Topic: Rundll32 error
View Single Post
  #14  
Old April 11th, 2008, 06:37 PM
simespsb simespsb is offline
Member
  
Join Date: Apr 2008
Posts: 34
ComboFix (2)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-27 21:27 68856]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 08:38 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1183532771\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"ZPLED"="C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [2006-02-21 07:36 347648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-09-12 06:28 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Users\Simes\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [9/6/2007 1:34:55 PM 3450608]

C:\Users\Vile\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [9/6/2007 1:34:55 PM 3450608]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/27/2007 9:27:36 PM 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{F1A39805-9129-40C9-9D62-1F089F28431E}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{E5E6C791-A413-4093-94AA-4D9743A21AAB}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{1F265EE6-34B0-446D-8D19-9BFF18E93194}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{3083F52B-8100-4B16-BF34-0D0A8958299F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{84C9B841-D3C4-4E4B-8D52-006D997A56AE}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{57BAACD9-725C-4F6C-8723-77CC78923AF0}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{34D7DF6C-945E-4FDD-B57E-E2B94D75DE65}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{D01EEF7D-3F5F-4244-81EE-504CF62B3607}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{323ADFCA-8888-452F-894C-54CCF5475F79}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{EC5F4FA8-7167-4279-9372-385EE4D1A473}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D4341B99-BD29-4B6F-B766-0BA7C84893A7}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{C2E5407B-81A6-4D0F-A46B-0EFE7D27E251}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{0144BEC3-8707-4D02-81D2-C6BB9906EC26}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{42E1FA8D-1CE7-4936-8F85-06714C0CCF56}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FA70FEBB-B1A0-44C5-9F77-E34C700AC627}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxb cpswx.exe:Printer Status Window
"{DA10CEF0-1668-4EC9-AC67-517F03AE8832}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxb cpswx.exe:Printer Status Window
"{7DBAD7E5-DAED-428A-A8C3-5E38247F45FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F301911F-B415-4521-AA57-51EA3427D064}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ADDCE154-83EA-40F3-B2F5-C398B2C956B8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{00ACE8CA-D4FB-42DC-B417-49A1F4EAC79A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E44B8C6-8507-4021-BF36-D29CDE1D6993}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12D6D331-8B61-4FB6-82CB-C3AD61F75A24}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{92F066A9-4A09-406A-9E33-0A146D616E5D}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"TCP Query User{99AECBDB-9C23-44BF-B951-5ED1740E949B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8737DD94-9CB7-495E-87A2-FE02B57C1CEE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{60A78BBC-32B6-4774-A4F4-66467E8137A6}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A824382E-3020-4DAA-B067-E3A5FD242B60}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{BB7EB973-27CE-48B5-807E-992C2B65D7D3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B1A5FAD4-B536-47AF-B66D-DB4080FD0815}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{24A6AD5F-D4F1-4FD3-BA8D-54108510609B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{4973EB2A-6E3A-4C77-BC52-F36A8E152419}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E1C61C59-BA73-4FCB-AD7E-EA77F2385FB5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2CD5A0BA-DC6E-4D00-9A83-190B6869D80D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{FF9CD70E-7325-4B40-A7E5-06200E20886F}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{53280BDD-9CF8-42EC-A2C6-5EA0E4D94134}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{8AE1A76F-17B6-4574-9A51-C3A75B49EE2F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6E57F6DB-0360-47CF-951D-2767A6C9CF39}C:\\users\\simes\\appdata\\local\\tem p\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\simes\appdata\local\temp\wzse0.tmp\sy mnrt.exe:symnrt.exe
"UDP Query User{45CBC18E-99AE-40E7-AC1E-C5B56DC4C08E}C:\\users\\simes\\appdata\\local\\tem p\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\simes\appdata\local\temp\wzse0.tmp\sy mnrt.exe:symnrt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\GloballyOpenPorts\List]
"123:UDP"= 123:UDP:*:Enabled:NTP

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-03-29 18:32]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbcco ms.exe [2007-03-16 01:24]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwssvc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17eb75ee-5582-11dc-a2ed-00038a000015}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 16:32:05 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-07 19:00:01 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Simes.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-11 17:00:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:23:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\UberIcon\UberIcon.dll
.
Completion time: 2008-04-11 18:30:00
ComboFix-quarantined-files.txt 2008-04-11 17:29:00
ComboFix2.txt 2008-04-11 05:53:36
Pre-Run: 180,541,423,616 bytes free
Post-Run: 179,982,979,072 bytes free
.
2008-04-09 00:12:04 --- E O F ---
Reply With Quote