0

Hi guys i have a problem with my pc where any folder i attempt to open flashes once then disapears along with my tool bar at which point i have to restart my explorer.exe fro task manager, i have Windows Vista, i trief doing the system restore but it comes back to an error that it was unable to complete succesfuly, and also as soon as this problem started i have recieved a message everytime when i start up that sstts.dll is not a valid 32win file and there was an error loading it.

bellow is my hijackthis file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:10, on 25/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1193073241\ee\aolsoftware.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\explorer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193073241\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [Lusetup] C:\PROGRA~1\Symantec\LIVEUP~1\LUSetup.exe -s -a -q -log -version
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Owner\AppData\Local\Temp\vtsts.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Owner\AppData\Local\Temp\sstts.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Owner\AppData\Local\Temp\gwdtanvs.dll",run
O4 - HKCU\..\Run: [78f9aeca] rundll32.exe "C:\Users\Owner\AppData\Local\Temp\jtfqkfwm.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9192 bytes

2
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by gerbil
0

Hello, y2.
It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt

[[ To restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.]]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Post those two logs plus a new HijackThis log run in normal mode, please.

0

i've scaned the system with norton again since the last time i was on here and it removed the file that was making the explorer crash and it seems its ok now, also ran the vundofix and it couldnt find any infected files, im asuming that because of the norton 360, the computer seems fine now apart from 4 missing dll's messages that apear everytime i start my computer, i have ran the imabunny.exe and the log file along with comboFix is below
thank you so much for your time, dont worry if the dll files problem cant be fixed, computers seems to be working fine and im over the moon i can actually do some back ups of my files

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:00, on 25/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1193073241\ee\aolsoftware.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\imabunny.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193073241\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Reminder_MUI] C:\Applications\oem\Reminder\Reminder_MUI.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8106 bytes

************************************************************************************************************************************************************************************************************************************

ComboFix 08-03-24.2 - Owner 2008-03-25 13:50:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1130 [GMT 0:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 13:16 . 2008-03-25 13:16 <DIR> d-------- C:\VundoFix Backups
2008-03-25 12:33 . 2008-03-25 12:33 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Symantec
2008-03-25 11:43 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-25 11:43 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-25 11:43 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-25 10:55 . 2008-03-25 10:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-25 10:55 . 2007-07-17 12:21 186,256 --a------ C:\Windows\System32\SymNPPWA.dll
2008-03-25 10:00 . 2008-03-25 10:00 16 --a------ C:\Windows\System32\coh.cache
2008-03-25 09:29 . 2008-03-25 09:29 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-25 09:29 . 2008-03-25 09:29 1,409 --a------ C:\Windows\QTFont.for
2008-03-25 09:11 . 2008-03-25 13:00 <DIR> d-------- C:\Program Files\Norton 360
2008-03-25 09:09 . 2008-03-25 10:52 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-03-25 09:09 . 2008-03-25 10:52 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-03-25 09:09 . 2008-03-25 10:52 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-03-25 09:07 . 2008-03-25 10:52 <DIR> d-------- C:\Program Files\Symantec
2008-03-25 09:06 . 2008-03-25 11:43 <DIR> d-------- C:\ProgramData\Symantec
2008-03-25 09:04 . 2008-03-25 10:50 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-24 09:56 . 2008-03-24 09:56 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-03-24 08:00 . 2008-03-24 08:00 2,560 --a------ C:\Windows\System32\bitcometres.dll
2008-03-24 07:58 . 2008-03-24 07:58 <DIR> d-------- C:\Program Files\KONAMI
2008-03-24 07:27 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-03-24 07:27 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll
2008-03-24 07:26 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmpEBD0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp9AE0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp60F0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp47F0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp46F0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp39F0F.FOT
2008-03-19 21:39 . 2008-03-19 21:39 1,409 --a------ C:\Windows\System32\tmp2BF0F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmpB4D7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp63E7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp62E7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp55E7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp54E7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp48E7F.FOT
2008-03-15 21:49 . 2008-03-15 21:49 1,409 --a------ C:\Windows\System32\tmp47E7F.FOT
2008-03-14 00:20 . 2008-03-14 00:21 <DIR> d-------- C:\Explorer50
2008-03-14 00:20 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-03-11 04:58 . 2008-03-25 12:20 <DIR> d--hs---- C:\Windows\System32\Sys32
2008-03-11 04:58 . 2008-03-25 09:29 <DIR> d-------- C:\Program Files\VirtualDJ
2008-03-09 03:33 . 2008-03-09 03:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-09 00:27 . 2008-03-09 00:27 <DIR> d-------- C:\Program Files\Sun
2008-03-09 00:13 . 2008-03-09 00:25 <DIR> d-------- C:\Users\Owner\.SunDownloadManager
2008-03-08 05:01 . 2008-03-08 05:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-03-08 05:01 . 2008-03-09 03:37 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-08 05:01 . 2008-03-08 05:01 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-03-08 04:55 . 2008-03-08 04:55 <DIR> d-------- C:\Windows\System32\1033
2008-03-08 04:51 . 2008-03-08 04:51 <DIR> d-------- C:\Windows\Symbols
2008-03-08 04:51 . 2008-03-08 04:51 <DIR> d-------- C:\ProgramData\PreEmptive Solutions
2008-03-08 04:51 . 2008-03-08 04:55 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-03-08 04:51 . 2008-03-08 15:40 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-03-08 04:51 . 2008-03-08 04:52 <DIR> d-------- C:\Program Files\Common Files\Business Objects
2008-03-08 04:51 . 2008-03-08 04:51 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-03-08 04:24 . 2008-03-08 04:24 <DIR> d-------- C:\temp\en_vs_2005_pro_cd2
2008-03-08 04:24 . 2008-03-09 03:41 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-08 04:24 . 2008-03-08 04:55 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-08 04:22 . 2008-03-08 04:45 <DIR> d-------- C:\temp\en_vs_2005_pro_cd1
2008-03-08 04:20 . 2008-03-08 04:20 <DIR> d-------- C:\Users\Owner\AppData\Roaming\CyberLink
2008-03-08 01:56 . 2008-03-08 01:56 <DIR> d-------- C:\newfolder
2008-03-06 21:29 . 2008-03-06 21:29 120,320 --a------ C:\Windows\System32\dhcpcsvc6.dll
2008-03-06 21:29 . 2008-03-06 21:29 10,240 --a------ C:\Windows\System32\dhcpcmonitor.dll
2008-03-06 21:07 . 2004-08-04 01:56 28,672 -ra------ C:\setupSNK.exe
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-03-04 19:23 . 2006-11-02 10:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-03-04 19:23 . 2008-03-04 19:23 <DIR> dr------- C:\Users\Mcx1\Documents
2008-03-04 19:23 . 2008-03-04 19:23 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-03-03 15:31 . 2008-03-03 15:31 <DIR> d-------- C:\ProgramData\TEMP
2008-03-03 15:28 . 2008-03-03 15:28 <DIR> d-------- C:\Program Files\SageTV
2008-03-03 15:28 . 2008-03-03 15:28 1,590 --a------ C:\Windows\irremote.ini
2008-03-03 15:27 . 2008-03-03 15:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 14:20 . 2008-03-02 14:21 <DIR> d-------- C:\Program Files\Windows Live
2008-03-02 14:20 . 2008-03-02 14:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 14:19 . 2008-03-02 14:19 <DIR> d-------- C:\ProgramData\WLInstaller
2008-02-28 23:02 . 2008-02-28 23:02 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-28 23:02 . 2008-02-28 23:02 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-28 23:00 . 2008-02-28 23:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-28 23:00 . 2008-02-28 23:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-28 23:00 . 2008-02-28 23:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-28 23:00 . 2008-02-28 23:00 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-28 23:00 . 2008-02-28 23:00 22,016 --a------ C:\Windows\System32\netiougc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 08:01 --------- d-----w C:\Program Files\BitComet
2008-03-23 01:29 --------- d-----w C:\Users\Owner\AppData\Roaming\Hamachi
2008-03-09 00:27 --------- d-----w C:\Program Files\Java
2008-03-08 16:18 --------- d-----w C:\Program Files\Lx_cats
2008-03-08 15:57 --------- d-----w C:\Program Files\Microsoft Works
2008-03-08 05:02 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-08 04:20 --------- d-----w C:\ProgramData\CyberLink
2008-03-07 01:23 --------- d-----w C:\Program Files\Common Files\aol
2008-03-02 14:25 --------- d-----w C:\Program Files\SopCast
2008-02-28 22:58 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-28 22:58 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-28 22:58 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-28 22:58 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 06:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 06:14 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"Reminder_MUI"="C:\Applications\oem\Reminder\Reminder_MUI.exe" [2007-07-20 09:15 1089536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 20:13 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-21 07:48 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 15:56 4493312 C:\Windows\RtHDVCpl.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1193073241\ee\AOLSoftware.exe" [2006-11-14 14:01 50736]
"lxdcmon.exe"="C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" [ ]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-02-05 23:32 20480]
"LXDCCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 22:05 102400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-26 13:48 3305472]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-10 03:05 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C7346BC0-E974-45C9-9677-8EC4FE2E09E0}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{146C67DB-5773-4DA1-99E5-41C47DF04D2C}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"{31976606-A696-408F-BABC-464D0FC2BD55}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{CE9E11B3-6265-4F9A-A7FB-2E05FA486365}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{20D0E714-262F-40F9-9FA4-1FA7C690C980}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{0FB952E3-7CDC-4A84-A8BB-11C532FDDE70}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{206F48B6-2DDB-49FA-9341-448141BE9CCD}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{8961EEB5-C0BA-4C34-AC08-98CF24893FD1}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{4B52A1DB-FAD3-4195-8810-8C4874F7D1F8}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{77D2009F-6604-4A5C-80E0-759B7AD41FC4}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5D6F5C83-F533-416F-98C5-63B2AA61418A}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{27232EFD-D0E4-42AB-BFB4-B889A5552839}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{9A837F91-E5E7-4DDF-8D3C-618CA9CF3437}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{ED5F17C6-8330-44AF-80C6-43DBDCCCD895}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{575D937D-9C97-48BA-95E6-4563F872EF0B}"= UDP:C:\Windows\System32\lxdccoms.exe:Lexmark Communications System
"{2D22A395-20D5-4E8F-AB69-6046CA74E910}"= TCP:C:\Windows\System32\lxdccoms.exe:Lexmark Communications System
"{B5991B27-58D9-45E1-A515-6F3892F77D38}"= UDP:C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:Lexmark Device Monitor
"{F9428E83-C56D-42A7-A22C-B1F4CF6A2726}"= TCP:C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:Lexmark Device Monitor
"{3BC4FF9B-D0DD-45DA-9BFB-C1FEAFF4A240}"= UDP:C:\Program Files\Lexmark 1300 Series\App4R.exe:Lexmark Imaging Studio
"{528F1791-1020-4A2B-B2B3-282C03099813}"= TCP:C:\Program Files\Lexmark 1300 Series\App4R.exe:Lexmark Imaging Studio
"TCP Query User{E2A03615-6555-42EE-A60F-11F01B65FA91}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{95E6150A-2049-45DE-9669-A9796419BCDE}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{7C7C844D-EEF0-4E3A-8D61-75BF15528E2F}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{4FA5BAA3-EA58-4687-8C18-496FE27BA715}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{95CB88F7-EE29-4A4F-8411-9DD99DF1C33A}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{A65BE654-E545-40CE-B911-B5986BD416EA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{F763DE6F-BC16-452E-8FCA-DD9FDB62D258}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{64722407-FEE8-4496-8137-8E49C415E461}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{94D8DAA5-0721-498B-8442-771B2BA23107}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{F660C230-090A-4E9B-B785-060852BCC7D0}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{6FE9B0D5-9C82-4DBC-A309-5204A76648C3}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{2F959162-90F1-44E8-A259-8826A4DDDECA}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{2DF5955A-313B-4B29-AAC4-8BF6DB3152FB}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{AC11B33C-7C33-49D1-B711-77A973EFAA64}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"{0E6BBB66-EDB6-4EF3-8614-0084570600CF}"= UDP:C:\Program Files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{FC6A4D73-2A30-4656-9877-7BDAD218248C}"= TCP:C:\Program Files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{909AC86E-D69C-44BE-8569-31B6AFC43848}"= UDP:8598:BITCOMET
"{861A9DB8-49F7-4FA0-8680-0976DB594249}"= UDP:25989:25989
"{2696D91A-5BD8-4170-B9FF-6430810E83B0}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{D7AB4855-A4C1-4D04-B650-0E0603050B3F}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{3C1B7787-C204-4D71-81E2-2ADB28B6D763}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"UDP Query User{D1029053-28B0-4E37-BA25-C786DAF7B1C6}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008
"{0371ACA2-D9B3-4082-BFFD-0CFD061A0974}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC6E707F-ECB8-48A5-A4A5-7EC141CD64DA}"= UDP:C:\Program Files\Common Files\aol\1193073241\ee\aolsoftware.exe:AOL Shared Components
"{62A02A65-0A1C-4F15-B504-083A48EB76AB}"= TCP:C:\Program Files\Common Files\aol\1193073241\ee\aolsoftware.exe:AOL Shared Components
"{C70E446D-AB80-49D2-AA7E-64B7FE49220E}"= UDP:16809:BitComet 16809 TCP
"{5D95BF92-9F3A-4F61-87E9-0D5B599C21FC}"= TCP:16809:BitComet 16809 UDP
"{41B45FDA-891B-4232-8FFC-D1B4181012C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4A00BF02-7392-4404-9DF3-AD99FE46CA84}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-03-11 22:36]
R2 lxdc_device;lxdc_device;C:\Windows\system32\lxdccoms.exe [2007-02-12 23:56]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 3xHybrid;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-07-05 11:22]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 02:01]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-07-25 13:53]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 07:30]
S3 P4Fix;P4 PCI Fix Driver;C:\Windows\system32\drivers\P4Fix.sys [2002-10-08 20:14]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 08:55]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 SageTV;SageTV;"C:\Program Files\SageTV\SageTV\SageTVService.exe" [2007-12-10 19:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b6b0769-f839-11dc-9f9d-00038a000015}]
\shell\AutoRun\command - L:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fff7a6c-ec59-11dc-962d-00038a000015}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fff7a74-ec59-11dc-962d-00038a000015}]
\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6604bbe-69f7-11dc-99b7-806e6f6e6963}]
\shell\AutoRun\command - E:\CDStart.Exe
\shell\Install\Command - E:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fabf42d5-af01-11dc-8d65-00038a000015}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 09:20:22 C:\Windows\Tasks\User_Feed_Synchronization-{3441AF85-CD90-400B-83F0-D2005382D707}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 13:53:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-25 13:53:42
ComboFix-quarantined-files.txt 2008-03-25 13:53:39
.
2008-03-25 11:29:46 --- E O F ---

0

hi guys just wanted to say thank u, my dll error mesages have gona now aswell, i think i just forgot to restart the pc after the combofix report, thanks alot for your help

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.