annoying trojan

edited October 2007 in Spyware & Virus Removal
i did a hijackthis log and i have no idea what to do, can someone help? D:

Logfile of HijackThis v1.99.1
Scan saved at 11:54:18 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wireless Desktop\LgWDskTp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VAIOSurvey] "c:\program files\sony\vaio survey\surveysa.exe"
O4 - HKLM\..\Run: [LgWDskTp] "C:\Program Files\Wireless Desktop\LgWDskTp.exe"
O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Download all with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljjgdax - C:\WINDOWS\SYSTEM32\ljjgdax.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Comments

  • edited October 2007
    Hi vuman and welcome to Icrontic Spyware & Virus Removal

    Step 1: Download and Run: VundoFix
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.




    Step 2: Download and Run ComboFix
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


    Please post C:\Vundofix.txt C:\Combofix.txt and a new HiJackThis log.
  • edited October 2007
    Logfile of HijackThis v1.99.1
    Scan saved at 5:06:22 PM, on 10/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Wireless Desktop\LgWDskTp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VAIOSurvey] "c:\program files\sony\vaio survey\surveysa.exe"
    O4 - HKLM\..\Run: [LgWDskTp] "C:\Program Files\Wireless Desktop\LgWDskTp.exe"
    O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: Download all with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: ljjgdax - C:\WINDOWS\SYSTEM32\ljjgdax.dll
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



