BleepingComputer.com: Fatal System Error

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Fatal System Error

#31 User is offline   nflskins12 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 33
  • Joined: 04-June 10

Posted 08 May 2011 - 04:07 PM

No I do not unfortunately

#32 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,743
  • Joined: 16-August 08
  • Gender:Male

Posted 09 May 2011 - 05:41 PM

Hello, nflskins12.
OK, no worries. The legitimate file wouldn't have shown up with that script anyway and the bad file is gone.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 25..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 21
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-s.exe to install the newest version.





Step 2


Your Adobe flash is out of date as well. Please go to this website and update your flash.

http://get.adobe.com/flashplayer/

Be careful...IIRC, it also asks to install a McAfee toolbar and the default is 'yes'. Make sure to look before you click OK if you don't want it.



Step 3

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 4

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


etavares

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#33 User is offline   nflskins12 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 33
  • Joined: 04-June 10

Posted 09 May 2011 - 09:07 PM

OK here are the following OTL reports:


OTL.txt

OTL logfile created on: 5/9/2011 9:56:50 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\genoveck\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.15 Gb Free Space | 16.31% Space Free | Partition Type: NTFS

Computer Name: GENOVECK-WS | User Name: genoveck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 18:39:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/05 19:17:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\genoveck\Desktop\OTL.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2007/12/13 12:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/09/13 15:13:14 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 16:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 16:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 16:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 16:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 19:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 19:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/03/11 21:34:40 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Temp\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/11 21:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Temp\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Temp\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/06/13 07:57:32 | 000,151,104 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2006/06/13 07:57:30 | 000,012,224 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2006/06/13 07:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2006/06/13 07:51:24 | 000,389,632 | ---- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
PRC - [2006/05/15 15:52:22 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2006/05/02 09:17:16 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe
PRC - [2006/04/13 09:33:06 | 000,036,864 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
PRC - [2006/04/04 11:25:06 | 000,180,224 | ---- | M] () -- C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
PRC - [2004/05/17 13:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2002/03/12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 19:17:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\genoveck\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/05 18:47:46 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2007/12/13 12:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/06/06 16:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 16:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 16:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 19:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/03/28 21:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/03/11 22:02:52 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Temp\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:24:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Temp\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/09/02 16:36:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/11 14:51:04 | 000,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2006/06/13 07:57:32 | 000,151,104 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2006/06/13 07:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2006/05/02 09:17:16 | 000,061,440 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110505.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110505.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/01 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/05/09 11:46:16 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2007/05/09 11:44:06 | 000,083,584 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/05/09 11:43:38 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/05/09 11:43:38 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007/05/09 11:41:48 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/28 21:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 21:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/09 10:38:22 | 000,506,159 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2006/09/25 11:44:52 | 000,043,280 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2006/09/25 08:54:54 | 000,160,209 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/05/23 15:39:04 | 010,304,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006/03/03 17:50:48 | 000,038,416 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2006/02/23 18:21:14 | 000,008,192 | ---- | M] (Compal) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CPEb.sys -- (CPEb)
DRV - [2005/12/12 04:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/27 15:15:14 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2005/10/12 12:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 12:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2005/05/26 17:14:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/05/23 14:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/01/03 14:51:38 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/06/01 17:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 18:39:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 21:40:41 | 000,000,000 | ---D | M]

[2009/09/20 19:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\genoveck\Application Data\Mozilla\Extensions
[2010/12/12 19:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\genoveck\Application Data\Mozilla\Firefox\Profiles\ix080kje.default\extensions
[2011/05/09 21:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/09 21:51:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/09 21:51:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/09 21:51:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/05/06 18:46:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\Temp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe ()
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Temp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\genoveck\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\..Trusted Domains: udayton.edu ([udsoftware] http in Local intranet)
O15 - HKU\S-1-5-21-551032083-2118134261-4152239498-1006\..Trusted Domains: udayton.edu ([udsoftware] https in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182951779109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\genoveck\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\genoveck\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/26 17:42:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 21:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/09 21:51:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/09 21:51:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/09 21:51:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/09 21:51:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/09 21:42:21 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\genoveck\Desktop\install_flash_player.exe
[2011/05/09 21:27:05 | 016,758,560 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\genoveck\Desktop\jre-6u24-windows-i586-s.exe
[2011/05/07 10:49:48 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\genoveck\Desktop\esetsmartinstaller_enu.exe
[2011/05/06 18:45:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 18:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/06 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/06 18:42:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\genoveck\Desktop\erunt-setup.exe
[2011/05/05 19:48:06 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\genoveck\Desktop\aswMBR.exe
[2011/05/05 19:17:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\genoveck\Desktop\OTL.exe
[2011/05/02 17:53:22 | 001,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011/04/14 13:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\genoveck\Desktop\Random Pics
[2007/06/27 10:48:10 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2007/06/27 08:32:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/05/09 21:51:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/09 21:51:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/09 21:51:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/09 21:51:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/09 21:51:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/09 21:49:06 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-551032083-2118134261-4152239498-1006UA.job
[2011/05/09 21:49:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/09 21:47:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 21:45:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 21:42:25 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\genoveck\Desktop\install_flash_player.exe
[2011/05/09 21:40:41 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/09 21:40:33 | 016,758,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\genoveck\Desktop\jre-6u24-windows-i586-s.exe
[2011/05/09 19:18:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/09 13:49:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-551032083-2118134261-4152239498-1006Core.job
[2011/05/08 10:50:15 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\fixit.reg
[2011/05/07 10:54:47 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\genoveck\Desktop\esetsmartinstaller_enu.exe
[2011/05/07 10:46:16 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\SystemLook.exe
[2011/05/06 18:46:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/06 18:43:11 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\genoveck\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/06 18:43:08 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\NTREGOPT.lnk
[2011/05/06 18:43:08 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\ERUNT.lnk
[2011/05/06 18:42:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\genoveck\Desktop\erunt-setup.exe
[2011/05/05 19:49:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\MBR.dat
[2011/05/05 19:48:07 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\genoveck\Desktop\aswMBR.exe
[2011/05/05 19:17:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\genoveck\Desktop\OTL.exe
[2011/04/29 17:44:01 | 000,003,589 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\1.hosts
[2011/04/28 12:38:30 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\New Microsoft Office Document (2).lnk
[2011/04/19 12:37:17 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\genoveck\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/18 16:44:34 | 000,009,118 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\Confused.rtf
[2011/04/15 10:03:32 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\genoveck\Desktop\Meeting Notes.rtf

========== Files Created - No Company Name ==========

[2011/05/09 21:40:41 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/08 10:50:15 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\genoveck\Desktop\fixit.reg
[2011/05/07 10:46:14 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\genoveck\Desktop\SystemLook.exe
[2011/05/06 18:43:11 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\genoveck\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/06 18:43:08 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\genoveck\Desktop\NTREGOPT.lnk
[2011/05/06 18:43:08 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\genoveck\Desktop\ERUNT.lnk
[2011/05/05 19:49:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\genoveck\Desktop\MBR.dat
[2010/12/08 13:00:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/03 15:08:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/26 05:39:24 | 008,540,353 | ---- | C] () -- C:\Documents and Settings\genoveck\Application Data\Katy Perry - Firework.zip
[2010/06/30 11:19:37 | 000,833,481 | ---- | C] () -- C:\WINDOWS\XSitePro2 Uninstaller.exe
[2010/06/03 21:24:13 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 21:24:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/03 21:24:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/03 21:24:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/03 15:02:29 | 003,563,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 15:02:18 | 000,141,104 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2010/04/21 15:02:18 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2010/04/21 14:38:09 | 000,141,251 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2010/04/21 14:38:08 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2009/12/01 22:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/09/16 19:05:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/04 00:23:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/09/04 00:23:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/09/04 00:23:32 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/09/04 00:18:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/09/04 00:18:00 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/07/13 00:46:17 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\genoveck\Application Data\mcs.rma
[2008/07/13 00:46:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\genoveck\Application Data\A4F500
[2008/03/30 10:30:30 | 000,096,597 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/10 23:15:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/19 12:53:29 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2007/12/22 13:24:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/09/05 22:37:31 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/28 23:00:02 | 000,001,516 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/26 15:56:50 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/25 20:56:22 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\genoveck\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/25 20:06:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/27 11:01:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/27 10:48:11 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\tsnp2std.exe
[2007/06/27 10:48:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SNCTRL.exe
[2007/06/27 10:48:10 | 010,304,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2007/06/27 10:48:10 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2007/06/27 10:48:10 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2007/06/27 10:18:30 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/06/27 09:09:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/27 08:27:48 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2007/06/27 08:25:51 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/06/27 08:25:51 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/26 17:44:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/26 17:40:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/26 13:36:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/03 09:52:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/05/03 09:52:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/05/03 09:52:36 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2007/05/03 09:52:36 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2007/05/03 09:52:32 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/05/03 09:52:30 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2007/05/03 09:52:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2007/05/03 09:52:26 | 000,012,736 | ---- | C] () -- C:\WINDOWS\System32\cmdinfo.exe
[2007/05/03 09:52:22 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2007/05/03 09:52:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2007/05/03 09:52:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2007/05/03 09:52:08 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2006/04/04 09:31:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CPEbLib.dll
[2005/01/28 13:31:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/28 13:31:05 | 000,436,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/28 13:31:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/28 13:31:05 | 000,070,526 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:31:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/28 13:30:59 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/28 13:30:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/28 13:30:49 | 000,281,552 | ---- | C] () -- C:\WINDOWS\System32\mswmntke.dll
[2005/01/28 13:30:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/28 13:30:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/28 13:30:31 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/28 13:30:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/28 13:29:29 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/03/17 03:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 03:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/04/17 14:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999/08/07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

< End of report >


Extras.txt

OTL Extras logfile created on: 5/9/2011 9:56:50 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\genoveck\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 12.15 Gb Free Space | 16.31% Space Free | Partition Type: NTFS

Computer Name: GENOVECK-WS | User Name: genoveck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-551032083-2118134261-4152239498-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CmdHere] -- C:\WINDOWS\System32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Disabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
"C:\Documents and Settings\genoveck\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\genoveck\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Integrated Camera
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7878B1D4-B2CB-4EA8-9A0A-7E0575D23B96}" = ZENworks Desktop Management Agent
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BD4FF5E7-06CA-41E1-AFC1-CCA8F5B686B5}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE114DB8-D43B-4C88-842E-573E8EFB1613}" = Sidewalker
"{C098DAEC-29EF-4A59-B18E-0E950169CA3C}" = Western Australian Time Zone Update
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
"{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE7D7E78-B9FD-4CAE-B223-10C6E5B307E7}" = Webroot® Client
"4U WMA MP3 Converter_is1" = 4U WMA MP3 Converter 5.9.3
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"BitTorrent" = BitTorrent
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"FileZilla" = FileZilla (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{BE114DB8-D43B-4C88-842E-573E8EFB1613}" = Sidewalker
"InterActual Player" = InterActual Player
"iPowerHour_is1" = iPowerHour 2.5
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Macromedia Authorware Web Player" = Macromedia Authorware Web Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"ObjectDock" = ObjectDock
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XSitePro2" = XSitePro2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2011 8:40:25 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 4/29/2011 8:40:34 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 4/29/2011 8:40:34 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 4/29/2011 8:40:34 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 4/29/2011 8:40:43 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.

Error - 4/29/2011 8:40:43 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: C:\WINDOWS\system32\b.dll by:
Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 5/5/2011 6:49:43 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: by: Auto-Protect scan. Action:
Quarantine succeeded : Access denied. Action Description: The file was quarantined
successfully.

Error - 5/5/2011 6:50:00 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: by: Auto-Protect scan. Action:
Quarantine succeeded : Access denied. Action Description: The file was quarantined
successfully.

