Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit.Trace/Trojan.Agent

Started by PunkChick49 , Aug 22 2009 07:49 AM

  • Please log in to reply

#1
PunkChick49
Posted 22 August 2009 - 07:49 AM

PunkChick49

    New Member

  • Member
  • Pip
  • 1 posts
I'm running Windows XP SP3, and I've been unable to start in normal mode so I've been working in safe mode + networking. After running MBAM a few times and rebooting, Rootkit.Trace and Trojan.Agent are the two things that are still there every time. Any help would be greatly appreciated.

MBAM log.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/22/2009 1:18:51 AM
mbam-log-2009-08-22 (01-18-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 129325
Time elapsed: 20 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.





ROOT REPEAL log.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/22 09:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6F2C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A91000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF66E2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACitetbdrtqe.sys

==EOF==




OTL.Txt log.

OTL logfile created on: 8/22/2009 9:24:50 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\AspectCalico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 760.98 Mb Available Physical Memory | 74.45% Memory free
2.41 Gb Paging File | 2.25 Gb Available in Paging File | 93.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 44.99 Gb Free Space | 64.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASPECTCALICOPC
Current User Name: AspectCalico
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/08/05 16:53:09 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/22 09:23:23 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AspectCalico\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2005/08/05 22:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/07/17 17:32:37 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2009/06/25 23:30:47 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Stopped])
SRV - [2005/06/21 17:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device [On_Demand | Stopped])
SRV - [2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 11:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/04 18:47:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/08/10 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Stopped])
SRV - [2007/11/30 07:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2005/08/03 19:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - File not found -- -- (WUSB54GCSVC [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 03:06:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 16:53:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 16:53:11 | 00,000,000 | ---D | M]

[2009/08/12 18:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Extensions
[2008/11/01 23:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/12 18:57:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Extensions\[email protected]
[2009/08/20 23:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Firefox\Profiles\m2xh0ddt.default\extensions
[2008/11/03 20:43:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Firefox\Profiles\m2xh0ddt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/03/28 16:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\mozilla\Firefox\Profiles\m2xh0ddt.default\extensions\[email protected]
[2009/08/20 23:56:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 16:53:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/04 18:47:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/08/05 16:53:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 16:53:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/04 18:47:25 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/21 17:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/11/21 17:45:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/05 16:53:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/04/14 23:26:12 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/06/11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/04 08:15:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/08/29 11:01:22 | 00,106,348 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/04/23 21:07:55 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 21:07:55 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 21:07:55 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 21:07:55 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 21:07:55 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 21:07:55 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 21:07:55 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AIMWDInstallFilename] C:\Program Files\AIM\AIMWDInstall.exe (Wild Tangent)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [InternetDownload_upgrade] C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe (TODO: <Company name>)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\AspectCalico\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/01 18:43:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b70c694-a898-11dd-9d5e-001372e3a145}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/22 09:23:23 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AspectCalico\Desktop\OTL.exe
[2009/08/21 16:47:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Desktop\settings.dat
[2009/08/21 16:47:18 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\AspectCalico\Desktop\RootRepeal.exe
[2009/08/21 03:07:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/21 03:04:40 | 00,000,220 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/08/21 03:04:17 | 00,000,000 | ---D | C] -- C:\3d79f6b3a9a137f912ab4775310b
[2009/08/13 07:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AspectCalico\Application Data\Malwarebytes
[2009/08/12 21:04:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/12 18:57:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AspectCalico\My Documents\LimeWire
[2009/08/12 18:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\AspectCalico\Application Data\LimeWire
[2009/08/12 18:56:17 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Desktop\LimeWire 5.2.13.lnk
[2009/08/12 18:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/08/12 18:25:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/12 18:25:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/08/12 18:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/12 18:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/08/12 18:24:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/12 18:22:15 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/08/12 18:22:14 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/08/12 18:22:14 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/08/12 18:19:35 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Desktop\HijackThis.lnk
[2009/08/12 18:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/12 18:17:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/12 18:16:43 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\AspectCalico\Desktop\wordmutha.exe
[2009/08/12 17:31:06 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/12 17:31:04 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/12 17:31:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/12 17:31:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/12 16:30:48 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\AspectCalico\Desktop\trythis.exe
[2009/08/12 16:26:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/12 16:26:08 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/12 16:26:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Desktop\NTREGOPT.lnk
[2009/08/12 16:26:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\AspectCalico\Desktop\ERUNT.lnk
[2009/08/12 16:26:03 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/12 16:23:28 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\AspectCalico\Desktop\SysRestorePoint.exe

========== Files - Modified Within 14 Days ==========

[2009/08/22 09:23:23 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AspectCalico\Desktop\OTL.exe
[2009/08/22 09:02:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/22 09:01:17 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\AspectCalico\Local Settings\Application Data\IconCache.db
[2009/08/21 16:47:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Desktop\settings.dat
[2009/08/21 16:47:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\AspectCalico\Desktop\RootRepeal.exe
[2009/08/21 11:47:24 | 00,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/21 03:15:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/21 03:09:16 | 00,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/21 03:09:16 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/21 03:09:16 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/21 03:04:40 | 00,000,220 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/08/20 22:21:26 | 40,031,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/20 22:21:26 | 00,067,907 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/20 22:00:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/13 08:30:55 | 00,020,192 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/13 08:13:19 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/12 18:56:28 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/12 18:56:17 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Desktop\LimeWire 5.2.13.lnk
[2009/08/12 18:21:55 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/12 18:19:35 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Desktop\HijackThis.lnk
[2009/08/12 18:16:43 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\AspectCalico\Desktop\wordmutha.exe
[2009/08/12 16:30:59 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\AspectCalico\Desktop\trythis.exe
[2009/08/12 16:26:08 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/12 16:26:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Desktop\NTREGOPT.lnk
[2009/08/12 16:26:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\AspectCalico\Desktop\ERUNT.lnk
[2009/08/12 16:23:28 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\AspectCalico\Desktop\SysRestorePoint.exe

========== LOP Check ==========

[2009/08/12 17:31:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/04 08:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/04 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/04/15 21:59:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/04/15 21:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/04 22:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/21 01:56:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\AspectCalico\Application Data
[2009/01/04 22:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\Aim
[2009/08/02 12:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\Azureus
[2009/02/05 00:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\Hamachi
[2008/11/04 20:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\ICAClient
[2009/08/21 03:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\LimeWire
[2009/05/07 20:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\AspectCalico\Application Data\Move Networks
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/21 03:15:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >



EXTRAS.txt log.

OTL Extras logfile created on: 8/22/2009 9:24:50 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\AspectCalico\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 760.98 Mb Available Physical Memory | 74.45% Memory free
2.41 Gb Paging File | 2.25 Gb Available in Paging File | 93.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 44.99 Gb Free Space | 64.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASPECTCALICOPC
Current User Name: AspectCalico
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"58904:TCP" = 58904:TCP:*:Enabled:Pando Media Booster
"58904:UDP" = 58904:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K -- (THQ Canada Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" = C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2 -- File not found
"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\DOCUME~1\ASPECT~1\LOCALS~1\Temp\4_pinnew.exe" = C:\DOCUME~1\ASPECT~1\LOCALS~1\Temp\4_pinnew.exe:*:Enabled:Enabled -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2009 4:58:53 PM | Computer Name = ASPECTCALICOPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3474, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2009 8:56:57 PM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00010c8e.

Error - 8/3/2009 10:02:55 PM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00010c7d.

Error - 8/4/2009 12:50:49 AM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x0001171c.

Error - 8/5/2009 5:31:00 PM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x0001171c.

Error - 8/5/2009 7:20:34 PM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00010aeb.

Error - 8/5/2009 8:15:17 PM | Computer Name = ASPECTCALICOPC | Source = Application Error | ID = 1000
Description = Faulting application b.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.3520, fault address 0x00010aeb.

[ System Events ]
Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 8/20/2009 10:20:53 PM | Computer Name = ASPECTCALICOPC | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP