Presenting Symptoms: Couldn't run anything even remotely geared towards cleaning my computer. Was running AVG at the time, of course it didn't catch it (says my husband behind me). Everything in my computer slowed down. She's an old baby, so I decided to shut her down and give her a breather. When I cranked it back up it sounded like an Atari "pew pew pew" and I had this screen up saying I have a boot virus and how do I want to proceed blah blah.
Treatment: I booted in safe mode, ran AVG, nothing. Ran Malwarebytes Anti-malware, nothing. Said well okay, reboot in Safe mode with networking, ran Trendmicro house call. It located the [bleep] and said it took care of it. Reboot everything in normal mode, go to run housecall once more just to make sure, and now it won't let me run house call. Won't let me run malwarebytes either. Oh hey, AVG works, but nothing coming up there. Kicked AVG to the curb, downloaded Avast! (love it, like some bands just an anti-virus Arr pirates), gave me trouble downloading, moved to safe mode with networking, installed, then moved BACK to normal mode and ran it. It found the [bleep] again, cleaned it, and here we are running relatively normal. A little slower than before, but things are working again.
HOWEVER.
Residual complications: I still have Atari when I boot up my computer. Makes me think of asteroids. I've run Avast! again! and Malwarebytes and even ccleaner for giggles and it is still showing up nothing. I sit and stare at the bugger sitting in the virus vault, taunting him, wondering if he's like that guy in the movie "Law Abiding Citizen", got into the vault just so he could mess with me even more..
Regardless. I hope this has been entertaining. I put a bit of system info in my profile (I can copy+paste). If you need to more, tell me what it is and where I might find it and hopefully I can oblige you.
Oh, the little [bleep]'s name is Win32:FakeAlert-FW
[Edited for Logs extras came with OTL so I attached it as well, not sure if necessary]
OTL logfile created on: 1/3/2010 4:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\bearyfaery\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
256.00 Mb Total Physical Memory | 38.00 Mb Available Physical Memory | 15.00% Memory free
620.00 Mb Paging File | 200.00 Mb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 11.23 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 6.05 Gb Free Space | 8.12% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NATALIE
Current User Name: bearyfaery
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/03 15:59:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bearyfaery\My Documents\Downloads\OTL.exe
PRC - [2009/12/17 19:15:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/18 10:43:38 | 00,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/01/03 15:59:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bearyfaery\My Documents\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/18 10:43:38 | 00,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/03/04 17:11:57 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/10/29 23:35:25 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "igoogle.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/30 18:48:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 19:15:52 | 00,000,000 | ---D | M]
[2008/08/26 17:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Extensions
[2010/01/02 17:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Firefox\Profiles\l7wn54xf.default\extensions
[2009/12/09 19:55:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bearyfaery\Application Data\Mozilla\Firefox\Profiles\l7wn54xf.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/02 17:56:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (768 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://portal.scdmh...LL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/16 19:54:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell00\Command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell01\Command - "" = I:\Autorun.exe -- File not found
O33 - MountPoints2\{486690f4-869b-11dc-87bd-000c6e19b950}\Shell\Shell02\Command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/29 23:41:04 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)
========== Files/Folders - Created Within 14 Days ==========
[2010/01/03 15:05:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/03 15:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/02 15:09:52 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/02 15:09:45 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/02 15:09:38 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/02 15:08:34 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010/01/02 15:07:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/02 15:07:58 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/02 15:07:57 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/02 15:07:57 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/02 15:06:16 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/02 15:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/02 14:40:15 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\bearyfaery\Desktop\avast_home_setup.exe
[2010/01/02 13:16:55 | 00,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2010/01/02 13:16:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/02 13:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bearyfaery\Application Data\InstallShield
[2010/01/02 13:08:04 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/02 12:51:31 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\bearyfaery\Desktop\HousecallLauncher.exe
[2010/01/01 21:26:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\bearyfaery\Recent
[2010/01/01 20:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Star.Wars.ALL.MOViES.DVDRip.XviD
[2010/01/01 20:01:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee - The Music [2009][Volume 2][ITunes][MusicRoutes.Blogspot] [caprio4us]
[2010/01/01 19:17:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E12.HDTV.XviD-P0W4
[2010/01/01 16:20:45 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/12/27 23:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\edgynm
[2009/12/25 21:10:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Jumper[2008]DvDrip.AC3-aXXo
[2009/12/25 15:28:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Muse
[2007/01/14 14:19:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/11/22 10:00:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/20 23:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/09/24 06:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/28 04:49:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
[2010/01/03 15:05:31 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/03 15:05:25 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\NTREGOPT.lnk
[2010/01/03 15:05:25 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\ERUNT.lnk
[2010/01/03 14:56:49 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/03 14:18:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/03 14:17:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/03 14:17:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/03 14:17:10 | 26,801,3568 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/03 14:16:20 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\bearyfaery\NTUSER.DAT
[2010/01/03 14:15:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\bearyfaery\ntuser.ini
[2010/01/03 12:28:05 | 03,240,298 | -H-- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\IconCache.db
[2010/01/02 15:10:08 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2010/01/02 15:07:58 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/02 14:40:18 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\bearyfaery\Desktop\avast_home_setup.exe
[2010/01/02 13:08:06 | 00,001,992 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\HiJackThis.lnk
[2010/01/02 12:53:21 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\housecall.guid.cache
[2010/01/02 12:51:34 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\bearyfaery\Desktop\HousecallLauncher.exe
[2010/01/01 20:04:03 | 36,767,6980 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E09.HDTV.XviD-2HD.[VTV].avi
[2009/12/30 18:54:38 | 00,043,304 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\target1.pdf
[2009/12/30 18:53:08 | 00,090,025 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\1 Inch Diamonds.pdf
[2009/12/30 18:52:38 | 00,016,648 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\rifle_target.pdf
[2009/12/30 18:52:20 | 00,014,762 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\pistol_target.pdf
[2009/12/30 18:51:50 | 00,092,117 | ---- | M] () -- C:\Documents and Settings\bearyfaery\Desktop\15 Small Circles.pdf
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/27 22:31:22 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2009/12/23 13:50:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/20 18:18:41 | 17,829,0628 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\[DB]_Bleach_250_[B568DD26].avi
========== Files Created - No Company Name ==========
[2010/01/03 15:05:31 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/03 15:05:25 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\NTREGOPT.lnk
[2010/01/03 15:05:25 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\ERUNT.lnk
[2010/01/03 14:47:02 | 00,092,117 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\15 Small Circles.pdf
[2010/01/03 14:47:02 | 00,090,025 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\1 Inch Diamonds.pdf
[2010/01/03 14:47:02 | 00,043,304 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\target1.pdf
[2010/01/03 14:47:02 | 00,016,648 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\rifle_target.pdf
[2010/01/03 14:47:02 | 00,014,762 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\pistol_target.pdf
[2010/01/02 15:19:53 | 26,801,3568 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/02 15:10:08 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2010/01/02 15:06:16 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/01/02 13:08:06 | 00,001,992 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Desktop\HiJackThis.lnk
[2010/01/02 12:53:21 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\housecall.guid.cache
[2010/01/01 19:16:09 | 36,767,6980 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Glee.S01E09.HDTV.XviD-2HD.[VTV].avi
[2009/12/20 18:09:40 | 17,829,0628 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\[DB]_Bleach_250_[B568DD26].avi
[2008/08/20 16:32:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/03 21:38:45 | 00,001,799 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/11/25 23:56:48 | 00,000,059 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2007/10/31 11:20:10 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\bearyfaery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/30 22:44:32 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/10/30 22:29:24 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2008/08/20 16:30:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HotSync
[2007/11/19 00:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2009/11/01 20:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/04/18 22:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2009/10/26 19:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/29 17:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/25 21:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Aim
[2007/12/26 15:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Canon
[2008/09/16 07:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Check Point
[2009/10/31 17:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\FileZilla
[2008/08/18 21:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Flickr
[2008/08/20 16:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\HotSync
[2008/08/20 16:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Leadertech
[2009/09/29 19:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\mjusbsp
