Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problem - PLEASE HELP!

Started by rg01 , Sep 30 2010 02:50 PM

  • Please log in to reply

#1
rg01
Posted 30 September 2010 - 02:50 PM

rg01

    Member

  • Member
  • PipPip
  • 12 posts
Hi,

I believe I have some sort of malware/spyware on my computer. I had the problem where google would redirect me to malware sites but google no longer redirects me to these sites anymore but I believe there is still something on my computer. I get random pop-ups that aren't blocked by my pop up blocker like most pop-ups are and I also keep getting this error message "Generic host process for win32 services has encountered a problem and needs to close. We are sorry for the inconvenience." Also, sometimes my computer's audio just randomly shuts off and I have to start the service myself - I don't know if this is a different problem altogether or what... any help would be great! Thank you.

Also, the task bar changes and so does my start menu into a different theme or something.. I don't know how to really explain that part..

I haven't gotten any replies so I thought I'd go about and post GMER and OTL logs thinking that might be the next step.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-05 18:46:46
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Ramz\LOCALS~1\Temp\ugtdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\tcpip.sys entry point in ".rsrc" section [0xA8FC4614]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ED000A
.text C:\WINDOWS\Explorer.EXE[324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EE000A
.text C:\WINDOWS\Explorer.EXE[324] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EC000C
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009C000A
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009D000A
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 02DE000A
.text C:\WINDOWS\System32\svchost.exe[1344] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00A9000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FD000C
.text C:\WINDOWS\system32\wuauclt.exe[2460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\wuauclt.exe[2460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\wuauclt.exe[2460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8138CEC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BU8ZFXS1\activityi;src=2507573;type=ads-a681;cat=ads-a832;ord=1;num=3322705212219[1].0054 612 bytes
File C:\WINDOWS\system32\DRIVERS\tcpip.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 05/10/2010 6:59:57 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Ramz\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.22 Gb Free Space | 19.08% Space Free | Partition Type: NTFS
Drive D: | 3.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMI
Current User Name: Ramz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
PRC - [2010/09/23 12:42:01 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 18:16:31 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 18:16:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 18:15:42 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 18:15:32 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/16 07:06:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/01/05 16:18:48 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask .exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/09/26 11:12:16 | 001,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/20 15:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/27 12:32:38 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/16 18:16:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/05 11:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/22 22:17:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/20 15:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2010/07/16 18:16:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 18:15:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:09:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2006/08/30 03:12:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/25 12:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/24 05:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/04/18 18:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/17 04:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 21:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/22 21:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/22 21:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/17 19:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 21:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 19:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/15 04:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 02:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 12:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/05 00:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:47:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 13:24:09 | 000,000,000 | ---D | M]