    ComboFix 07-10-07.2 - Vince Le 2007-10-08 16:57:20.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT -7:00]
    Running from: C:\Documents and Settings\Vince Le\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\outerinfo.ico
    C:\WINDOWS\setup.exe
    C:\WINDOWS\system32\awtst.dll
    C:\WINDOWS\system32\awvtr.dll
    C:\WINDOWS\system32\ddabb.dll
    C:\WINDOWS\system32\mljgg.dll
    C:\WINDOWS\system32\pmkjh.dll
    .
    ((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
    .
    2007-10-08 16:56 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-10-08 16:54 <DIR> d
    C:\VundoFix Backups
    2007-10-08 00:54 1,156 --a
    C:\WINDOWS\mozver.dat
    2007-10-07 14:16 34,816
    C:\WINDOWS\system32\ljjgdax.dll
    2007-10-07 13:45 <DIR> d
    C:\Program Files\BannedStory
    2007-10-07 10:11 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Viewpoint
    2007-10-06 20:33 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-10-06 20:33 59,264 --a
    C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-10-04 07:03 107,888 --a
    C:\WINDOWS\system32\CmdLineExt.dll
    2007-10-04 07:03 <DIR> dr-h
    C:\Documents and Settings\Vince Le\Application Data\SecuROM
    2007-10-04 06:50 81,768 --a
    C:\WINDOWS\system32\xinput1_3.dll
    2007-10-04 06:50 443,752 --a
    C:\WINDOWS\system32\d3dx10_33.dll
    2007-10-04 06:50 3,495,784 --a
    C:\WINDOWS\system32\d3dx9_33.dll
    2007-10-04 06:50 2,414,360 --a
    C:\WINDOWS\system32\d3dx9_31.dll
    2007-10-04 06:50 1,123,696 --a
    C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-10-04 06:48 <DIR> d
    C:\Program Files\Sierra Entertainment
    2007-10-04 06:48 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\InstallShield
    2007-10-03 23:32 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Apple Computer
    2007-10-03 23:31 <DIR> d
    C:\Program Files\iTunes
    2007-10-03 23:31 <DIR> d
    C:\Program Files\iPod
    2007-10-03 23:30 <DIR> d
    C:\Program Files\QuickTime
    2007-10-03 23:30 <DIR> d
    C:\Program Files\Apple Software Update
    2007-10-03 23:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-03 23:29 <DIR> d
    C:\Program Files\Common Files\Apple
    2007-10-03 23:29 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-03 21:45 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\Google
    2007-10-03 21:43 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-10-03 07:07 <DIR> d
    C:\Downloads
    2007-10-03 07:03 <DIR> d
    C:\Program Files\Free Download Manager
    2007-10-03 07:03 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Free Download Manager
    2007-10-03 07:03 <DIR> d
    C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2007-09-30 20:44 <DIR> d
    C:\Program Files\Ares
    2007-09-30 17:04 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Motive
    2007-09-30 17:03 <DIR> d
    C:\WINDOWS\Motive
    2007-09-30 17:03 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Motive
    2007-09-30 17:02 <DIR> d
    C:\Program Files\SBC Self Support Tool
    2007-09-30 16:38 81,920 --a
    C:\WINDOWS\system32\W32n50.dll
    2007-09-30 16:38 17,162 --a
    C:\WINDOWS\system32\Pcandis5.sys
    2007-09-30 16:38 16,848 --a
    C:\WINDOWS\system32\Pcandis4.sys
    2007-09-30 16:38 <DIR> d
    C:\Program Files\Common Files\Motive
    2007-09-30 15:21 29,704 --a
    C:\WINDOWS\system32\uxtuneup.dll
    2007-09-30 15:21 <DIR> d
    C:\Program Files\TuneUp Utilities 2007
    2007-09-30 15:21 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\TuneUp Software
    2007-09-30 15:21 <DIR> d
    C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-09-29 23:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\dvdcss
    2007-09-29 22:56 <DIR> d
    C:\Program Files\Leaf Networks
    2007-09-29 16:50 <DIR> d
    C:\Program Files\Ares Destiny
    2007-09-28 19:15 <DIR> d
    C:\Program Files\MSXML 6.0
    2007-09-28 19:15 <DIR> d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-28 15:59 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Nexon
    2007-09-27 22:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-09-27 22:42 <DIR> d
    C:\Program Files\DIFX
    2007-09-27 22:41 <DIR> d
    C:\Program Files\Zune
    2007-09-27 22:41 <DIR> d
    C:\Program Files\Common Files\ComponentOne
    2007-09-27 22:40 <DIR> d
    C:\WINDOWS\system32\LogFiles
    2007-09-27 22:40 <DIR> d
    C:\WINDOWS\system32\drivers\UMDF
    2007-09-27 22:40 <DIR> d
    C:\ef6b7238911a3200e5d15a3e6c4c2b86
    2007-09-27 22:31 <DIR> d
    C:\Program Files\Steam
    2007-09-27 22:13 <DIR> d
    C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-09-26 23:03 <DIR> d
    C:\Program Files\Bonjour
    2007-09-26 22:58 <DIR> d
    C:\Program Files\Common Files\Macrovision Shared
    2007-09-26 22:32 <DIR> d
    C:\Program Files\MagicISO
    2007-09-26 19:27 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Prevx
    2007-09-26 16:22 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Talkback
    2007-09-25 22:49 271,224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-09-25 22:49 207,736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-09-25 22:39 32,592 --a
    C:\WINDOWS\system32\msonpmon.dll
    2007-09-25 22:36 <DIR> d
    C:\Program Files\MSBuild
    2007-09-25 22:36 <DIR> d
    C:\Program Files\Microsoft.NET
    2007-09-25 22:32 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\acccore
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL
    2007-09-24 20:45 <DIR> d
    C:\Program Files\Viewpoint
    2007-09-24 20:45 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-09-24 20:44 335 --a
    C:\WINDOWS\nsreg.dat
    2007-09-24 20:44 <DIR> d
    C:\Program Files\Common Files\AOL
    2007-09-24 20:44 <DIR> d
    C:\Program Files\AIM6
    2007-09-24 20:40 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-09-23 20:44 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Lavasoft
    2007-09-23 20:41 79,688 --a
    C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-09-23 20:41 626,688 --a
    C:\WINDOWS\system32\msvcr80.dll
    2007-09-23 20:41 62,280 --a
    C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-09-23 20:41 41,288 --a
    C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-09-23 20:41 29,000 --a
    C:\WINDOWS\system32\drivers\kcom.sys
    2007-09-23 20:41 <DIR> d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-23 20:41 <DIR> d
    C:\Program Files\Spyware Doctor
    2007-09-23 20:41 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\PC Tools
    2007-09-23 20:32 164 --a
    C:\install.dat
    2007-09-23 20:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-23 20:29 <DIR> d
    C:\Program Files\SpywareBlaster
    2007-09-23 20:29 <DIR> d
    C:\Program Files\Lavasoft
    2007-09-23 19:44 <DIR> d
    C:\WINDOWS\system32\GroupPolicy
    2007-09-23 19:44 <DIR> d
    C:\Program Files\Hitman Pro
    2007-09-23 10:18 4,682 --a
    C:\WINDOWS\system32\npptNT2.sys
    2007-09-23 09:27 <DIR> d
    C:\Program Files\Real Alternative
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Real
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Media Player Classic
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Real
    2007-09-23 09:22 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\vlc
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-04 06:48
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-09-22 20:49
    d
    C:\Program Files\Google
    2007-09-22 14:33
    d
    C:\Documents and Settings\All Users\Application Data\Sony Corporation
    2007-09-22 14:25 0 -rah
    C:\WINDOWS\system32\drivers\Sony_VGC-VA10G.mrk
    2007-09-22 08:49
    d
    C:\Program Files\Sony
    2007-09-22 08:30
    d
    C:\Program Files\Common Files\Sony Shared
    2007-09-22 08:27
    d
    C:\Documents and Settings\Administrator\Application Data\Sony Corporation
    2007-09-22 08:27
    d
    C:\Documents and Settings\Administrator\Application Data\Sony Corporation
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 00:33]
    "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
    "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 16:42]
    "LgWDskTp"="C:\Program Files\Wireless Desktop\LgWDskTp.exe" [2004-10-27 09:37]
    "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-23 00:24]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 21:06]
    "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-09-28 21:21]
    "Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"= C:\WINDOWS\system32\ljjgdax.dll [2007-10-07 14:16 34816]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgdax]
    ljjgdax.dll 2007-10-07 14:16 34816 C:\WINDOWS\system32\ljjgdax.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
    backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
    backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
    backup=C:\WINDOWS\pss\VAIO Action Setup (Server).lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
    C:\Program Files\Leaf Networks\Leaf\bin\Leaf.exe /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "c:\program files\steam\steam.exe" -silent
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    "C:\Program Files\Zune\ZuneLauncher.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "VzFw"=2 (0x2)
    "VzCdbSvc"=2 (0x2)
    "Vcsw"=3 (0x3)
    "VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
    "VAIO Event Service"=2 (0x2)
    "VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
    "SSScsiSV"=3 (0x3)
    "SPTISRV"=3 (0x3)
    "Sony TVTA Manager"=2 (0x2)
    "Sony TV Tuner Manager"=3 (0x3)
    "Sony TV Tuner Controller"=3 (0x3)
    "SonicStageMonitoring"=2 (0x2)
    "PhotoshopElementsDeviceConnect"=2 (0x2)
    "Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
    "gusvc"=3 (0x3)
    "ZuneNetworkSvc"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "PACSPTISVR"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "MSCSPTISRV"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "AVGEMS"=2 (0x2)
    "Avg7UpdSvc"=2 (0x2)
    "Avg7Alrt"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AresChatServer"=3 (0x3)
    "AdobeActiveFileMonitor"=2 (0x2)
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 leafnets;Leaf Networks Adapter;C:\WINDOWS\system32\DRIVERS\leafnets.sys
    R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
    S3 FwHookDrv;FwHookDrv;\??\C:\WINDOWS\system32\drivers\FwHookDrv.sys
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
    S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);C:\WINDOWS\system32\drivers\WPRO_40_901.sys
    S4 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    S4 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-06 00:16:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    "2007-10-04 06:30:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-22 21:25:49 C:\WINDOWS\Tasks\Registration reminder 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************
    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-08 17:02:04
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2007-10-08 17:03:32 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:03
    .
    --- E O F ---