[2007/12/26 00:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\Opera
[2007/11/19 00:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\PlayFirst
[2010/01/02 15:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\bearyfaery\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 18:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 18:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/03 18:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:60C47453
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:74699137
< End of report >
OTL Extras logfile created on: 1/3/2010 4:01:34 PM - Run 1
OTL by OldTimer - Version 3.1.20.2 Folder = C:\Documents and Settings\bearyfaery\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
256.00 Mb Total Physical Memory | 38.00 Mb Available Physical Memory | 15.00% Memory free
620.00 Mb Paging File | 200.00 Mb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 11.23 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 6.05 Gb Free Space | 8.12% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NATALIE
Current User Name: bearyfaery
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"6988:TCP" = 6988:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3246:TCP" = 3246:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"6988:TCP" = 6988:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe" = C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service -- (Check Point Software Technologies)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek -- File not found
"C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe" = C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service -- (Check Point Software Technologies)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\bearyfaery\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\bearyfaery\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72dee693-a008-40dd-9ba2-e44aef2361a9}" = Check Point SSL Network Extender Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{bdd1702c-bcf5-4a65-8cce-1dddb8a18d53}" = Check Point Deployment Shell
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.0
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.4.1
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registry Mechanic_is1" = Registry Mechanic 7.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/3/2009 9:32:35 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/3/2009 9:32:38 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2009 11:57:47 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/10/2009 11:31:49 AM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application magicJack.exe, version 1.80.499.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/11/2009 8:26:42 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/11/2009 8:28:33 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/11/2009 9:40:14 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1442353534.
Error - 9/13/2009 10:35:01 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/13/2009 10:35:02 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9215.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/17/2009 10:04:44 PM | Computer Name = NATALIE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 1/3/2010 12:47:39 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7034
Description = The Error Reporting Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 1/3/2010 12:47:39 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/3/2010 12:47:40 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7034
Description = The Fast User Switching Compatibility service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/3/2010 12:47:40 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7031
Description = The Help and Support service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7031
Description = The Check Point SSL Network Extender service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
500 milliseconds: Restart the service.
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = VNA | ID = 1
Description = Check Point Virtual Network Adapter: Check Point Virtual Network Adapter:
get_nextlog-->
Error - 1/3/2010 3:09:31 PM | Computer Name = NATALIE | Source = VNA | ID = 1
Description = Check Point Virtual Network Adapter: -->: Unexpected IRP !!!
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 15:59:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BEARYF~1\LOCALS~1\Temp\pxldqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF78046B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF7804574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF7804A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF780414C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF780464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF780408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF78040F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF780476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF780472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF78048AE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\ACPI \Device\00000043 820D2CB8
Device \Driver\ACPI \Device\00000046 820D2CB8
Device \Driver\ACPI \Device\00000054 820D2CB8
Device \Driver\ACPI \Device\00000061 820D2CB8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\ACPI \Device\00000062 820D2CB8
Device \Driver\ACPI \Device\00000049 820D2CB8
Device \Driver\ACPI \Device\00000057 820D2CB8
Device \Driver\ACPI \Device\00000058 820D2CB8
Device \Driver\ACPI \Device\00000059 820D2CB8
Device \Driver\ACPI \Device\0000004a 820D2CB8
Device \Driver\ACPI \Device\0000004b 820D2CB8
Device \Driver\ACPI \Device\0000004c 820D2CB8
Device \Driver\ACPI \Device\0000005a 820D2CB8
Device \Driver\ACPI \Device\0000005b 820D2CB8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\ACPI \Device\0000005d 820D2CB8
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\ACPI \Device\0000005e 820D2CB8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Attached Files
Edited by chamber, 08 January 2010 - 04:03 AM.
Pasted in logs