[2009/05/13 14:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Extensions
[2010/10/04 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Firefox\Profiles\7cotnkq6.default\extensions
[2009/09/02 14:29:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Firefox\Profiles\7cotnkq6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/11 16:20:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Ramz\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ramz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ramz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/04 23:46:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97561a2e-8ff7-11dc-af6f-001302acfc84}\Shell - "" = AutoRun
O33 - MountPoints2\{97561a2e-8ff7-11dc-af6f-001302acfc84}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 18:59:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
[2010/09/27 16:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 473 - Jassi
[2010/09/27 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 442 - Jassi
[2010/09/27 16:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 433 - Jassi
[2010/09/27 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\REC 100
[2010/09/27 00:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 442
[2010/09/27 00:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 473
[2010/09/27 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 433
[2010/09/26 23:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\UW Undergrad 2006-2011
[2010/09/26 23:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\Co-op
[2010/09/26 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\Pictures
[2010/09/26 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/15 17:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/15 17:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/29 22:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Local Settings\Application Data\Western Digital
[2010/07/16 18:16:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[18 C:\Documents and Settings\Ramz\Desktop\*.tmp files -> C:\Documents and Settings\Ramz\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/05 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
[2010/10/05 18:56:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 18:54:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/05 18:54:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 18:54:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 18:53:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 18:53:53 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/05 18:13:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/05 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/05 16:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/05 16:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/05 16:13:56 | 065,638,003 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/05 00:34:55 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Ramz\ntuser.dat
[2010/10/05 00:34:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ramz\ntuser.ini
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/04 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/04 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/04 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/04 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/04 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/04 15:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/04 14:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/04 14:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/04 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/04 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/01 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/01 10:47:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/30 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/28 21:29:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/26 23:20:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/26 00:49:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/25 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/17 03:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/11 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/02 00:25:30 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/02 00:25:30 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/02 00:25:29 | 000,523,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/07/16 18:16:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 18:16:30 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 18:15:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[18 C:\Documents and Settings\Ramz\Desktop\*.tmp files -> C:\Documents and Settings\Ramz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/17 16:18:43 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\X1i7110YY.dat
[2010/05/24 04:30:04 | 003,706,235 | ---- | C] () -- C:\Documents and Settings\Ramz\Application Data\Katy Perry ft Snoop Dogg - California Girls.zip
[2010/05/19 07:18:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Ramz\Application Data\Windowz.exe
[2008/11/22 23:45:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\PUTTY.RND
[2008/06/11 09:54:45 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\fusioncache.dat
[2007/06/25 12:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/06/23 00:17:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/11 00:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/06/11 00:29:39 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/06/11 00:29:38 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/11 00:29:37 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/11 00:29:35 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/11 00:29:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/30 19:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/19 18:48:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/19 16:32:05 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\wmatime.dll
[2006/10/31 23:36:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2006/08/30 02:00:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/08/30 02:00:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/08/30 02:00:11 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/08/30 02:00:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/08/30 01:59:48 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/08/29 18:14:18 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/05 01:57:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/05 01:15:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 01:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/05 01:05:14 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/05 01:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/05 01:01:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/05 01:01:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/05 01:01:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/05 01:01:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/05 01:01:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/05 01:01:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/05 00:57:08 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/05/05 00:55:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/05 00:38:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/04 23:50:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/04 23:31:54 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/04 23:31:29 | 000,360,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcpip.sys
[2006/01/05 21:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 20:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 17:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/28 21:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/13 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/04/16 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/09/03 17:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/28 17:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/13 15:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/06/27 18:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\3M
[2010/08/21 19:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\BitTorrent
[2009/05/27 19:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\CiscoCAA
[2008/09/03 01:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\DNA
[2006/12/01 04:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\InterVideo
[2006/10/29 18:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Leadertech
[2010/05/13 21:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\MSNInstaller
[2009/09/03 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Research In Motion
[2007/04/01 17:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Smartsims
[2006/08/29 21:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Teleca
[2007/03/31 16:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\toshiba
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/04 14:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/05 16:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/04 14:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/05 16:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/09/26 00:49:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/26 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/09/25 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/09/17 03:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/09/11 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/08/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/09/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/01 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/04 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/09/30 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/04 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/04 15:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/04 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/05 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/05 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/05 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/04 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/04 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/04 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/04 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/05/04 23:46:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/23 02:14:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/11 16:07:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2006/05/04 23:46:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/05 18:53:53 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/04 23:46:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/27 22:18:12 | 000,007,869 | ---- | M] () -- C:\JavaRa.log
[2006/05/04 23:46:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/05 18:53:52 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/11/24 02:04:16 | 000,007,474 | ---- | M] () -- C:\ReadmeFirst.htm
[2007/06/01 23:26:06 | 000,919,502 | ---- | M] () -- C:\TB.log


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/04 16:38:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/04 16:38:47 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/04 16:38:47 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTL logfile created on: 05/10/2010 6:59:57 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Ramz\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.22 Gb Free Space | 19.08% Space Free | Partition Type: NTFS
Drive D: | 3.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMI
Current User Name: Ramz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
PRC - [2010/09/23 12:42:01 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 18:16:31 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 18:16:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 18:15:42 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 18:15:32 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/16 07:06:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/01 23:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/01/05 16:18:48 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask .exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/09/26 11:12:16 | 001,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/20 15:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/27 12:32:38 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/16 18:16:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/05 11:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/22 22:17:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/12/20 15:17:48 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2010/07/16 18:16:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 18:15:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:09:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2006/08/30 03:12:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/25 12:01:48 | 000,043,776 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/24 05:00:46 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/04/18 18:12:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/17 04:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 21:59:36 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/22 21:59:32 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/22 21:59:28 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/17 19:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 21:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/05 19:31:20 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/15 04:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 02:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 17:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 12:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/05 00:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:47:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 13:24:09 | 000,000,000 | ---D | M]