    i couldnt get one for vundo, it said i wasnt infected.
  • edited October 2007
    Hi vuman
    Please do the following...


    Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\ljjgdax.dll
    
    Folder::
    C:\ef6b7238911a3200e5d15a3e6c4c2b86
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgdax]
    
    
    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif

    This will start ComboFix again. After reboot, (in case it asks to reboot),

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O20 - Winlogon Notify: ljjgdax - C:\WINDOWS\SYSTEM32\ljjgdax.dll
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky,
    Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • The program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    Please post Kaspersky Online report Combofix.txt and a new HiJackThis log.
  • edited October 2007

    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, October 09, 2007 6:55:12 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/10/2007
    Kaspersky Anti-Virus database records: 429653
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true
    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    Scan Statistics:
    Total number of scanned objects: 104721
    Number of viruses found: 5
    Number of infected objects: 6
    Number of suspicious objects: 0
    Duration of the scan process: 02:58:08
    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2766304595_262144_74006 Object is locked skipped
    C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
    C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{4BBCFE12-D273-44FA-8E19-7418336A33C3}.TmpSBE Object is locked skipped
    C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Vince Le\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Application Data\Microsoft\Zune\CurrentDatabase_365.wmdb Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\History\History.IE5\MSHist012007100820071009\index.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Free Download Manager\tic10.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Free Download Manager\tic1A.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Free Download Manager\tic1D.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Free Download Manager\ticE.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Free Download Manager\ticF.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Perflib_Perfdata_14c.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\Perflib_Perfdata_58c.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\~DF4B38.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\temp\~DF4B45.tmp Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Temporary Internet Files\Content.IE5\2OHR3VMX\2[1].htm Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Temporary Internet Files\Content.IE5\2OHR3VMX\tears_of_the_sun_usp_40[1].rar Object is locked skipped
    C:\Documents and Settings\Vince Le\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Vince Le\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Vince Le\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
    C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
    C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
    C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
    C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
    C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
    C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004735.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004736.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004737.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004738.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004739.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe/upd.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe/cmdo.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe/ntdll.exe Infected: Trojan-Dropper.Win32.Agent.qz skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe/spoolsv32.exe Infected: not-a-virus:AdWare.Win32.WinAD.aw skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe/dllhost32.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP38\A0004758.exe SetupFactory: infected - 5 skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP41\A0004860.dll Object is locked skipped
    C:\System Volume Information\_restore{03663F56-5A52-4397-857A-F7FF6F59EF9F}\RP41\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{8246C2DA-AC6B-46F1-B671-909D4E4E6BF8}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_87c.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    Scan process completed.




    Logfile of HijackThis v1.99.1
    Scan saved at 6:56:21 AM, on 10/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Wireless Desktop\LgWDskTp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Free Download Manager\FUM\fumoei.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Downloads\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [VAIOSurvey] "c:\program files\sony\vaio survey\surveysa.exe"
    O4 - HKLM\..\Run: [LgWDskTp] "C:\Program Files\Wireless Desktop\LgWDskTp.exe"
    O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: Download all with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - [URL]file://C:\Program[/URL] Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe




    ComboFix 07-10-07.2 - Vince Le 2007-10-08 21:39:58.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -7:00]
    Running from: C:\Documents and Settings\Vince Le\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Vince Le\Desktop\CFScript.txt
    * Created a new restore point
    FILE::
    C:\WINDOWS\system32\ljjgdax.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\ef6b7238911a3200e5d15a3e6c4c2b86
    C:\ef6b7238911a3200e5d15a3e6c4c2b86\update\update.exe
    C:\WINDOWS\system32\ljjgdax.dll
    .
    ((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
    .
    2007-10-08 16:56 51,200 --a
    C:\WINDOWS\NirCmd.exe
    2007-10-08 16:54 <DIR> d
    C:\VundoFix Backups
    2007-10-08 00:54 1,156 --a
    C:\WINDOWS\mozver.dat
    2007-10-07 13:45 <DIR> d
    C:\Program Files\BannedStory
    2007-10-07 10:11 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Viewpoint
    2007-10-06 20:33 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
    2007-10-06 20:33 59,264 --a
    C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-10-04 07:03 107,888 --a
    C:\WINDOWS\system32\CmdLineExt.dll
    2007-10-04 07:03 <DIR> dr-h
    C:\Documents and Settings\Vince Le\Application Data\SecuROM
    2007-10-04 06:50 81,768 --a
    C:\WINDOWS\system32\xinput1_3.dll
    2007-10-04 06:50 443,752 --a
    C:\WINDOWS\system32\d3dx10_33.dll
    2007-10-04 06:50 3,495,784 --a
    C:\WINDOWS\system32\d3dx9_33.dll
    2007-10-04 06:50 2,414,360 --a
    C:\WINDOWS\system32\d3dx9_31.dll
    2007-10-04 06:50 1,123,696 --a
    C:\WINDOWS\system32\D3DCompiler_33.dll
    2007-10-04 06:48 <DIR> d
    C:\Program Files\Sierra Entertainment
    2007-10-04 06:48 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\InstallShield
    2007-10-03 23:32 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Apple Computer
    2007-10-03 23:31 <DIR> d
    C:\Program Files\iTunes
    2007-10-03 23:31 <DIR> d
    C:\Program Files\iPod
    2007-10-03 23:30 <DIR> d
    C:\Program Files\QuickTime
    2007-10-03 23:30 <DIR> d
    C:\Program Files\Apple Software Update
    2007-10-03 23:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-03 23:29 <DIR> d
    C:\Program Files\Common Files\Apple
    2007-10-03 23:29 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-03 21:45 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\Google
    2007-10-03 21:43 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-10-03 07:07 <DIR> d
    C:\Downloads
    2007-10-03 07:03 <DIR> d
    C:\Program Files\Free Download Manager
    2007-10-03 07:03 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Free Download Manager
    2007-10-03 07:03 <DIR> d
    C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
    2007-09-30 20:44 <DIR> d
    C:\Program Files\Ares
    2007-09-30 17:04 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Motive
    2007-09-30 17:03 <DIR> d
    C:\WINDOWS\Motive
    2007-09-30 17:03 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Motive
    2007-09-30 17:02 <DIR> d
    C:\Program Files\SBC Self Support Tool
    2007-09-30 16:38 81,920 --a
    C:\WINDOWS\system32\W32n50.dll
    2007-09-30 16:38 17,162 --a
    C:\WINDOWS\system32\Pcandis5.sys
    2007-09-30 16:38 16,848 --a
    C:\WINDOWS\system32\Pcandis4.sys
    2007-09-30 16:38 <DIR> d
    C:\Program Files\Common Files\Motive
    2007-09-30 15:21 29,704 --a
    C:\WINDOWS\system32\uxtuneup.dll
    2007-09-30 15:21 <DIR> d
    C:\Program Files\TuneUp Utilities 2007
    2007-09-30 15:21 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\TuneUp Software
    2007-09-30 15:21 <DIR> d
    C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-09-29 23:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\dvdcss
    2007-09-29 22:56 <DIR> d
    C:\Program Files\Leaf Networks
    2007-09-29 16:50 <DIR> d
    C:\Program Files\Ares Destiny
    2007-09-28 19:15 <DIR> d
    C:\Program Files\MSXML 6.0
    2007-09-28 19:15 <DIR> d
    C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-28 15:59 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Nexon
    2007-09-27 22:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-09-27 22:42 <DIR> d
    C:\Program Files\DIFX
    2007-09-27 22:41 <DIR> d
    C:\Program Files\Zune
    2007-09-27 22:41 <DIR> d
    C:\Program Files\Common Files\ComponentOne
    2007-09-27 22:40 <DIR> d
    C:\WINDOWS\system32\LogFiles
    2007-09-27 22:40 <DIR> d
    C:\WINDOWS\system32\drivers\UMDF
    2007-09-27 22:31 <DIR> d
    C:\Program Files\Steam
    2007-09-27 22:13 <DIR> d
    C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-09-26 23:03 <DIR> d
    C:\Program Files\Bonjour
    2007-09-26 22:58 <DIR> d
    C:\Program Files\Common Files\Macrovision Shared
    2007-09-26 22:32 <DIR> d
    C:\Program Files\MagicISO
    2007-09-26 19:27 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Prevx
    2007-09-26 16:22 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Talkback
    2007-09-25 22:49 271,224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-09-25 22:49 207,736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-09-25 22:39 32,592 --a
    C:\WINDOWS\system32\msonpmon.dll
    2007-09-25 22:36 <DIR> d
    C:\Program Files\MSBuild
    2007-09-25 22:36 <DIR> d
    C:\Program Files\Microsoft.NET
    2007-09-25 22:32 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\acccore
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-09-24 20:49 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL
    2007-09-24 20:45 <DIR> d
    C:\Program Files\Viewpoint
    2007-09-24 20:45 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-09-24 20:44 335 --a
    C:\WINDOWS\nsreg.dat
    2007-09-24 20:44 <DIR> d
    C:\Program Files\Common Files\AOL
    2007-09-24 20:44 <DIR> d
    C:\Program Files\AIM6
    2007-09-24 20:40 <DIR> d
    C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-09-23 20:44 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Lavasoft
    2007-09-23 20:41 79,688 --a
    C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-09-23 20:41 626,688 --a
    C:\WINDOWS\system32\msvcr80.dll
    2007-09-23 20:41 62,280 --a
    C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-09-23 20:41 41,288 --a
    C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-09-23 20:41 29,000 --a
    C:\WINDOWS\system32\drivers\kcom.sys
    2007-09-23 20:41 <DIR> d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-23 20:41 <DIR> d
    C:\Program Files\Spyware Doctor
    2007-09-23 20:41 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\PC Tools
    2007-09-23 20:32 164 --a
    C:\install.dat
