OTL logfile created on: 1/3/2010 4:01:34 PM - Run 1 OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\bearyfaery\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 256.00 Mb Total Physical Memory | 38.00 Mb Available Physical Memory | 15.00% Memory free 620.00 Mb Paging File | 200.00 Mb Available in Paging File | 32.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 11.23 Gb Free Space | 15.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 74.52 Gb Total Space | 6.05 Gb Free Space | 8.12% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NATALIE Current User Name: bearyfaery Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/01/03 15:59:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bearyfaery\My Documents\Downloads\OTL.exe PRC - [2009/12/17 19:15:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/12/18 10:43:38 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/01/03 15:59:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bearyfaery\My Documents\Downloads\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/12/18 10:43:38 | 00,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/03/04 17:11:57 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2007/10/29 23:35:25 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "igoogle.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/30 18:48:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 19:15:52 | 00,000,000 | ---D | M] [2008/08/26 17:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Extensions [2010/01/02 17:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Firefox\Profiles\l7wn54xf.default\extensions [2009/12/09 19:55:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Firefox\Profiles\l7wn54xf.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/01/02 17:56:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (768 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [RegistryMechanic] File not found O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.) O4 - Startup: C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://portal.scdmh.org//SNX/CSHELL/extender.cab (SlimClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/10/16 19:54:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell00\Command - "" = I:\Autorun.exe -- File not found O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell01\Command - "" = I:\Autorun.exe -- File not found O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell02\Command - "" = I:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/29 23:41:04 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16892003295952896) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/01/03 15:05:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/01/03 15:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/01/02 15:09:52 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010/01/02 15:09:45 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010/01/02 15:09:38 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010/01/02 15:08:34 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2010/01/02 15:07:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010/01/02 15:07:58 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010/01/02 15:07:57 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010/01/02 15:07:57 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010/01/02 15:06:16 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010/01/02 15:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/01/02 14:40:15 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\bearyfaery\Desktop\avast_home_setup.exe [2010/01/02 13:16:55 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys [2010/01/02 13:16:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/01/02 13:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bearyfaery\Application Data\InstallShield [2010/01/02 13:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010/01/02 12:51:31 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\bearyfaery\Desktop\HousecallLauncher.exe [2010/01/01 21:26:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\bearyfaery\Recent [2010/01/01 20:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Star.Wars.ALL.MOViES.DVDRip.XviD [2010/01/01 20:01:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee - The Music [2009][Volume 2][ITunes][MusicRoutes.Blogspot] [caprio4us] [2010/01/01 19:17:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E12.HDTV.XviD-P0W4 [2010/01/01 16:20:45 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/12/27 23:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\edgynm [2009/12/25 21:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Jumper[2008]DvDrip.AC3-aXXo [2009/12/25 15:28:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Muse [2007/01/14 14:19:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2006/11/22 10:00:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2006/05/20 23:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2004/09/24 06:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2003/07/28 04:49:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010/01/03 15:05:31 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/03 15:05:25 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\NTREGOPT.lnk [2010/01/03 15:05:25 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\ERUNT.lnk [2010/01/03 14:56:49 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/03 14:18:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/03 14:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/03 14:17:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/03 14:17:10 | 26,801,3568 | -HS- | M] () -- C:\hiberfil.sys [2010/01/03 14:16:20 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\bearyfaery\NTUSER.DAT [2010/01/03 14:15:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\bearyfaery\ntuser.ini [2010/01/03 12:28:05 | 03,240,298 | -H-- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\IconCache.db [2010/01/02 15:10:08 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk [2010/01/02 15:07:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/01/02 14:40:18 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\bearyfaery\Desktop\avast_home_setup.exe [2010/01/02 13:08:06 | 00,001,992 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\HiJackThis.lnk [2010/01/02 12:53:21 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\housecall.guid.cache [2010/01/02 12:51:34 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\bearyfaery\Desktop\HousecallLauncher.exe [2010/01/01 20:04:03 | 36,767,6980 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E09.HDTV.XviD-2HD.[VTV].avi [2009/12/30 18:54:38 | 00,043,304 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\target1.pdf [2009/12/30 18:53:08 | 00,090,025 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\1 Inch Diamonds.pdf [2009/12/30 18:52:38 | 00,016,648 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\rifle_target.pdf [2009/12/30 18:52:20 | 00,014,762 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\pistol_target.pdf [2009/12/30 18:51:50 | 00,092,117 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\15 Small Circles.pdf [2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/27 22:31:22 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk [2009/12/23 13:50:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/20 18:18:41 | 17,829,0628 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\[DB]_Bleach_250_[B568DD26].avi [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/03 15:05:31 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/01/03 15:05:25 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\NTREGOPT.lnk [2010/01/03 15:05:25 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\ERUNT.lnk [2010/01/03 14:47:02 | 00,092,117 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\15 Small Circles.pdf [2010/01/03 14:47:02 | 00,090,025 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\1 Inch Diamonds.pdf [2010/01/03 14:47:02 | 00,043,304 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\target1.pdf [2010/01/03 14:47:02 | 00,016,648 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\rifle_target.pdf [2010/01/03 14:47:02 | 00,014,762 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\pistol_target.pdf [2010/01/02 15:19:53 | 26,801,3568 | -HS- | C] () -- C:\hiberfil.sys [2010/01/02 15:10:08 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk [2010/01/02 15:06:16 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2010/01/02 13:08:06 | 00,001,992 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\HiJackThis.lnk [2010/01/02 12:53:21 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\housecall.guid.cache [2010/01/01 19:16:09 | 36,767,6980 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E09.HDTV.XviD-2HD.[VTV].avi [2009/12/20 18:09:40 | 17,829,0628 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\[DB]_Bleach_250_[B568DD26].avi [2008/08/20 16:32:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2007/12/03 21:38:45 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache [2007/11/25 23:56:48 | 00,000,059 | ---- | C] () -- C:\WINDOWS\EntPack.ini [2007/10/31 11:20:10 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/10/30 22:44:32 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll [2007/10/30 22:29:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2008/08/20 16:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HotSync [2007/11/19 00:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst [2009/11/01 20:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP [2009/04/18 22:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint [2009/10/26 19:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/29 17:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/05/25 21:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Aim [2007/12/26 15:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Canon [2008/09/16 07:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Check Point [2009/10/31 17:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\FileZilla [2008/08/18 21:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Flickr [2008/08/20 16:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\HotSync [2008/08/20 16:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Leadertech [2009/09/29 19:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\mjusbsp [2007/12/26 00:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Opera [2007/11/19 00:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\PlayFirst [2010/01/02 15:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/03 18:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/03 18:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/03 18:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B174FAE @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:60C47453 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:74699137 < End of report >