Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rundll Errors [RESOLVED]

Started by thefrustrated , May 03 2008 02:03 AM

This topic is locked

#1
thefrustrated

Posted 03 May 2008 - 02:03 AM

Member

Member
10 posts

Ok, I have Windows Vista and this is the first time I've noticed this happen. When I right click the desktop and it takes me to appearence and personalization, it'll have a list of things I can click on, which are:
Window Color and Appearence
Desktop Background
Screen Saver
Sounds
Mouse Pointers
Theme
Display Settings

Everytime I click on one of these (except for Desktop Background, an error message will come up saying "Windows cannot find 'C:\Windows\System32\rundll32.exe'. Make sure you typed the name correctly, and then try again."

How do I fix this? I'm not typing in anything, just clicking. Thanks in advance. And here's the logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:51 AM, on 5/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\schtasks.exe
C:\hp\kbd\kbd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: jBrowse Toolbar - {9E5BD40E-6287-11D6-9772-0002A5DD2483} - C:\PROGRA~1\jBrowse\JBO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9707 bytes

#2
greyknight17

Posted 04 May 2008 - 05:15 PM

Malware Expert

Visiting Consultant
16,560 posts

Please don't create duplicate topics for the same issue. There's absolutely no need for this and just gives the staff here more work to do by cleaning it up.

What malware related issues are you having? If that's the only problem you have, did you try asking in the Windows Vista board first? Don't just post here assuming it's malware unless you have indications/symptoms of malware.

#3
thefrustrated

Posted 04 May 2008 - 06:58 PM

Member

Topic Starter
Member
10 posts

I've been having these problems since I accidently downloaded a "song" from limewire. It was a one-time thing. Download lime-wire, get what I need, then delete it. I had Norton's Anti-Virus software (out of date) at the time, so it got by it. Turns out that that it was a virus/malware or something. I downloaded some malware detecting software and that's what I found out. It got rid of it but some problems still persist. So I thought I'd have somebody look at the logfile. It's serious to me since this is a fairly new computer. (Bought it this year) And I've been taking good care of it. And all this starts happening after that one day I described above. Perhaps I'm wrong but that's why I don't think it's Vista. I've been looking around online and microsoft.com to try and identify the problem, but from the information I've gathered, it sounds like hidden malware/virus.

Anyway, my apologizes for the duplicate topic and for the inconvienience. I won't do it again.

Edited by thefrustrated, 04 May 2008 - 07:03 PM.

#4
greyknight17

Posted 04 May 2008 - 08:23 PM

Malware Expert

Visiting Consultant
16,560 posts

We can definitely try looking into this deeper if you want....

Please follow the two steps below:

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

#5
thefrustrated

Posted 06 May 2008 - 12:12 AM

Member

Topic Starter
Member
10 posts

Thanks alot!

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-05 00:57:45
PROTECTIONS: 1
MALWARE: 46
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.3408.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@mediaplex[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@revenue[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@cdfreaks[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@realmedia[1].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@target[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Mozilla\Firefox\Profiles\xt0qe3r8.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Mozilla\Firefox\Profiles\xt0qe3r8.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@atwola[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location [J��
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description [J��
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

ComboFix 08-05-01.3 - Shea 2008-05-06 0:44:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2147 [GMT -4:00]
Running from: C:\Users\Shea\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-05 20:00 . 2008-05-05 20:00 <DIR> d-------- C:\Windows\LastGood
2008-05-05 00:14 . 2008-05-05 00:14 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 17:59 . 1998-10-29 14:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-04-30 17:57 . 2008-04-30 17:57 222 --a------ C:\Windows\System32\Support.xml
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Activision
2008-04-30 17:45 . 2008-05-02 02:20 604 --a------ C:\Windows\Spiderman.INI
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\Users\All Users\Roxio
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\ProgramData\Roxio
2008-04-22 14:10 . 2008-04-22 14:10 <DIR> d-------- C:\_OTMoveIt
2008-04-22 14:07 . 2008-04-22 14:07 <DIR> d-------- C:\Deckard
2008-04-22 14:02 . 2008-04-22 14:02 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Comodo
2008-04-22 14:02 . 2008-04-22 14:19 <DIR> d-------- C:\Users\All Users\comodo
2008-04-22 14:02 . 2008-04-22 14:19 <DIR> d-------- C:\ProgramData\comodo
2008-04-22 14:02 . 2008-04-22 14:02 <DIR> d-------- C:\Program Files\COMODO
2008-04-22 14:02 . 2008-04-22 14:02 139,008 --a------ C:\Windows\System32\guard32.dll
2008-04-22 14:02 . 2008-04-22 14:02 85,520 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-04-22 14:02 . 2008-04-22 14:02 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Users\Shea\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 01:55 . 2008-04-22 01:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 01:09 . 2008-04-29 14:57 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 01:09 . 2008-04-29 14:57 <DIR> d-------- C:\ProgramData\Avira
2008-04-20 14:38 . 2008-04-20 14:38 63,892 --a------ C:\Windows\System32\{7f4a61d5-b8c1-79b4-3acb-39f5f2d37cd3}.dll-uninst.exe
2008-04-20 14:32 . 2008-04-20 15:44 <DIR> d-------- C:\Users\Shea\AppData\Roaming\LimeWire
2008-04-09 01:34 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 01:34 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 01:34 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 01:34 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 01:34 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 01:34 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 01:34 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 01:34 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 01:34 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Shea\Roaming
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Shea\AppData\Roaming\MySpace
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\IUSR_NMPR\Roaming
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Default\Roaming
2008-04-06 17:44 . 2008-04-07 14:24 <DIR> d-------- C:\Program Files\MySpace
2008-04-06 02:03 . 2008-04-06 02:46 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Screaming Bee
2008-04-06 02:02 . 2008-04-06 02:03 <DIR> d-------- C:\Users\All Users\Screaming Bee
2008-04-06 02:02 . 2008-04-06 02:03 <DIR> d-------- C:\ProgramData\Screaming Bee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 10:31 --------- d-----w C:\ProgramData\Google Updater
2008-05-02 17:44 --------- d--h--w C:\ProgramData\yahoo!
2008-05-02 17:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-24 12:18 --------- d-----w C:\Program Files\Starcraft
2008-04-22 17:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 17:42 --------- d-----w C:\ProgramData\Symantec
2008-04-22 06:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 06:50 --------- d-----w C:\Users\Shea\AppData\Roaming\dvdcss
2008-04-09 11:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 18:26 --------- d-----w C:\ProgramData\WildTangent
2008-03-26 04:59 --------- d-----w C:\Users\Shea\AppData\Roaming\teamspeak2
2008-03-22 21:04 --------- d-----w C:\Program Files\Project64 1.6
2008-03-18 19:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 03:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-11 18:59 --------- d-----w C:\ProgramData\TEMP
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 08:06 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:03 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:03 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-20 20:07 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-05-05_ 1.06.41.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 22:33:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-05 05:13:45 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\LastGood\system32\drivers\usbccgp.sys
- 2008-05-04 22:32:38 966,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-05 05:12:35 966,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-05-04 22:33:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-05 05:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-04 22:33:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-05 05:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-05 04:49:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-06 04:29:10 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-04 22:35:33 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-06 00:01:26 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-05 05:03:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-06 04:44:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-04 22:35:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 05:15:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-04 09:30:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-05 10:31:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-04 09:30:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 10:31:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-04 09:30:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-05 10:31:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
+ 2007-12-20 19:06:13 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
- 2008-05-04 22:39:10 107,508 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-06 02:20:03 107,508 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-04 22:39:10 626,738 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-06 02:20:03 626,738 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-05 02:21:08 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-05 05:12:56 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-04 22:35:52 6,600 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3027423067-3663782349-2357632505-1001_UserData.bin
+ 2008-05-05 05:15:40 6,608 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3027423067-3663782349-2357632505-1001_UserData.bin
- 2008-05-04 22:35:51 59,502 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-05 05:15:39 59,652 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-04 22:35:50 36,290 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-05 05:15:38 36,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 16:40 1783400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 15:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 17:43 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 06:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 06:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 06:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-11 11:41 161328]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-11 11:18 1626160]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-11 11:18 1055792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-18 02:45 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-22 14:01 1572608]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-04-07 20:17 1175160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-20 15:25:18 124400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2697011C-7C45-4C55-828C-127C53A65262}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{03A993EC-BA76-42B5-9414-B3F2E3C05533}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{521742B2-C746-42CB-81F9-14254C7C0798}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{D078CD8C-C57E-4BD7-B5B9-34174E56D539}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{0B0153C3-4BE9-46F4-834B-15808FC4E469}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9E121A32-C568-46DB-B9A9-31733CF0594D}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{0D596C77-8C00-4FE2-BF40-8DABA3B002D7}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{1ED2D791-AC26-4BE3-9B62-D0F17D09FF42}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{E3ECE95A-3786-4C19-BB59-CE46D9B0DCA9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9077BB87-CA58-46D2-AB9B-7BF445108DC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{71053E66-A971-4D3B-A5AB-8CC0FE129D48}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BB03A07D-DFD6-423F-A71D-894B54B93A92}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6510870F-4360-49ED-96B2-5C89CD231EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0E2AD1AC-2201-4C3F-9556-62EE8EF62A25}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{51A18114-AE13-47FC-B56A-346724ED6C9C}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{65D8C7C3-1A2A-4640-8369-206E26B0F698}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5928F6EA-4C9B-4B3E-BD4E-AC70706D87C7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{7B756F8D-9806-4520-8A4B-C97E660951D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D1968D78-6772-4FBB-B145-9BE0C14969DF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B1C64829-DAC1-4BF5-BDC4-6EA4A03E784A}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A4474C59-91CF-42F7-9162-852AEF8991D0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8A8EF203-B63F-450D-ABFE-94CF4622110C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D595DCBF-7809-4761-8EB0-B30044992A92}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B70AB5BC-F09A-4413-BF9C-2D5F463E1B55}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1158D208-DEFA-4F8F-91C7-183045F9B3E5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3EA470DE-10E8-484F-A1FB-EC08C7ABCD21}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5AEB1673-15B5-4EFD-8D45-A71136AAF321}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{BF25DA08-49F8-4F9E-BE1E-2DF4B1EBDED1}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:StarCraft

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-04-22 14:02]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-04-22 14:02]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 12:44]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 16:44]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 00:00:01 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Shea.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 00:46:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 0:47:50
ComboFix-quarantined-files.txt 2008-05-06 04:47:46
ComboFix2.txt 2008-05-05 05:08:25

Pre-Run: 385,174,765,568 bytes free
Post-Run: 385,145,700,352 bytes free

249 --- E O F --- 2008-05-01 05:48:48

#6
greyknight17

Posted 08 May 2008 - 08:24 PM

Malware Expert

Visiting Consultant
16,560 posts

Looks clear here.....

You can try this:
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.

If that won't help, try posting in the Windows Vista board for more assistance.

#7
thefrustrated

Posted 10 May 2008 - 02:45 PM

Member

Topic Starter
Member
10 posts

Alright, thank you for you time. Sorry for the trouble. I'll take it to the Vista forum them. Thanks alot!

#8
greyknight17

Posted 10 May 2008 - 02:59 PM

Malware Expert

Visiting Consultant
16,560 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.