    2007-09-23 20:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-23 20:29 <DIR> d
    C:\Program Files\SpywareBlaster
    2007-09-23 20:29 <DIR> d
    C:\Program Files\Lavasoft
    2007-09-23 19:44 <DIR> d
    C:\WINDOWS\system32\GroupPolicy
    2007-09-23 19:44 <DIR> d
    C:\Program Files\Hitman Pro
    2007-09-23 10:18 4,682 --a
    C:\WINDOWS\system32\npptNT2.sys
    2007-09-23 09:27 <DIR> d
    C:\Program Files\Real Alternative
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Real
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\Media Player Classic
    2007-09-23 09:27 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Real
    2007-09-23 09:22 <DIR> d
    C:\Documents and Settings\Vince Le\Application Data\vlc
    2007-09-23 09:21 <DIR> d
    C:\Program Files\VideoLAN
    2007-09-23 00:30 <DIR> d
    C:\Nexon
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-04 06:48
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-09-22 20:49
    d
    C:\Program Files\Google
    2007-09-22 14:33
    d
    C:\Documents and Settings\All Users\Application Data\Sony Corporation
    2007-09-22 14:25 0 -rah
    C:\WINDOWS\system32\drivers\Sony_VGC-VA10G.mrk
    2007-09-22 08:49
    d
    C:\Program Files\Sony
    2007-09-22 08:30
    d
    C:\Program Files\Common Files\Sony Shared
    2007-09-22 08:27
    d
    C:\Documents and Settings\Administrator\Application Data\Sony Corporation
    2007-09-22 08:27
    d
    C:\Documents and Settings\Administrator\Application Data\Sony Corporation
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    .
    ((((((((((((((((((((((((((((( [EMAIL="snapshot@2007-10-08_17.03.14.25"]snapshot@2007-10-08_17.03.14.25[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 53,248 2007-08-07 20:37:56 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
    ----a-w 182,248 2007-08-08 00:20:44 C:\WINDOWS\system32\Macromed\Director\swdir.dll
    ----a-w 55,272 2007-08-08 00:21:02 C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
    ----a-w 585,728 2007-08-07 20:35:56 C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
    ----a-w 1,490,944 2007-08-07 20:19:40 C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
    ----a-w 24,576 2007-08-07 20:36:32 C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
    ----a-w 1,113,600 2007-08-07 23:52:32 C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
    ----a-w 52,288 2007-08-07 20:08:48 C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
    ----a-w 606,208 2007-08-07 20:17:24 C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
    ----a-w 339,968 2007-08-07 20:35:22 C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
    ----a-w 483,328 2007-08-07 20:35:32 C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
    ----a-w 180,224 2007-08-07 20:28:38 C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
    ----a-w 391,144 2007-08-08 00:20:28 C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
    ----a-w 77,824 2007-08-07 20:37:56 C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
    ----a-w 86,016 2007-08-07 20:35:18 C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
    ----a-w 98,304 2007-08-07 20:37:58 C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
    ----a-w 50,808 2007-08-07 20:08:46 C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
    ----a-w 149,504 1999-06-25 17:55:30 C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 00:33]
    "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 06:03]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 06:03]
    "VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 16:42]
    "LgWDskTp"="C:\Program Files\Wireless Desktop\LgWDskTp.exe" [2004-10-27 09:37]
    "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-23 00:24]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
    "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 21:06]
    "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-09-28 21:21]
    "Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{521EF0DE-EC32-4FC4-8AA9-7CBB88108ED1}"= C:\WINDOWS\system32\ljjgdax.dll [ ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
    C:\Program Files\Leaf Networks\Leaf\bin\Leaf.exe /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "c:\program files\steam\steam.exe" -silent
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    "C:\Program Files\Zune\ZuneLauncher.exe"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "VzFw"=2 (0x2)
    "VzCdbSvc"=2 (0x2)
    "Vcsw"=3 (0x3)
    "VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
    "VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
    "VAIO Event Service"=2 (0x2)
    "VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
    "SSScsiSV"=3 (0x3)
    "SPTISRV"=3 (0x3)
    "Sony TVTA Manager"=2 (0x2)
    "Sony TV Tuner Manager"=3 (0x3)
    "Sony TV Tuner Controller"=3 (0x3)
    "SonicStageMonitoring"=2 (0x2)
    "PhotoshopElementsDeviceConnect"=2 (0x2)
    "Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
    "gusvc"=3 (0x3)
    "ZuneNetworkSvc"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "PACSPTISVR"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "MSCSPTISRV"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "AVGEMS"=2 (0x2)
    "Avg7UpdSvc"=2 (0x2)
    "Avg7Alrt"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "AresChatServer"=3 (0x3)
    "AdobeActiveFileMonitor"=2 (0x2)
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 leafnets;Leaf Networks Adapter;C:\WINDOWS\system32\DRIVERS\leafnets.sys
    R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
    S3 FwHookDrv;FwHookDrv;\??\C:\WINDOWS\system32\drivers\FwHookDrv.sys
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
    S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);C:\WINDOWS\system32\drivers\WPRO_40_901.sys
    S4 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    S4 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-06 00:16:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    "2007-10-04 06:30:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-22 21:25:49 C:\WINDOWS\Tasks\Registration reminder 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************
    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-08 21:43:58
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2007-10-08 21:45:45 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-08 21:45
    C:\ComboFix2.txt ... 2007-10-08 17:03
    .
    --- E O F ---
  • edited October 2007
    :smiles:Hi vuman
    Things are looking good. Do you still notice any problems with your computer?


