17:35:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/06 10:19:03 | 000,209,515 | ---- | M] () -- C:\Users\admin\Desktop\img009.pdf
    [2011/04/06 08:59:56 | 000,112,998 | ---- | M] () -- C:\Users\admin\Desktop\FoxScan.exe
    [2011/04/05 22:26:18 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/05 20:45:58 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
    [2011/04/05 20:32:14 | 000,153,431 | ---- | M] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
    [2011/04/05 20:26:49 | 000,000,079 | ---- | M] () -- C:\Windows\EWF630.ini
    [2011/04/05 20:21:21 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2011/04/05 19:44:25 | 000,144,857 | ---- | M] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
    [2011/04/03 18:42:16 | 001,108,923 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.jpg
    [2011/04/03 18:42:01 | 000,122,059 | ---- | M] () -- C:\Users\admin\Desktop\CreopleStore.sdr
    [2011/03/31 21:48:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/31 21:40:12 | 004,310,832 | R--- | M] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/30 11:46:50 | 000,001,750 | -H-- | M] () -- C:\Users\admin\Documents\Default.rdp
    [2011/03/28 19:14:41 | 046,923,031 | ---- | M] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
    [2011/03/27 04:37:11 | 000,032,768 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/18 09:10:34 | 000,345,514 | ---- | M] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
    [2011/03/08 22:04:09 | 000,002,341 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/03/08 19:32:08 | 005,621,314 | ---- | M] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip

    ========== Files Created - No Company Name ==========

    [2011/04/06 10:35:24 | 000,112,998 | ---- | C] () -- C:\Users\admin\Desktop\FoxScan.exe
    [2011/04/06 10:19:49 | 000,209,515 | ---- | C] () -- C:\Users\admin\Desktop\img009.pdf
    [2011/04/05 22:26:18 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/05 20:32:14 | 000,153,431 | ---- | C] () -- C:\Users\admin\Desktop\linksysWEP.jpeg
    [2011/04/05 20:21:21 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2011/04/05 19:44:25 | 000,144,857 | ---- | C] () -- C:\Users\admin\Desktop\linksyssettings.jpeg
    [2011/04/03 18:34:28 | 001,108,923 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.jpg
    [2011/04/02 18:41:47 | 000,122,059 | ---- | C] () -- C:\Users\admin\Desktop\CreopleStore.sdr
    [2011/03/31 21:40:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/31 21:40:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/31 21:40:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/31 21:40:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/31 21:40:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/31 21:40:06 | 004,310,832 | R--- | C] () -- C:\Users\admin\Desktop\ComboFix.exe
    [2011/03/28 19:14:20 | 046,923,031 | ---- | C] () -- C:\Users\admin\Desktop\Plans-AEO-Sugarland, TX.pdf
    [2011/03/20 17:15:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 630 User's Guide.lnk
    [2011/03/20 17:07:19 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2011/03/20 17:07:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2011/03/20 17:07:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2011/03/20 17:07:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2011/03/20 17:07:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2011/03/20 17:07:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2011/03/20 17:07:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2011/03/20 17:07:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2011/03/20 17:07:18 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2011/03/20 17:07:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2011/03/20 17:07:18 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2011/03/20 17:07:18 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2011/03/20 17:07:18 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2011/03/20 17:07:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2011/03/20 17:07:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2011/03/20 17:07:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2011/03/20 17:07:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2011/03/20 17:07:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2011/03/20 17:06:11 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\epson.sep
    [2011/03/20 17:04:11 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini
    [2011/03/18 09:10:33 | 000,345,514 | ---- | C] () -- C:\Users\admin\Desktop\1220912515172.Anti-spam FAQ 080707 Consumer.pdf
    [2011/03/08 19:32:04 | 005,621,314 | ---- | C] () -- C:\Users\admin\Desktop\SAS_2011_03_08.zip
    [2011/01/18 18:42:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/08/19 21:27:10 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2010/07/13 21:13:45 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/07/13 21:13:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/07/13 21:13:44 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/02/20 20:26:32 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
    [2010/02/20 20:26:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
    [2009/12/28 18:48:48 | 000,023,888 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
    [2009/08/09 21:47:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
    [2009/08/07 16:41:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/08/07 16:40:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/08/07 16:40:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/08 08:37:36 | 000,002,880 | ---- | C] () -- C:\Users\admin\AppData\Roaming\wklnhst.dat
    [2009/05/19 23:56:34 | 000,032,768 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/18 21:59:34 | 000,011,321 | ---- | C] () -- C:\Windows\hpwscr16.dat
    [2009/05/17 18:36:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/04/15 05:25:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/04/15 04:56:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2009/04/15 01:43:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/04/28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/08/10 12:08:50 | 000,027,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2011/03/31 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Abine
    [2010/04/30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
    [2010/09/22 08:57:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Epson
    [2010/01/29 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Facebook
    [2010/06/22 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FileZilla
    [2011/01/22 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
    [2009/12/28 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PeerNetworking
    [2010/12/18 11:18:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SmartDraw
    [2009/06/08 08:37:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Template
    [2011/04/06 17:34:13 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/04/06 17:35:30 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

    ========== Purity Check ==========



    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    I don't see anything suspicious.

    Now...
    It clearly indicates, there is nothing wrong with your computer, as we actually already know.
    It must be something wrong with your IP, modem, router, or combination of those.

    At this point, there is nothing more I can do here.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.