[2009/05/13 14:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Extensions
[2010/10/04 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Firefox\Profiles\7cotnkq6.default\extensions
[2009/09/02 14:29:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ramz\Application Data\Mozilla\Firefox\Profiles\7cotnkq6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 20:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/11 16:20:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Ramz\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ramz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ramz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/04 23:46:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97561a2e-8ff7-11dc-af6f-001302acfc84}\Shell - "" = AutoRun
O33 - MountPoints2\{97561a2e-8ff7-11dc-af6f-001302acfc84}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 18:59:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
[2010/09/27 16:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 473 - Jassi
[2010/09/27 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 442 - Jassi
[2010/09/27 16:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 433 - Jassi
[2010/09/27 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\REC 100
[2010/09/27 00:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 442
[2010/09/27 00:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 473
[2010/09/27 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Desktop\HLTH 433
[2010/09/26 23:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\UW Undergrad 2006-2011
[2010/09/26 23:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\Co-op
[2010/09/26 22:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\My Documents\Pictures
[2010/09/26 22:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/15 17:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/15 17:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/29 22:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ramz\Local Settings\Application Data\Western Digital
[2010/07/16 18:16:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[18 C:\Documents and Settings\Ramz\Desktop\*.tmp files -> C:\Documents and Settings\Ramz\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/05 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/10/05 18:59:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ramz\Desktop\OTL.exe
[2010/10/05 18:56:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 18:54:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/05 18:54:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 18:54:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 18:53:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 18:53:53 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/05 18:13:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/10/05 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/10/05 16:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/05 16:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/05 16:13:56 | 065,638,003 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/05 00:34:55 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Ramz\ntuser.dat
[2010/10/05 00:34:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ramz\ntuser.ini
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/04 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/04 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/04 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/04 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/04 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/04 15:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/10/04 14:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/04 14:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/04 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/10/04 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/01 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/10/01 10:47:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/30 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/28 21:29:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/26 23:20:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/26 00:49:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/25 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/17 03:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/11 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/02 00:25:30 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/02 00:25:30 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/02 00:25:29 | 000,523,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/07/16 18:16:50 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/16 18:16:30 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 18:15:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[18 C:\Documents and Settings\Ramz\Desktop\*.tmp files -> C:\Documents and Settings\Ramz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/17 16:18:43 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\X1i7110YY.dat
[2010/05/24 04:30:04 | 003,706,235 | ---- | C] () -- C:\Documents and Settings\Ramz\Application Data\Katy Perry ft Snoop Dogg - California Girls.zip
[2010/05/19 07:18:04 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Ramz\Application Data\Windowz.exe
[2008/11/22 23:45:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\PUTTY.RND
[2008/06/11 09:54:45 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\fusioncache.dat
[2007/06/25 12:00:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/06/23 00:17:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/11 00:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/06/11 00:29:39 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/06/11 00:29:38 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/11 00:29:37 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/11 00:29:35 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/11 00:29:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/30 19:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/03/19 18:48:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/19 16:32:05 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\wmatime.dll
[2006/10/31 23:36:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2006/08/30 02:00:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/08/30 02:00:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/08/30 02:00:11 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/08/30 02:00:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/08/30 01:59:48 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/08/29 18:14:18 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ramz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/05 01:57:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/05 01:15:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 01:07:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/05/05 01:05:14 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/05/05 01:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/05/05 01:01:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/05 01:01:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/05 01:01:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/05 01:01:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/05 01:01:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/05 01:01:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/05 00:57:08 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/05/05 00:55:41 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/05/05 00:38:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/04 23:50:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/04 23:31:54 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/04 23:31:29 | 000,360,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\tcpip.sys
[2006/01/05 21:49:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2006/01/05 20:36:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/12/09 17:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/28 21:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/13 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/04/16 16:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/09/03 17:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/28 17:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/13 15:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/06/27 18:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\3M
[2010/08/21 19:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\BitTorrent
[2009/05/27 19:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\CiscoCAA
[2008/09/03 01:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\DNA
[2006/12/01 04:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\InterVideo
[2006/10/29 18:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Leadertech
[2010/05/13 21:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\MSNInstaller
[2009/09/03 16:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Research In Motion
[2007/04/01 17:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Smartsims
[2006/08/29 21:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\Teleca
[2007/03/31 16:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ramz\Application Data\toshiba
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/04 14:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/05 16:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/05 00:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/09/25 01:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/09/25 02:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/06/29 18:21:46 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/09/29 10:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/04 11:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/09/30 12:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/09/30 13:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/04 14:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/09/11 03:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/04 15:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/05 16:25:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/04 17:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/05 18:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/04 19:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/04 20:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/04 21:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/04 22:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/04 23:25:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/09/26 00:49:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/26 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/09/25 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/09/17 03:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/09/11 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/08/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/06/29 18:24:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/09/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/01 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/10/04 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/09/30 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/10/04 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/10/04 15:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/10/04 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/10/05 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/10/05 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/10/05 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/10/04 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/04 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/10/04 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/10/04 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/17 16:16:27 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/05/04 23:46:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/23 02:14:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/11 16:07:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2006/05/04 23:46:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/05 18:53:53 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/04 23:46:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/27 22:18:12 | 000,007,869 | ---- | M] () -- C:\JavaRa.log
[2006/05/04 23:46:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/05 18:53:52 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/11/24 02:04:16 | 000,007,474 | ---- | M] () -- C:\ReadmeFirst.htm
[2007/06/01 23:26:06 | 000,919,502 | ---- | M] () -- C:\TB.log


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/04 16:38:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/04 16:38:47 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/04 16:38:47 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Edited by rg01, 05 October 2010 - 05:21 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP