Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/rootkit.agent.ODGtrojan

Started by jolene singh , May 14 2009 08:59 PM

  • This topic is locked This topic is locked

#1
jolene singh
Posted 14 May 2009 - 08:59 PM

jolene singh

    Member

  • Member
  • PipPipPip
  • 104 posts
hi
i have a win32/rootkit.agent.ODGtrojan being detected in my operating memory. it gets detected by NOD32 ver 4 during startup scan. my computer has started hanging after every 10 minutes or so. i went through the previous posts on the similar topic and realise that personalised direction for my computer may be required, hence have not done anything besides those mentioned in the malware removal guide.

the following did not work from the directions given in the guide:
1. System restore installation wouldnt run. an error as "application failed to initialise properly (0xC0000135). click OK to terminate" popped up.
2. malbytes malware got installed but wouldnt run.
3. no rooter.txt was created in the C drive after rooter.exe was executed. the command prompt kind of window flashed on the screen, and a folder called "rooter$" with some files. but no text document.

please help me in removing this as our college's exams will start within a week and i am the net server of my hostel floor. immediate solution is very much in need.

i ran the OTLI scan and am posting the files generated. hope they are helpful.

OTListIt.txt

OTListIt logfile created on: 5/11/2009 2:42:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = E:\geeks to go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 39.51 Mb Available Physical Memory | 17.68% Memory free
546.65 Mb Paging File | 270.53 Mb Available in Paging File | 49.49% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.00 Gb Total Space | 3.13 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 4.65 Gb Free Space | 35.77% Space Free | Partition Type: FAT32
Drive E: | 12.29 Gb Total Space | 6.92 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JS-FA5AC93B58
Current User Name: Jolene S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - E:\cc proxy 6.3.7\CCProxy.exe ()
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\MATLABR11\webserver\bin\matlabserver.exe ()
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - E:\geeks to go\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (gupdate1c9cd5e3caea74e [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (matlabserver [Auto | Running]) -- C:\MATLABR11\webserver\bin\matlabserver.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (aslm75 [Auto | Running]) -- C:\WINDOWS\system32\drivers\aslm75.sys ()
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys (ESET)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\ntsim.sys (VIA Networking Technologies, Inc. )
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (slnt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\slnt.sys (Silan Micro-Electronics Inc.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\windrvr6.sys (Jungo)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://10.239.89.15/...%...&t=ftapv0xy
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/01 09:11:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/05/05 14:19:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CCProxy] E:\cc proxy 6.3.7\CCProxy.exe ()
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe File not found
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Jolene S\Start Menu\Programs\Startup\MyLanViewer.lnk = C:\Program Files\MyLanViewer\MyLanViewer.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....=javadl.sun.com (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{3AAC7FFE-A4DC-4F87-B37A-0ECC49DF839B}\\NameServer = 85.255.112.234,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{A0B7B810-A36D-414C-ADD2-818B5136ECA1}\\NameServer = 85.255.112.234,85.255.112.185
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 19:23:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 14:36:30 | 00,000,368 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/11 14:36:32 | 00,000,296 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/05/11 14:36:30 | 00,000,400 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b25fc39-2525-11de-b7db-000ea68fc036}\Shell\AutoRun\command - "" = L:\fbak.exe -- File not found
O33 - MountPoints2\{0b25fc39-2525-11de-b7db-000ea68fc036}\Shell\open\Command - "" = L:\fbak.exe -- File not found
O33 - MountPoints2\{7900f44a-257e-11de-b7dc-000ea68fc036}\Shell\AutoRun\command - "" = G:\1ogf.exe -- File not found
O33 - MountPoints2\{7900f44a-257e-11de-b7dc-000ea68fc036}\Shell\open\Command - "" = G:\1ogf.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/11 14:26:27 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/11 14:22:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/11 10:47:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/11 10:47:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/11 10:47:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/11 10:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/11 08:22:08 | 00,000,368 | RHS- | C] () -- C:\autorun.inf
[2009/05/11 08:21:19 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2009/05/10 22:19:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\LanViewer
[2009/05/06 14:44:37 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2009/05/06 14:42:07 | 00,006,230 | ---- | C] () -- C:\WINDOWS\RIDE.ini
[2009/05/06 14:42:06 | 00,135,680 | ---- | C] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/05/06 14:42:06 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/05/06 14:42:06 | 00,000,000 | ---D | C] -- C:\RIDE
[2009/05/05 14:21:12 | 00,001,727 | ---- | C] () -- C:\Documents and Settings\Jolene S\Desktop\Gmail.lnk
[2009/05/05 14:18:19 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/05 07:28:11 | 00,000,829 | ---- | C] () -- C:\Documents and Settings\Jolene S\Desktop\Rhymesaurus FREE Edition.lnk
[2009/05/05 07:28:07 | 00,000,000 | ---D | C] -- C:\Program Files\Rhymesaurus FREE Edition
[2009/05/05 07:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\RhymeIt
[2009/05/05 07:08:32 | 00,000,000 | ---D | C] -- C:\Program Files\LAN Communicator
[2009/05/04 16:47:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/05/01 09:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/01 09:11:42 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/01 09:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\Sun
[2009/04/30 19:11:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\jo...koi movie share kar yaar
[2009/04/29 13:07:45 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Jolene S\Start Menu\Programs\Startup\MyLanViewer.lnk
[2009/04/28 07:30:08 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\khq
[2009/04/27 11:24:49 | 00,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\kht
[2009/04/23 20:25:15 | 00,146,944 | ---- | C] () -- C:\Documents and Settings\Jolene S\My Documents\etctesyllabus.doc
[2009/04/21 23:02:03 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\This is to certify that.doc
[2009/04/17 13:58:09 | 00,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2009/04/16 18:54:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/04/16 16:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\Help
[2009/04/15 21:13:25 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/04/15 21:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\BitTorrent
[2009/04/15 21:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\DNA
[2009/04/15 21:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/04/15 12:06:25 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/04/15 12:06:25 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/04/15 12:06:25 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/04/15 03:35:21 | 00,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2009/04/15 03:35:20 | 00,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2009/04/15 03:35:19 | 00,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2009/04/15 03:35:17 | 00,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/04/15 03:35:16 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2009/04/15 03:35:00 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2009/04/15 03:34:58 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2009/04/15 03:34:56 | 00,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2009/04/15 03:34:55 | 00,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2009/04/15 03:34:53 | 00,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2009/04/15 03:34:52 | 00,947,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjava.dll
[2009/04/15 03:34:51 | 00,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2009/04/15 03:34:50 | 00,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2009/04/15 03:34:49 | 00,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2009/04/15 03:34:47 | 00,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2009/04/15 03:34:47 | 00,021,444 | ---- | C] () -- C:\WINDOWS\System32\javasec.hlp
[2009/04/15 03:34:45 | 00,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2009/04/15 03:34:44 | 00,011,403 | ---- | C] () -- C:\WINDOWS\System32\javaperm.hlp
[2009/04/15 03:34:43 | 00,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2009/04/15 03:34:42 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2009/04/15 03:34:03 | 00,000,224 | ---- | C] () -- C:\WINDOWS\MATLAB.INI
[2009/04/15 03:33:49 | 00,645,120 | ---- | C] () -- C:\WINDOWS\System32\config.gms
[2009/04/15 03:28:46 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mllink5.dll
[2009/04/15 03:28:46 | 00,000,020 | ---- | C] () -- C:\WINDOWS\exlink.ini
[2009/04/15 03:26:02 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MATLAB 5.3.lnk
[2009/04/15 03:25:21 | 00,000,000 | ---D | C] -- C:\MATLABR11
[2009/04/15 03:22:22 | 00,000,000 | ---D | C] -- C:\Program Files\Multisim7
[2009/04/15 03:17:20 | 00,192,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx
[2009/04/15 03:17:20 | 00,129,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2009/04/15 03:17:19 | 01,045,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjet35.dll
[2009/04/15 03:17:19 | 00,407,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msrepl35.dll
[2009/04/15 03:17:19 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vbar332.dll
[2009/04/15 03:17:19 | 00,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msrd2x35.dll
[2009/04/15 03:17:19 | 00,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjint35.dll
[2009/04/15 03:17:19 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb5db.dll
[2009/04/15 03:17:19 | 00,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjter35.dll
[2009/04/15 03:17:18 | 00,000,000 | ---D | C] -- C:\Program Files\Your Company
[2009/04/15 03:16:58 | 00,000,000 | ---D | C] -- C:\TEMP
[2009/04/14 10:52:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\vlc
[2009/04/14 10:50:12 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/04/13 00:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\Media Player Classic
[2009/04/13 00:54:27 | 00,000,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/04/13 00:54:09 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/04/13 00:54:06 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/04/13 00:54:06 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/04/13 00:54:04 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/04/13 00:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\Real
[2009/04/13 00:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/04/13 00:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/12 22:44:57 | 00,000,192 | ---- | C] () -- C:\WINDOWS\System32\EDIT.INI
[2009/04/12 17:08:26 | 00,000,000 | ---D | C] -- C:\Program Files\MyLanViewer
[2009/04/12 17:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\Application Data\WinRAR
[2009/04/12 11:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jolene S\My Documents\Downloads
[2009/04/12 11:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/04/08 20:03:45 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2009/04/08 20:01:32 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/04/08 20:00:06 | 00,002,852 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/08 20:00:04 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2001/08/23 17:30:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 17:30:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/11 14:39:41 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A92E7D5F-342A-4C85-8E0D-43FA25949483}.job
[2009/05/11 14:39:40 | 00,000,224 | ---- | M] () -- C:\WINDOWS\MATLAB.INI
[2009/05/11 14:38:29 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/11 14:38:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/11 14:38:24 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Jolene S\Local Settings\desktop.ini
[2009/05/11 14:38:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 14:36:30 | 00,000,368 | RHS- | M] () -- C:\autorun.inf
[2009/05/11 10:47:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/11 08:22:04 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2009/05/06 15:03:23 | 00,006,230 | ---- | M] () -- C:\WINDOWS\RIDE.ini
[2009/05/06 15:00:02 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/05/06 15:00:01 | 00,135,680 | ---- | M] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/05/06 14:44:37 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\msds.dat
[2009/05/05 14:21:12 | 00,001,727 | ---- | M] () -- C:\Documents and Settings\Jolene S\Desktop\Gmail.lnk
[2009/05/05 07:28:11 | 00,000,829 | ---- | M] () -- C:\Documents and Settings\Jolene S\Desktop\Rhymesaurus FREE Edition.lnk
[2009/05/02 20:02:59 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/02 20:02:59 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/02 20:02:58 | 00,356,738 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/29 13:07:45 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Jolene S\Start Menu\Programs\Startup\MyLanViewer.lnk
[2009/04/28 07:30:08 | 00,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\khq
[2009/04/27 11:24:49 | 00,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\kht
[2009/04/23 20:29:06 | 00,146,944 | ---- | M] () -- C:\Documents and Settings\Jolene S\My Documents\etctesyllabus.doc
[2009/04/23 15:41:21 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/21 23:02:04 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\This is to certify that.doc
[2009/04/16 12:55:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 21:13:25 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/04/15 03:28:46 | 00,000,020 | ---- | M] () -- C:\WINDOWS\exlink.ini
[2009/04/15 03:26:02 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MATLAB 5.3.lnk
[2009/04/14 10:50:12 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/04/13 00:54:27 | 00,000,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/04/12 22:44:57 | 00,000,192 | ---- | M] () -- C:\WINDOWS\System32\EDIT.INI
[2009/04/11 15:07:21 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >


extra.txt

OTListIt Extras logfile created on: 5/11/2009 2:42:09 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = E:\geeks to go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.48 Mb Total Physical Memory | 39.51 Mb Available Physical Memory | 17.68% Memory free
546.65 Mb Paging File | 270.53 Mb Available in Paging File | 49.49% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.00 Gb Total Space | 3.13 Gb Free Space | 26.09% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 4.65 Gb Free Space | 35.77% Space Free | Partition Type: FAT32
Drive E: | 12.29 Gb Total Space | 6.92 Gb Free Space | 56.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JS-FA5AC93B58
Current User Name: Jolene S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
E:\cc proxy 6.3.7\CCProxy.exe:*:Enabled:CCProxy Microsoft ()
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{65F51F82-2FD7-49CD-A854-A3E0ED42BBBB}" = sc92031 NIC driver
"{87FDB1C6-785F-3482-B30E-FF2F2A021F65}" = Google Gears
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DAO 3.5" = DAO 3.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabDeinstKey" = MATLAB 4-15-2009
"Multisim7" = Multisim 7
"RealAlt_is1" = Real Alternative 1.9.0
"RhymeIt_is1" = RhymeIt 1.0
"Rhymesaurus FREE Edition_is1" = Rhymesaurus FREE Edition (2.0.0.0)
"Ride" = RKit 6.1
"S3" = KM400/KN400 Display Driver and Utilities
"VLC media player" = VLC media player 0.9.9
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2009 8:51:47 AM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/23/2009 9:43:05 AM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/23/2009 10:55:29 PM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/24/2009 3:08:25 AM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/24/2009 5:06:32 AM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/24/2009 8:29:31 AM | Computer Name = JS-FA5AC93B58 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 5/7/2009 5:27:51 PM | Computer Name = JS-FA5AC93B58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 123.236.175.101
on the Network Card with network address 000EA68FC036.

Error - 5/8/2009 2:25:32 PM | Computer Name = JS-FA5AC93B58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 123.238.133.207
on the Network Card with network address 000EA68FC036.

Error - 5/10/2009 10:26:42 PM | Computer Name = JS-FA5AC93B58 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 123.238.133.184
on the Network Card with network address 000EA68FC036.

Error - 5/11/2009 1:12:45 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 1:16:03 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 3:43:46 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 4:38:31 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 4:42:39 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 4:59:49 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/11/2009 5:08:28 AM | Computer Name = JS-FA5AC93B58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >

please help me in getting rid of this. also do my lan members face the risk of getting infected by this?
  • 0

Advertisements

#2
Extremeboy
Posted 15 May 2009 - 07:36 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

I'm very sorry for the delay as stated in the previous topic as well as the one I'm going to post.

I'm closing this one to avoid confusion. Next time, if I don't reply within 48 hours as said in my signature, do not hesistate to send me a PM.

Once again, I apologize for the delay :)

With Regards,
Extremeboy
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP