Inactive msconfig fixed, now what? (log files included)

nljpj · 2010/04/27

[Inactive] msconfig fixed, now what? (log files included)

I wanted to disable some startup programs but msconfig wouldn't run. I ran Malwarebytes and Gmer, as well a Hijackthis scan.

Msconfig works now, but laptop still runs super slow.

And the DDS scan was run afterwards because I didn't see the instructions beforehand. Oops.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4041

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/26/2010 11:39:53 PM
mbam-log-2010-04-26 (23-39-53).txt

Scan type: Quick scan
Objects scanned: 122899
Time elapsed: 44 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100009000004} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000005-0000-0000-0000-100011000004} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\losthostage\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 11:40:24
Windows 5.1.2600 Service Pack 2
Running: 8uhkv1sd.exe; Driver: C:\DOCUME~1\LOSTHO~1\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT 84855200 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF754D87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF754DBFE]

---- Kernel code sections - GMER 1.0.15 ----

? lrwb.sys The system cannot find the file specified. !
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\snmp.exe[268] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[268] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\snmp.exe[268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\snmp.exe[268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\snmp.exe[268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\snmp.exe[268] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[468] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[468] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\wdfmgr.exe[492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\wdfmgr.exe[492] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\wdfmgr.exe[492] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\wdfmgr.exe[492] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\wdfmgr.exe[492] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Hardware\Keyboard\type32.exe[500] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[576] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[584] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[612] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[656] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[660] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[668] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[808] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\Ati2evxx.exe[808] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[960] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\HotKey Utility\HKserv.exe[1252] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[1352] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\wbem\unsecapp.exe[1464] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wscntfy.exe[1528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[1528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscntfy.exe[1528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[1528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscntfy.exe[1528] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\Ati2evxx.exe[1624] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1624] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[1644] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1644] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1644] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1644] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1644] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[1732] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1732] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[1732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[1732] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1736] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1836] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1920] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1920] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1920] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1920] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1984] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1984] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1984] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1984] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2140] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2140] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2140] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2384] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[2388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[2388] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[2388] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[2388] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\losthostage\Desktop\8uhkv1sd.exe[4028] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony\HotKey Utility\HKWnd.exe[4032] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 5F00003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DD2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DD2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DD2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DD2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[2008] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C92F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C92C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01C92CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C92CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

broni · 2010/04/27

I still don't see DDS logs

nljpj · 2010/04/27

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:55 PM, on 4/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\losthostage\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {39BB3BA8-9FFE-49D7-BC0B-0A3C5AF27131} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {39BB3BA8-9FFE-49D7-BC0B-0A3C5AF27131} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C136861C-1876-45D8-9E46-6D489D83E5A1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C136861C-1876-45D8-9E46-6D489D83E5A1} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113986502718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 12085 bytes

DDS (Ver_10-03-17.01) - NTFSx86
Run by losthostage at 12:38:10.80 on Tue 04/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.43 [GMT -7:00]

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.msn.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Spyware Doctor] c:\progra~1\spywar~1\swdoctor.exe /Q
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [P2kAutostart]
uRun: [Google Update] "c:\documents and settings\losthostage\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe "
mRun: [SunServer] c:\program files\sunbelt software\counterspy\consumer\sunserver.exe
dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
IE: Download All Files by HiDownload - c:\progra~1\hidown~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\hidown~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - c:\progra~1\hidown~1\hidownload.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113986502718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: GIANT AntiSpyware Service Hook: {076394ad-7fdd-44ef-a075-32c68dbab99b} - c:\program files\sunbelt software\counterspy\consumer\SunExecuteHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lostho~1\applic~1\mozilla\firefox\profiles\vt53cw5x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://branding/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://branding/content/searchconfig.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "signon.prefillForms ", true);

============= SERVICES / DRIVERS ===============

R? MotDev;Motorola Inc. USB Device
R? NPF;NetGroup Packet Filter Driver
S? ikhfile;File Security Kernel Anti-Spyware Driver
S? ikhlayer;Kernel Anti-Spyware Driver
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? Viewpoint Manager Service;Viewpoint Manager Service
S? WCDV_Aud;WevCamDV WDM Virtual Audio Device
S? WebCamDV;WebCamDV DV to Webcam Converter