Error - 5/5/2011 6:50:00 PM | Computer Name = GENOVECK-WS | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.Gen in File: by: Auto-Protect scan. Action:
Quarantine succeeded : Access denied. Action Description: The file was quarantined
successfully.

Error - 5/9/2011 9:55:15 PM | Computer Name = GENOVECK-WS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 4/20/2010 2:23:05 PM | Computer Name = GENOVECK-WS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1900 seconds with 1320 seconds of active time. This session ended with a
crash.

Error - 6/7/2010 9:15:42 PM | Computer Name = GENOVECK-WS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11450 seconds with 5460 seconds of active time. This session ended with
a crash.

Error - 6/7/2010 9:53:52 PM | Computer Name = GENOVECK-WS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2167 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 2/7/2011 7:30:16 PM | Computer Name = GENOVECK-WS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1193969
seconds with 20460 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/9/2011 9:45:44 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:45:44 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:45:44 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:45:54 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:46:13 PM | Computer Name = GENOVECK-WS | Source = Service Control Manager | ID = 7000
Description = The MAC Bridge Miniport service failed to start due to the following
error: %%2

Error - 5/9/2011 9:46:13 PM | Computer Name = GENOVECK-WS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 5/9/2011 9:46:15 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:47:11 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:47:59 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 5/9/2011 9:48:11 PM | Computer Name = GENOVECK-WS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.


< End of report >

#34 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,743
  • Joined: 16-August 08
  • Gender:Male

Posted 10 May 2011 - 04:54 PM

Hello, nflskins12.

A few notes.

First, Java did not seem to update to version 25. It looks like you attempted it based on the file logs, but it's still showing version 24. You may want to uninstall version 24, then redownload and reinstall 25.

You also have a small amount of RAM memory on this computer (1GB). If you're looking for a cost effective upgrade, you may want to replace the RAM. You were literally using 91% of the available RAM in your first post which is very, very high.

Next, you're currently running Windows XP Service Pack 2. The current version is Service Pack 3. Microsoft stopped supporting Service pack 2 on July 13, 2010. That means no more updates unless you're on service pack 3. I strongly urge you to upgrade. I would backup first, then apply the update. Service Pack Updates are fairly major updates and so that is why I recommend a backup. There is a small, but measureable chance it will brick the machien and require a reinstall and backup restoration.



With all of that, how is your computer running? We can clean up if it's OK on your end.

etavares

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#35 User is offline   nflskins12 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 33
  • Joined: 04-June 10

Posted 10 May 2011 - 05:13 PM

Ok I'll look into those options. My computer seems to be running fine so let's go ahead and clean it up.

#36 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,743
  • Joined: 16-August 08
  • Gender:Male

Posted 11 May 2011 - 04:57 PM

Hello, nflskins12.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the Posted Image icon to start the program.
  • Then, click the big Posted Image button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.




Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  • Go to Start --> All Programs --> Accessories --> System Tools --> System Restore.
  • Select Create a Restore Point and click Next.
  • Give the restore point a name and press create.
  • You'll see it work, then say that it was created sucessfully. Click Close.



Now, we need to remove the old, infected points using DiskCleanup.
  • Click on Start --> Run.
  • Type in cleanmgr into the run box and hit OK.
  • Select C: and press OK
  • Select the More Options tab.
  • Click on Clean up in the System Restore section..
  • Click OK.
  • You'll get a couple of prompts asking if you're sure you want do to this, select Yes and OK for them.
  • Disk cleanup will remove the old restore points that included the malware.


If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image

  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#37 User is offline   nflskins12 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 33
  • Joined: 04-June 10

Posted 11 May 2011 - 06:02 PM

Cleaned everything up and things are looking good. Thank you SO much!

#38 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,743
  • Joined: 16-August 08
  • Gender:Male

Posted 11 May 2011 - 06:47 PM

No problem. Safe surfing!

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#39 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,743
  • Joined: 16-August 08
  • Gender:Male

Posted 16 May 2011 - 06:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users