    Update Java Runtime Environment (JRE)
    Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 6u3.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    Note: If you are a student, doing development work with an earlier Java Development Kit (JDK),due to school requirements. You can keep your JDK, (I Know updating JDK from 1.5 or earlier to JDK 1.6 will cause development conflict with Java Swing) but please update ur JRE

    ==========================================

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    • Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
      Turn off System Restore.
      On the Desktop, right-click My Computer
      Click Properties
      Click the System Restore tab
      Check Turn off System Restore
      Click Apply, and then click OK

      Reboot.

      Turn on System Restore.
      On the Desktop, right-click My Computer
      Click Properties
      Click the System Restore tab
      Uncheck Turn off System Restore
      Click Apply, and then click OK
      NOTE: only do this ONCE, NOT on a regular basis!
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      • Next press the Apply button and then the OK to exit the Internet Properties page.
    • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
      This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
      Instructions for - Spybot S & D and Ad-aware
    • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
      Instructions for - Spybot S & D and Ad-aware
    • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
      Computer Safety on line - Anti-Malware
    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.:wink:
  • edited October 2007
    thank you so much :D
  • edited October 2007

    Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips that Short-Media offers.

    This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

    Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.

    If you are not the user who started this thread, you must start a new Thread instead :)

    Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here
This discussion has been closed.