OTL logfile created on: 9/12/2012 1:49:43 PM - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\jpunzi.CSSI\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.67% Memory free 3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.60% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 124.81 Gb Free Space | 83.74% Space Free | Partition Type: NTFS Drive N: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS Drive P: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS Drive R: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS Drive X: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS Computer Name: JPUNZI | User Name: jpunzi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/09/12 13:30:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe PRC - [2012/09/10 13:47:58 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012/09/05 06:35:37 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/09/05 06:35:42 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012/09/05 06:35:40 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe MOD - [2012/09/05 06:35:37 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012/09/10 13:47:58 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/09/05 06:35:40 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/07/27 18:08:39 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/01/15 21:12:39 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008/01/15 21:10:51 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E CC 2A 9D 66 87 CD 01 [binary data] IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C3BFF056-E42B-423E-88CC-3E544EC169A4}&mid=7a4e3e61d2af47d0a423d15586587681-fc0625d6e6c52d5badb4219494a8b2d26f9291d2&lang=en&ds=AVG&pr=fr&d=2012-08-02 11:52:05&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledAddons: LogMeInClient@logmein.com:1.0.0.932 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={C3BFF056-E42B-423E-88CC-3E544EC169A4}&mid=7a4e3e61d2af47d0a423d15586587681-fc0625d6e6c52d5badb4219494a8b2d26f9291d2&lang=en&ds=AVG&pr=fr&d=2012-08-02 11:52:05&v=12.2.5.32&sap=ku&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/09/05 06:35:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/27 16:14:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox\components [2012/09/07 08:22:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox\plugins [2012/08/30 18:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Extensions [2012/08/30 18:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions [2012/08/30 18:18:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\LogMeInClient@logmein.com [2012/07/31 10:30:21 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\personas@christopher.beard.xpi [2012/07/31 10:09:34 | 000,042,336 | ---- | M] () (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012/09/05 06:35:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\12.2.5.32 O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343418683968 (WUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.252.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cssi.org O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E730D5D-1AD3-4423-84BE-32FBB22FF2EC}: DhcpNameServer = 71.242.0.12 71.252.0.12 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/27 12:03:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/09/12 13:48:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\aswMBR.exe [2012/09/12 13:30:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe [2012/09/10 13:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/09/10 13:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/09/10 11:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/09/07 08:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox [2012/09/05 06:35:40 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/09/04 11:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\CutePDF Writer [2012/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Sun [2012/08/31 06:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla [2012/08/31 06:51:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\PrivacIE [2012/08/31 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Temp [2012/08/31 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Adobe [2012/08/30 18:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Thunderbird [2012/08/30 18:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Adobe [2012/08/30 18:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG Secure Search [2012/08/30 18:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\ICAClient [2012/08/30 18:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Macromedia [2012/08/30 18:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla [2012/08/30 18:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\OpenOffice.org [2012/08/30 18:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Symantec [2012/08/30 18:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Sun [2012/08/30 18:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments [2012/08/30 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\CCH PDFs [2012/08/30 18:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Daily New Bond [2012/08/30 18:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Dimeo CCH [2012/08/30 18:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Dimeo Month End [2012/08/30 18:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Excel Completed [2012/08/30 18:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Exercises [2012/08/30 18:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Excel Files [2012/08/30 18:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\IWM [2012/08/30 18:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Molewski Performance [2012/08/30 18:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\My Pictures [2012/08/30 18:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RemoteConnections [2012/08/30 18:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Reps [2012/08/30 18:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Rules [2012/08/30 18:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Time Sheets [2012/08/30 17:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Downloads [2012/08/30 17:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Thunderbird [2012/08/30 14:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG2012 [2012/08/30 14:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\AVG Secure Search [2012/08/30 14:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Identities [2012/08/30 14:32:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\My Pictures [2012/08/30 14:32:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\My Music [2012/08/30 14:32:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\IETldCache [2012/08/30 14:32:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft [2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\SendTo [2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Recent [2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data [2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Startup [2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu [2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents [2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Favorites [2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Accessories [2012/08/30 14:32:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\Cookies [2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Templates [2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\PrintHood [2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\NetHood [2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings [2012/08/30 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Microsoft [2012/08/30 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/09/12 13:48:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\aswMBR.exe [2012/09/12 13:30:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe [2012/09/12 13:09:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/09/12 13:09:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/09/12 11:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2012/09/12 10:51:25 | 094,624,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/09/12 10:40:25 | 000,286,551 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Flash.pdf [2012/09/12 08:31:23 | 000,179,234 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 091112final.pdf [2012/09/11 12:02:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/09/11 08:35:03 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to Team5-Daily-TeamMetrics2012.lnk [2012/09/10 11:33:12 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/09/05 06:35:40 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/09/04 17:01:57 | 000,181,134 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 083112final.pdf [2012/09/04 11:19:53 | 000,034,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/09/04 07:33:46 | 006,571,016 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments.zip [2012/08/31 06:53:14 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/08/31 06:53:14 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Mozilla Firefox.lnk [2012/08/30 14:17:35 | 000,003,080 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/08/29 15:23:30 | 000,001,740 | -H-- | M] () -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Default.rdp [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2012/08/17 06:59:11 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/08/16 15:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/09/12 11:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2012/09/12 08:31:21 | 000,179,234 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 091112final.pdf [2012/09/11 12:02:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/09/11 08:35:03 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to Team5-Daily-TeamMetrics2012.lnk [2012/09/04 14:31:39 | 000,181,134 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 083112final.pdf [2012/09/04 07:33:45 | 006,571,016 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments.zip [2012/08/31 06:53:14 | 000,001,157 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/08/30 18:18:36 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/08/30 18:06:24 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to RTS Daily Unrecon.lnk [2012/08/30 18:06:24 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\settings.inf [2012/08/30 18:06:23 | 000,040,674 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\serializedRules.dat [2012/08/30 18:06:22 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RulesManager.lnk [2012/08/30 18:06:21 | 000,092,276 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Rules.zip [2012/08/30 18:06:19 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Round Table Remote.lnk [2012/08/30 18:06:12 | 000,155,224 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RealId_Card.pdf [2012/08/30 18:06:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\joejun.pri [2012/08/30 18:06:11 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Mozilla Firefox.lnk [2012/08/30 18:06:11 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\North Star info.lnk [2012/08/30 18:06:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\IWM info.lnk [2012/08/30 18:06:06 | 000,286,551 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Flash.pdf [2012/08/30 18:05:54 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\FAMCO Remote.lnk [2012/08/30 18:05:52 | 000,091,898 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\DIMEO INI.zip [2012/08/30 18:05:50 | 000,124,233 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\coffebacon.jpg [2012/08/30 18:05:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\CompiledRules.dll [2012/08/30 18:05:34 | 000,107,812 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan630.pdf [2012/08/30 18:05:33 | 000,107,610 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan331.pdf [2012/08/30 18:05:32 | 000,110,874 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan1231.pdf [2012/08/30 18:05:30 | 000,046,472 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryaj401-march.pdf [2012/08/30 18:05:29 | 000,046,512 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryaj401-dec.pdf [2012/08/30 18:05:28 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\baton [2012/08/30 17:58:34 | 000,001,145 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Mozilla Firefox.lnk [2012/08/30 17:58:25 | 000,001,740 | -H-- | C] () -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Default.rdp [2012/08/30 14:32:42 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/08/30 14:32:42 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Internet Explorer.lnk [2012/08/30 14:32:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012/08/30 14:32:35 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Outlook Express.lnk [2012/08/30 14:32:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Remote Assistance.lnk [2012/08/30 14:32:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Windows Media Player.lnk [2012/07/31 11:12:34 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2012/07/31 07:59:26 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\SN0ELMON.dat [2012/07/31 07:59:17 | 000,172,128 | ---- | C] () -- C:\WINDOWS\_isusr32.dll [2012/07/31 07:58:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll [2012/07/27 18:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/27 17:26:28 | 000,003,080 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/07/27 12:45:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/27 12:23:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012/07/27 12:05:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/07/27 11:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/07/27 05:57:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/07/27 05:55:58 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/01/26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011/01/26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [color=#E56717]========== LOP Check ==========[/color] [2012/08/30 13:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012 [2012/08/02 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\AVG Secure Search [2012/08/02 12:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\AVG2012 [2012/07/30 08:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\Oracle [2012/09/05 06:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012/08/02 13:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/08/02 07:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/09/12 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/07/27 16:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Punzi\Application Data\Thunderbird [2012/08/03 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\AVG Secure Search [2012/08/02 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\AVG2012 [2012/08/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\ICAClient [2012/07/31 08:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\OpenOffice.org [2012/07/27 17:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\Thunderbird [2012/08/30 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG Secure Search [2012/08/30 14:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG2012 [2012/08/30 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\ICAClient [2012/08/30 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\OpenOffice.org [2012/08/30 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Thunderbird [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - [2008/04/14 01:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ) SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll [color=#A23BEC]< MD5 for: SERVICES >[/color] [2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services [color=#A23BEC]< MD5 for: SERVICES.CFG >[/color] [2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg [2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2012/07/27 12:03:11 | 000,001,602 | ---- | M] () MD5=8DE16C7125620D21C6481D3E4EB39715 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc [color=#A23BEC]< MD5 for: SERVICES.RDB >[/color] [2012/04/19 08:43:10 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb [2012/04/19 08:43:10 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb [2012/04/13 06:55:44 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >[/color] "Type" = 32 "Start" = 2 "ErrorControl" = 1 "ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) "DisplayName" = Background Intelligent Transfer Service "DependOnService" = RpcSs [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) "DependOnGroup" = [binary data] "ObjectName" = LocalSystem "Description" = Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. "FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters] "ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security] "Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum] "0" = Root\LEGACY_BITS\0000 "Count" = 1 "NextInstance" = 1 < End of report >