Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspected Malware Infection

Started by HarryDS , Apr 28 2011 11:59 AM

This topic is locked

#1
HarryDS

Posted 28 April 2011 - 11:59 AM

Member

Member
13 posts

My computer is coming up with hard drive errors and when I run various anti-virus programs and Spybot it indicates errors but despite running these programs numerous times I continue to have these errors. I am attaching my scan log from HiJackThis.

Any help would be greatly appreciated.

Attached Files

hijackthis.log 14.87KB 117 downloads

#2
Essexboy

Posted 28 April 2011 - 12:44 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there - are the programmes missing from the start menu etc...

Hijackthis no longer gives sufficient data so.....
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
HarryDS

Posted 29 April 2011 - 11:25 AM

Member

Topic Starter
Member
13 posts

Here are the three logs.

OTL logfile created on: 29/04/2011 12:08:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\hschwartz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 82.12 Gb Free Space | 73.60% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 4.88 Gb Free Space | 50.01% Space Free | Partition Type: FAT32
Drive E: | 111.53 Gb Total Space | 25.72 Gb Free Space | 23.06% Space Free | Partition Type: FAT32

Computer Name: MELANIELAP | User Name: hschwartz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
PRC - [2011/04/18 12:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:48 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/08/25 15:06:08 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/05/25 10:59:52 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\hschwartz\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009/11/09 20:54:24 | 000,278,016 | -H-- | M] (Trondent Development Corp.) -- C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe
PRC - [2009/09/25 09:44:22 | 000,292,856 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\rmgui.exe
PRC - [2009/09/25 09:44:18 | 000,063,480 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DAMaint.exe
PRC - [2009/09/25 09:42:10 | 001,247,224 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe
PRC - [2008/12/09 06:08:38 | 000,495,616 | -H-- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/07/08 19:18:40 | 000,466,944 | -H-- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/07 19:41:14 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 19:41:12 | 000,178,712 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/25 18:19:10 | 000,159,744 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/11 15:07:46 | 000,421,888 | -H-- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/12 18:43:44 | 000,065,536 | -H-- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/08 17:10:22 | 000,040,960 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
MOD - [2011/04/18 12:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/02/08 08:33:55 | 000,978,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2011/01/19 19:53:34 | 000,238,424 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/25 09:44:18 | 000,059,384 | -H-- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\DAinit.dll
MOD - [2005/10/11 14:18:54 | 000,028,672 | -H-- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\SysHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LkWebLink)
SRV - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/19 16:11:55 | 000,428,184 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2010/08/25 15:06:08 | 000,045,056 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/25 09:44:18 | 000,063,480 | -H-- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DAMaint.exe -- (DAMaint)
SRV - [2009/09/25 09:42:10 | 001,247,224 | -H-- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe -- (RemoteSupportManager)
SRV - [2008/05/07 19:41:14 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 12:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/12 18:43:44 | 000,065,536 | -H-- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 12:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 12:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/20 19:47:46 | 000,113,280 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 16:21:54 | 000,100,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/25 09:44:38 | 000,011,128 | -H-- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAtf.sys -- (DAtf)
DRV - [2009/09/25 09:44:28 | 000,009,336 | -H-- | M] (ScriptLogic Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DAmirr.sys -- (DAmirr)
DRV - [2009/09/25 09:44:26 | 000,012,152 | -H-- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAinfo.sys -- (DAInfo)
DRV - [2009/09/10 15:55:52 | 000,102,528 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/17 15:23:16 | 003,636,864 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/12 11:30:12 | 000,043,608 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/05/20 19:53:00 | 004,800,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/13 14:49:12 | 000,051,288 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/29 18:09:56 | 000,108,032 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/19 16:26:24 | 000,175,104 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/01 01:14:36 | 000,166,448 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/26 00:23:10 | 000,017,968 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/10/01 15:59:46 | 001,769,984 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/17 21:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/03/01 22:22:04 | 000,988,032 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/01 22:21:24 | 000,210,688 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/01 22:21:22 | 000,731,136 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/26 01:32:18 | 000,069,632 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (Int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsn.ca
IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca...=en&source=iglk
IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/26 10:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/04/26 23:05:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/26 23:05:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 21:18:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 00:56:57 | 000,000,000 | -H-D | M]

[2011/04/27 00:54:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/13 23:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DA Remote Management GUI] C:\Program Files\RemoteSupportManager\rmgui.exe (ScriptLogic Corporation)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749..\Run: [Infuzer] C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infuzer.lnk = C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\NPJPI150_12.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O15 - HKLM\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKLM\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.catsa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} http://support.scans...iles/np_max.cab (MaxViewer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://powercorp.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.6 192.168.1.5 64.59.176.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wpg.aeroguard.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (DAinit.dll) - C:\WINDOWS\System32\DAinit.dll (ScriptLogic Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\hschwartz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hschwartz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 05:05:32 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell - "" = AutoRun
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell - "" = AutoRun
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 12:02:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
[2011/04/29 12:01:37 | 000,567,296 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hschwartz\Desktop\aswMBR.exe
[2011/04/28 12:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/27 12:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Promosoft Corporation
[2011/04/27 12:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Promosoft Corporation
[2011/04/27 12:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/27 11:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/27 10:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/27 10:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/27 10:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/27 01:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2011/04/27 00:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\Search Settings
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/04/27 00:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/04/27 00:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\IObit
[2011/04/27 00:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/27 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/26 23:37:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/26 23:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2011/04/26 23:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/26 23:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/04/26 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/26 23:04:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/26 23:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/26 12:26:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hschwartz\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/26 10:41:27 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/26 10:41:27 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/26 10:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/26 10:41:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 10:41:26 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/26 10:41:26 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/26 10:41:26 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/26 10:41:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/26 10:41:25 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/26 10:41:18 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/26 10:41:18 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/26 10:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/26 10:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/26 08:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/26 07:46:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hschwartz\Recent
[2011/04/20 06:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/20 06:03:35 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/04/20 06:03:32 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/04/20 06:01:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011/04/18 10:58:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Citrix
[2011/04/14 15:36:44 | 000,000,000 | -H-D | C] -- C:\Program Files\www.freewordexcelpassword.com
[2011/04/14 15:30:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Cain
[2011/04/14 05:14:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2011/03/30 17:17:22 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2009/11/24 10:25:34 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/12/30 05:08:51 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2008/12/30 03:29:00 | 000,016,384 | -H-- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/12/30 03:27:34 | 000,024,576 | -H-- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[2008/12/30 03:23:42 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/12/30 03:23:39 | 000,172,032 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 12:06:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB5EA149-293E-490D-8452-F5F2659DBF3B}.job
[2011/04/29 12:04:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\MBR.dat
[2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
[2011/04/29 12:01:38 | 000,567,296 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hschwartz\Desktop\aswMBR.exe
[2011/04/29 12:00:00 | 000,000,686 | ---- | M] () -- C:\WINDOWS\tasks\Free Registry Fix.job
[2011/04/29 11:51:22 | 000,083,720 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\SSB PBS Threat Consultation April 2011.pdf
[2011/04/29 11:45:16 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 11:45:02 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 11:43:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 11:43:23 | 2072,887,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 11:39:00 | 000,000,892 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 03:56:51 | 113,706,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/27 12:30:05 | 000,000,778 | -H-- | M] () -- C:\WINDOWS\tasks\Daily Update.job
[2011/04/27 12:20:46 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk
[2011/04/27 12:20:46 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk
[2011/04/27 00:54:29 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/04/26 23:05:46 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/26 12:15:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hschwartz\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/26 10:41:28 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/26 08:01:46 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/25 13:36:08 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18734900r
[2011/04/25 13:36:08 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18734900
[2011/04/25 13:36:06 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\Windows Recovery.lnk
[2011/04/25 13:35:54 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18734900
[2011/04/20 10:58:24 | 000,555,020 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 10:58:24 | 000,108,270 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/19 18:19:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 12:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 12:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 12:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 12:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 12:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 11:35:58 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\hschwartz\My Documents\ChatLog Aeroguard Demo 2011_04_18 11_35.rtf
[2011/04/18 10:58:41 | 000,002,120 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\s Quick Connect.lnk
[2011/04/18 10:58:10 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\hschwartz\g2mdlhlpx.exe
[2011/04/14 15:43:30 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\Free Word Excel Password Wizard.lnk
[2011/04/14 09:26:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\hschwartz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/14 08:59:21 | 000,399,144 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 05:13:10 | 000,001,809 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 12:04:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\MBR.dat
[2011/04/29 11:51:19 | 000,083,720 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\SSB PBS Threat Consultation April 2011.pdf
[2011/04/29 03:56:51 | 113,706,359 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/28 12:41:23 | 2072,887,296 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 12:20:46 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk
[2011/04/27 12:06:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\tasks\Free Registry Fix.job
[2011/04/27 12:06:12 | 000,001,121 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Registry Fix.lnk
[2011/04/27 12:06:12 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk
[2011/04/27 00:54:29 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/04/26 23:05:46 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/26 10:41:28 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/26 08:01:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/25 13:36:08 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18734900r
[2011/04/25 13:36:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18734900
[2011/04/25 13:36:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\Windows Recovery.lnk
[2011/04/25 13:35:54 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18734900
[2011/04/18 11:35:58 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\hschwartz\My Documents\ChatLog Aeroguard Demo 2011_04_18 11_35.rtf
[2011/04/18 10:58:41 | 000,002,120 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\s Quick Connect.lnk
[2011/04/18 10:58:09 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\hschwartz\g2mdlhlpx.exe
[2011/04/14 15:43:30 | 000,002,777 | ---- | C] () -- C:\Documents and Settings\hschwartz\Start Menu\Programs\Free Word Excel Password Wizard.lnk
[2011/04/14 15:43:30 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\Free Word Excel Password Wizard.lnk
[2011/03/14 13:32:49 | 000,169,356 | -H-- | C] () -- C:\WINDOWS\hppins10.dat
[2011/03/14 13:32:49 | 000,005,186 | -H-- | C] () -- C:\WINDOWS\hppmdl10.dat
[2010/11/24 17:27:16 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\bd7440n.dat
[2010/11/24 17:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/11/17 16:07:57 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 13:48:03 | 000,089,676 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/25 15:06:08 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2010/08/13 15:42:39 | 001,065,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/28 11:24:39 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\hschwartz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 21:40:38 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/05/31 11:42:21 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\impborl.dll
[2010/05/27 21:32:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/25 15:43:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\hschwartz\Local Settings\Application Data\fusioncache.dat
[2010/05/06 00:57:54 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/24 12:05:21 | 000,000,148 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/02/24 12:04:20 | 000,000,652 | -H-- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/02/24 12:02:03 | 000,172,862 | -H-- | C] () -- C:\WINDOWS\hppins10.dat.temp
[2010/02/24 12:02:03 | 000,005,924 | -H-- | C] () -- C:\WINDOWS\hppmdl10.dat.temp
[2010/02/12 13:44:18 | 000,000,623 | -H-- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2009/12/18 14:04:03 | 000,000,410 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/18 14:03:43 | 000,000,225 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/18 14:03:43 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/18 14:02:53 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/12/18 14:02:53 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/12/18 14:02:51 | 000,000,086 | -H-- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/12/18 14:02:50 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/12/18 14:00:46 | 000,031,567 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/09 11:13:12 | 000,162,813 | -H-- | C] () -- C:\WINDOWS\hphins27.dat.temp
[2009/12/09 11:13:12 | 000,000,703 | -H-- | C] () -- C:\WINDOWS\hphmdl27.dat.temp
[2009/12/09 09:42:12 | 000,162,815 | -H-- | C] () -- C:\WINDOWS\hphins27.dat
[2009/12/09 09:42:12 | 000,000,703 | -H-- | C] () -- C:\WINDOWS\hphmdl27.dat
[2009/11/24 10:32:02 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/11/24 10:25:33 | 000,000,507 | -H-- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2009/02/06 15:26:16 | 000,013,543 | -H-- | C] () -- C:\WINDOWS\cfgall.ini
[2009/01/14 13:23:40 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\System32\scnwpm.dat
[2009/01/14 13:16:23 | 000,172,128 | RH-- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/01/14 13:16:20 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2009/01/07 14:52:42 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/06 14:16:55 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/01/06 14:03:41 | 000,009,961 | -H-- | C] () -- C:\WINDOWS\System32\sk1bNP.DAT
[2009/01/06 14:03:41 | 000,004,788 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCT2.DAT
[2009/01/06 14:03:41 | 000,004,788 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCT1.DAT
[2009/01/06 14:03:41 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCP.DAT
[2008/12/30 05:07:47 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/12/30 03:26:10 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/30 03:25:51 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2008/12/30 03:25:51 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2008/12/30 03:25:51 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2008/12/30 03:23:42 | 000,028,032 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/12/30 03:23:41 | 001,769,984 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/12/30 03:22:55 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2008/12/30 03:22:55 | 000,105,984 | -H-- | C] () -- C:\WINDOWS\FixUVC.exe
[2008/12/30 03:22:55 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2008/09/02 06:04:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/02 03:42:20 | 000,555,020 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/02 03:42:20 | 000,108,270 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/19 02:36:44 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/19 02:15:02 | 000,399,144 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/19 01:30:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/08/19 01:30:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/08/19 01:30:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/08/19 01:30:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/07/03 05:05:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/03 05:03:46 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/11 13:29:02 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/06/11 13:15:34 | 001,991,464 | -H-- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/06/11 13:15:34 | 000,432,400 | -H-- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/04/13 23:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/13 23:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/04 19:23:10 | 000,693,792 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/16 20:00:00 | 000,003,403 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/01/26 01:32:18 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006/03/10 16:18:16 | 000,006,782 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 17:39:05 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/05/14 15:04:36 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003/11/24 17:55:48 | 000,743,424 | -H-- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 17:55:32 | 000,872,448 | -H-- | C] () -- C:\WINDOWS\iconv.dll
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/12 16:41:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 16:41:26 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/26 18:12:30 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/04/27 09:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/04/27 11:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/04/27 10:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2009/01/07 15:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2011/04/27 11:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2011/04/27 09:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2011/04/28 09:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Trondent Development Corp
[2011/04/26 10:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/27 07:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/30 09:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/04/26 23:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/04 01:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/03/30 19:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/12/30 03:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/06/15 21:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/04/27 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/26 23:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/27 23:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2009/11/14 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2011/04/27 13:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/28 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/18 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/27 13:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/30 03:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/11/15 11:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/27 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Acer
[2011/04/26 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2010/06/21 10:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Blackberry Desktop
[2010/06/15 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\InterVideo
[2011/04/27 01:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\IObit
[2011/03/14 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\MXmeeting
[2010/05/27 11:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\ntr
[2010/11/23 23:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Red Kawa
[2010/08/13 13:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Research In Motion
[2010/12/08 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\ScanSoft
[2011/04/27 00:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Search Settings
[2010/06/08 13:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Trondent Development Corp
[2010/09/30 11:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\webex
[2010/05/17 19:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffgreene\Application Data\Research In Motion
[2011/03/01 14:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jeffgreene\Application Data\Trondent Development Corp
[2010/05/06 12:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmcmillan\Application Data\Blackberry Desktop
[2010/05/06 00:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmcmillan\Application Data\Research In Motion
[2010/05/03 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmcmillan\Application Data\ScanSoft
[2011/04/27 12:30:05 | 000,000,778 | -H-- | M] () -- C:\WINDOWS\Tasks\Daily Update.job
[2011/04/29 12:00:00 | 000,000,686 | ---- | M] () -- C:\WINDOWS\Tasks\Free Registry Fix.job
[2011/04/29 12:06:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB5EA149-293E-490D-8452-F5F2659DBF3B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 23:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 23:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 23:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 23:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 23:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 23:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 23:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 23:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/01/12 08:18:56 | 000,509,536 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2009/01/12 08:18:53 | 000,307,704 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >

Attached Files

OTL.Txt 123.41KB 96 downloads
Extras.Txt 48.23KB 118 downloads
aswMBR.txt 1.26KB 120 downloads

#4
Essexboy

Posted 29 April 2011 - 11:37 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi the first problem I see is : 1 antivirus - good, 2 is bad and 3 is a disaster waiting to happen. Please uninstall two of the following

IObit Security 360
AVG10
Avast

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 1
O7 - HKU\S-1-5-21-1390067357-1965331169-725345543-5749\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2011/04/25 13:36:08 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18734900r
[2011/04/25 13:36:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18734900
[2011/04/25 13:36:06 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\Windows Recovery.lnk
[2011/04/25 13:35:54 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18734900

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#5
HarryDS

Posted 29 April 2011 - 12:29 PM

Member

Topic Starter
Member
13 posts

I did the first scans but the install of Malware did not work. It produces an error.

OTL logfile created on: 29/04/2011 1:20:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\hschwartz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 84.04 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 4.88 Gb Free Space | 50.01% Space Free | Partition Type: FAT32
Drive E: | 111.53 Gb Total Space | 25.71 Gb Free Space | 23.06% Space Free | Partition Type: FAT32

Computer Name: MELANIELAP | User Name: hschwartz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 13:14:29 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\hschwartz\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
PRC - [2011/04/18 12:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010/08/25 15:06:08 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/11/09 20:54:24 | 000,278,016 | -H-- | M] (Trondent Development Corp.) -- C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe
PRC - [2009/09/25 09:44:22 | 000,292,856 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\rmgui.exe
PRC - [2009/09/25 09:44:18 | 000,063,480 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DAMaint.exe
PRC - [2009/09/25 09:42:10 | 001,247,224 | -H-- | M] (ScriptLogic Corporation) -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe
PRC - [2008/12/09 06:08:38 | 000,495,616 | -H-- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/07/08 19:18:40 | 000,466,944 | -H-- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/07 19:41:14 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 19:41:12 | 000,178,712 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 23:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/25 18:19:10 | 000,159,744 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/11 15:07:46 | 000,421,888 | -H-- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/12 18:43:44 | 000,065,536 | -H-- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/08 17:10:22 | 000,040,960 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe

========== Modules (SafeList) ==========

MOD - [2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
MOD - [2011/04/18 12:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/02/08 08:33:55 | 000,978,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/25 09:44:18 | 000,059,384 | -H-- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\DAinit.dll
MOD - [2005/10/11 14:18:54 | 000,028,672 | -H-- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\SysHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LkWebLink)
SRV - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/10/19 16:11:55 | 000,428,184 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2010/08/25 15:06:08 | 000,045,056 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/09/25 09:44:18 | 000,063,480 | -H-- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DAMaint.exe -- (DAMaint)
SRV - [2009/09/25 09:42:10 | 001,247,224 | -H-- | M] (ScriptLogic Corporation) [Auto | Running] -- C:\Program Files\RemoteSupportManager\DesktopAuthority.exe -- (RemoteSupportManager)
SRV - [2008/05/07 19:41:14 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/11 18:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 12:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/12 18:43:44 | 000,065,536 | -H-- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/04 20:48:50 | 000,112,152 | -H-- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 12:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 12:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/10/20 19:47:46 | 000,113,280 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 16:21:54 | 000,100,736 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/25 09:44:38 | 000,011,128 | -H-- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAtf.sys -- (DAtf)
DRV - [2009/09/25 09:44:28 | 000,009,336 | -H-- | M] (ScriptLogic Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DAmirr.sys -- (DAmirr)
DRV - [2009/09/25 09:44:26 | 000,012,152 | -H-- | M] (ScriptLogic Corporation) [Kernel | Auto | Running] -- C:\Program Files\RemoteSupportManager\DAinfo.sys -- (DAInfo)
DRV - [2009/09/10 15:55:52 | 000,102,528 | -H-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/17 15:23:16 | 003,636,864 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/06/12 11:30:12 | 000,043,608 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/05/20 19:53:00 | 004,800,000 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/13 14:49:12 | 000,051,288 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/29 18:09:56 | 000,108,032 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/19 16:26:24 | 000,175,104 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/01 01:14:36 | 000,166,448 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/26 00:23:10 | 000,017,968 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/10/01 15:59:46 | 001,769,984 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/17 21:09:28 | 000,011,032 | -H-- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/03/01 22:22:04 | 000,988,032 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/01 22:21:24 | 000,210,688 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/01 22:21:22 | 000,731,136 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/26 01:32:18 | 000,069,632 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (Int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsn.ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca...=en&source=iglk
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/26 10:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 21:18:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 00:56:57 | 000,000,000 | -H-D | M]

[2011/04/27 00:54:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/29 12:57:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DA Remote Management GUI] C:\Program Files\RemoteSupportManager\rmgui.exe (ScriptLogic Corporation)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [Infuzer] C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infuzer.lnk = C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\NPJPI150_12.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlNSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Whale Communications\Client Components\3.1.0\WhlLSP.dll (Whale Communications, a Microsoft subsidiary)
O15 - HKLM\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKLM\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeroguard.ca ([bi] http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.catsa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {9C134253-E8A3-4759-9F98-302B7981922E} http://support.scans...iles/np_max.cab (MaxViewer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://powercorp.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.6 192.168.1.5 64.59.176.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wpg.aeroguard.local
O20 - AppInit_DLLs: (DAinit.dll) - C:\WINDOWS\System32\DAinit.dll (ScriptLogic Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\hschwartz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hschwartz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 05:05:32 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell - "" = AutoRun
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{001f9693-d706-11df-a4c8-00216b017206}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell - "" = AutoRun
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11d71648-d7aa-11df-a4c9-00216b017206}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{550b0158-48ab-11dd-8386-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 12:57:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/29 12:02:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
[2011/04/29 12:01:37 | 000,567,296 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hschwartz\Desktop\aswMBR.exe
[2011/04/28 12:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/27 12:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Promosoft Corporation
[2011/04/27 12:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Promosoft Corporation
[2011/04/27 12:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/27 11:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/27 10:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/27 10:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/27 10:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/27 01:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2011/04/27 00:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\Search Settings
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/04/27 00:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\IObit
[2011/04/27 00:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/27 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/26 23:37:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/26 23:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2011/04/26 23:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/26 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/26 23:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/26 12:26:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hschwartz\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/26 10:41:27 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/26 10:41:27 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/26 10:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/26 10:41:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/26 10:41:26 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/26 10:41:26 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/26 10:41:26 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/26 10:41:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/26 10:41:25 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/26 10:41:18 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/26 10:41:18 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/26 10:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/26 10:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/26 08:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/26 07:46:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hschwartz\Recent
[2011/04/20 06:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/20 06:03:35 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/04/20 06:03:32 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011/04/20 06:01:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011/04/18 10:58:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Citrix
[2011/04/14 15:36:44 | 000,000,000 | -H-D | C] -- C:\Program Files\www.freewordexcelpassword.com
[2011/04/14 15:30:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Cain
[2011/04/14 05:14:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ServicePackFiles
[2009/11/24 10:25:34 | 000,335,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/12/30 05:08:51 | 000,049,152 | -H-- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2008/12/30 03:29:00 | 000,016,384 | -H-- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/12/30 03:27:34 | 000,024,576 | -H-- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[2008/12/30 03:23:42 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/12/30 03:23:39 | 000,172,032 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/29 13:16:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB5EA149-293E-490D-8452-F5F2659DBF3B}.job
[2011/04/29 13:13:23 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 13:13:05 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 13:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 13:11:43 | 2072,887,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 12:57:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/29 12:39:04 | 000,000,892 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 12:30:04 | 000,000,778 | -H-- | M] () -- C:\WINDOWS\tasks\Daily Update.job
[2011/04/29 12:04:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\MBR.dat
[2011/04/29 12:02:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hschwartz\Desktop\OTL.exe
[2011/04/29 12:01:38 | 000,567,296 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hschwartz\Desktop\aswMBR.exe
[2011/04/29 12:00:00 | 000,000,686 | ---- | M] () -- C:\WINDOWS\tasks\Free Registry Fix.job
[2011/04/29 11:51:22 | 000,083,720 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\SSB PBS Threat Consultation April 2011.pdf
[2011/04/27 12:20:46 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk
[2011/04/27 12:20:46 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk
[2011/04/26 12:15:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hschwartz\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/26 10:41:28 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/26 08:01:46 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/20 10:58:24 | 000,555,020 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/20 10:58:24 | 000,108,270 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/19 18:19:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/18 12:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 12:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 12:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 12:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 12:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/18 11:35:58 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\hschwartz\My Documents\ChatLog Aeroguard Demo 2011_04_18 11_35.rtf
[2011/04/18 10:58:41 | 000,002,120 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\s Quick Connect.lnk
[2011/04/18 10:58:10 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\hschwartz\g2mdlhlpx.exe
[2011/04/14 15:43:30 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\hschwartz\Desktop\Free Word Excel Password Wizard.lnk
[2011/04/14 09:26:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\hschwartz\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/14 08:59:21 | 000,399,144 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 05:13:10 | 000,001,809 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/04/29 12:04:12 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\MBR.dat
[2011/04/29 11:51:19 | 000,083,720 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\SSB PBS Threat Consultation April 2011.pdf
[2011/04/28 12:41:23 | 2072,887,296 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 12:20:46 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get Technical Support.lnk
[2011/04/27 12:06:25 | 000,000,686 | ---- | C] () -- C:\WINDOWS\tasks\Free Registry Fix.job
[2011/04/27 12:06:12 | 000,001,121 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Registry Fix.lnk
[2011/04/27 12:06:12 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Registry Fix.lnk
[2011/04/26 10:41:28 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/04/26 08:01:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/18 11:35:58 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\hschwartz\My Documents\ChatLog Aeroguard Demo 2011_04_18 11_35.rtf
[2011/04/18 10:58:41 | 000,002,120 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\s Quick Connect.lnk
[2011/04/18 10:58:09 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\hschwartz\g2mdlhlpx.exe
[2011/04/14 15:43:30 | 000,002,777 | ---- | C] () -- C:\Documents and Settings\hschwartz\Start Menu\Programs\Free Word Excel Password Wizard.lnk
[2011/04/14 15:43:30 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\hschwartz\Desktop\Free Word Excel Password Wizard.lnk
[2011/03/14 13:32:49 | 000,169,356 | -H-- | C] () -- C:\WINDOWS\hppins10.dat
[2011/03/14 13:32:49 | 000,005,186 | -H-- | C] () -- C:\WINDOWS\hppmdl10.dat
[2010/11/24 17:27:16 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\bd7440n.dat
[2010/11/24 17:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/11/17 16:07:57 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 13:48:03 | 000,089,676 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/25 15:06:08 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2010/08/13 15:42:39 | 001,065,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/28 11:24:39 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\hschwartz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 21:40:38 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/05/31 11:42:21 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\impborl.dll
[2010/05/27 21:32:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/25 15:43:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\hschwartz\Local Settings\Application Data\fusioncache.dat
[2010/05/06 00:57:54 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/02/24 12:05:21 | 000,000,148 | -H-- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/02/24 12:04:20 | 000,000,652 | -H-- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/02/24 12:02:03 | 000,172,862 | -H-- | C] () -- C:\WINDOWS\hppins10.dat.temp
[2010/02/24 12:02:03 | 000,005,924 | -H-- | C] () -- C:\WINDOWS\hppmdl10.dat.temp
[2010/02/12 13:44:18 | 000,000,623 | -H-- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2009/12/18 14:04:03 | 000,000,410 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/12/18 14:03:43 | 000,000,225 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/18 14:03:43 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/18 14:02:53 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/12/18 14:02:53 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/12/18 14:02:51 | 000,000,086 | -H-- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/12/18 14:02:50 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/12/18 14:00:46 | 000,031,567 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/09 11:13:12 | 000,162,813 | -H-- | C] () -- C:\WINDOWS\hphins27.dat.temp
[2009/12/09 11:13:12 | 000,000,703 | -H-- | C] () -- C:\WINDOWS\hphmdl27.dat.temp
[2009/12/09 09:42:12 | 000,162,815 | -H-- | C] () -- C:\WINDOWS\hphins27.dat
[2009/12/09 09:42:12 | 000,000,703 | -H-- | C] () -- C:\WINDOWS\hphmdl27.dat
[2009/11/24 10:32:02 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/11/24 10:25:33 | 000,000,507 | -H-- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2009/02/06 15:26:16 | 000,013,543 | -H-- | C] () -- C:\WINDOWS\cfgall.ini
[2009/01/14 13:23:40 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\System32\scnwpm.dat
[2009/01/14 13:16:23 | 000,172,128 | RH-- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/01/14 13:16:20 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2009/01/07 14:52:42 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/06 14:16:55 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/01/06 14:03:41 | 000,009,961 | -H-- | C] () -- C:\WINDOWS\System32\sk1bNP.DAT
[2009/01/06 14:03:41 | 000,004,788 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCT2.DAT
[2009/01/06 14:03:41 | 000,004,788 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCT1.DAT
[2009/01/06 14:03:41 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\System32\sk1bGCP.DAT
[2008/12/30 05:07:47 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/12/30 03:26:10 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/30 03:25:51 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2008/12/30 03:25:51 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2008/12/30 03:25:51 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2008/12/30 03:23:42 | 000,028,032 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/12/30 03:23:41 | 001,769,984 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/12/30 03:22:55 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\PLFSetI.exe
[2008/12/30 03:22:55 | 000,105,984 | -H-- | C] () -- C:\WINDOWS\FixUVC.exe
[2008/12/30 03:22:55 | 000,000,055 | -H-- | C] () -- C:\WINDOWS\PidList.ini
[2008/09/02 06:04:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/02 03:42:20 | 000,555,020 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/02 03:42:20 | 000,108,270 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/19 02:36:44 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/19 02:15:02 | 000,399,144 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/19 01:30:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/08/19 01:30:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/08/19 01:30:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/08/19 01:30:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/07/03 05:05:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/03 05:03:46 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/11 13:29:02 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/06/11 13:15:34 | 001,991,464 | -H-- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008/06/11 13:15:34 | 000,432,400 | -H-- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008/04/13 23:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 23:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 23:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 23:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 23:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 23:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 23:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 23:00:00 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/13 23:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/04 19:23:10 | 000,693,792 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/16 20:00:00 | 000,003,403 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/01/26 01:32:18 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006/03/10 16:18:16 | 000,006,782 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 17:39:05 | 003,375,104 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/05/14 15:04:36 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003/11/24 17:55:48 | 000,743,424 | -H-- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 17:55:32 | 000,872,448 | -H-- | C] () -- C:\WINDOWS\iconv.dll
[2003/01/07 16:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/12 16:41:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 16:41:26 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/26 18:12:30 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/04/26 10:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/29 13:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/30 09:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/04/26 23:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/04 01:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/03/30 19:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/12/30 03:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/06/15 21:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/04/27 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/29 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/27 23:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2009/11/14 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2011/04/27 13:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/28 09:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/12/18 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/27 13:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/30 03:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/11/15 11:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/27 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Acer
[2011/04/26 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2010/06/21 10:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Blackberry Desktop
[2010/06/15 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\InterVideo
[2011/04/29 12:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\IObit
[2011/03/14 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\MXmeeting
[2010/05/27 11:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\ntr
[2010/11/23 23:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Red Kawa
[2010/08/13 13:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Research In Motion
[2010/12/08 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\ScanSoft
[2011/04/27 00:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Search Settings
[2010/06/08 13:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\Trondent Development Corp
[2010/09/30 11:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\webex
[2011/04/29 12:30:04 | 000,000,778 | -H-- | M] () -- C:\WINDOWS\Tasks\Daily Update.job
[2011/04/29 12:00:00 | 000,000,686 | ---- | M] () -- C:\WINDOWS\Tasks\Free Registry Fix.job
[2011/04/29 13:16:19 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB5EA149-293E-490D-8452-F5F2659DBF3B}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1

< End of report >

Attached Files

04292011_125753.log 8.58KB 96 downloads
OTL.Txt 89.42KB 97 downloads
New_OTL.Txt 89.42KB 98 downloads

#6
HarryDS

Posted 29 April 2011 - 12:44 PM

Member

Topic Starter
Member
13 posts

Here is the error received when trying to install Malwarebytes

Attached Files

Errors.pdf 24.72KB 109 downloads

#7
Essexboy

Posted 29 April 2011 - 01:54 PM

GeekU Moderator

Retired Staff
69,964 posts

OK could you first try to redownload and install Malwarebytes - if that should fail I will run another tool

But first lets remove the remnants of AVG and IOBit

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.3\iobitToolbarIE.dll (Spigot, Inc.)
[2011/04/27 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/04/27 00:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\IObit
[2011/04/27 00:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/27 00:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/26 23:37:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/26 23:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2011/04/26 23:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/29 13:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/27 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/26 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\AVG10
[2011/04/29 12:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hschwartz\Application Data\IObit

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
To disable Avast - right clivk the orange blob
Select Avast Shields control
Select disable for one hour
Double click on ComboFix.exe & follow the prompts.
If the sandbox should popup whilst combofix is running then allow all files to run normally
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#8
HarryDS

Posted 29 April 2011 - 02:32 PM

Member

Topic Starter
Member
13 posts

I uninstalled AVG, but when I go to run ComboFix it says that it is still there and in order to run the program I must Uninstall AVG. I have attached the initial log file.

Attached Files

04292011_151634.log 16.35KB 125 downloads

#9
Essexboy

Posted 29 April 2011 - 02:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Download AppRemover and run it.

Click Next >>
Posted Image

Ensure "Remove Security Application" is collected and click Next >>
Posted Image

AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.
[color="#FF0000"][b]

Then retry combofix please

#10
HarryDS

Posted 29 April 2011 - 03:40 PM

Member

Topic Starter
Member
13 posts

I ran it a couple of times and it doesn't see AVG anywhere.

#11
Essexboy

Posted 29 April 2011 - 03:41 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you try combofix from safe mode please - if not I have other tools but they take longer to run

#12
HarryDS

Posted 29 April 2011 - 03:51 PM

Member

Topic Starter
Member
13 posts

Safe Mode didn't find it either.

#13
Essexboy

Posted 29 April 2011 - 03:58 PM

GeekU Moderator

Retired Staff
69,964 posts

My apologies could you run Combofix from safe mode

#14
HarryDS

Posted 29 April 2011 - 04:06 PM

Member

Topic Starter
Member
13 posts

It still sees AVG.

#15
Essexboy

Posted 30 April 2011 - 04:03 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets use the bigger tool, this will take a while as it does a full virus scan as well as the analysis

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image