=============== Created Last 30 ================

2010-04-27 04:46:00 0 d-----w- c:\docume~1\lostho~1\applic~1\Malwarebytes
2010-04-27 04:43:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 04:43:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-27 04:42:16 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 04:42:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 00:12:36 0 d-sh--w- c:\documents and settings\losthostage\PrivacIE
2010-04-26 23:49:26 0 d-sh--w- c:\documents and settings\losthostage\IETldCache
2010-04-26 23:46:35 0 d-----w- c:\windows\SxsCaPendDel
2010-04-26 22:41:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-26 22:41:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-26 22:40:40 0 d-----w- c:\windows\ie8updates
2010-04-26 22:33:27 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-26 22:12:55 0 dc-h--w- c:\windows\ie8
2010-04-26 02:53:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-26 02:53:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-26 02:43:29 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-26 01:07:51 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-26 01:07:48 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-04-26 01:07:48 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-04-26 01:07:48 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-04-09 02:24:19 577536 ----a-w- c:\windows\soundman.exe
2010-04-09 02:24:19 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-04-09 02:24:11 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-04-09 02:24:10 141016 ----a-w- c:\windows\system32\alsndmgr.wav
2010-04-09 02:24:04 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2010-04-09 02:21:12 0 d-----w- c:\program files\Realtek AC97

==================== Find3M ====================

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2006-03-25 17:56:50 176 -c--a-w- c:\program files\plabapp.log
2005-03-12 10:35:14 163 -csha-r- c:\windows\Regbak.dat

============= FINISH: 12:45:50.67 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2005 3:58:13 PM
System Uptime: 4/27/2010 11:49:31 AM (1 hours ago)

Motherboard: Sony Corporation | | Q-Project
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | N/A | 2789/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 15 GiB total, 3.255 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 0.662 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== Installed Programs ======================

µTorrent
2JPEG
Ad-Aware
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
AviSynth 2.5
Canon iP1800 series
Canon iP1800 series User Registration
Canon My Printer
CD Audio Reader Filter (remove only)
CDRCue Cuesheet Editor
Copy Utility
Direct Show Ogg Vorbis Filter (remove only)
DirectVobSub (remove only)
DivX
DivX Player
DS-MP3 Source 1.30
DScaler 5 Mpeg Decoders
DVgate Plus
Easy-WebPrint
eMule
EphPod
EPSON Photo Print
EPSON TWAIN 5
ffdshow [rev 1390] [2007-07-31]
File Renamer Ultra 2000
FLV Player 1.3.3
foobar2000
GoldWave v5.08
Google Talk Plugin
GSpot Codec Information Appliance
Haali Media Splitter
HiDownload
HiFi WMA WAV Converter 2.00
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HotKey Utility
Huffyuv AVI lossless video codec (Remove Only)
InterActual Player
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_01
L&H TTS3000 Deutsch
L&H TTS3000 FranÃ§ais
L&H TTS3000 Italiano
L&H TTS3000 Russian
LAN-Express AS IEEE 802.11 Wireless LAN
Lavasoft VX2 Cleaner
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliType Pro 2.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
mkw Audio Compression Toolkit
Monkey's Audio
Mozilla Firefox (1.5.0.12)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
NoClone
office Convert Pdf to PowerPoint for ppt Free 6.0
OpenSource Flash Video Splitter (remove only)
Orange Micro WebCamDV
PF1250-1650 Guide
PowerDVD
QuickSFV (Remove only)
RealMedia (remove only)
RealPlayer
Realtek AC'97 Audio
Registrar Lite 2.00
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SHOUTcast Source (remove only)
SimpChinese Speech Package
Skypeâ„¢ 4.0
SoftV92 Data Fax Modem with SmartCP
SonicStage 1.6.00
Sony Certificate PCH
Sony Notebook Setup
Sony USB Driver
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
SpywareBlaster v3.5.1
Sunbelt CounterSpy
SWF Opener
Symantec Network Drivers Update
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Web Pictures Downloader 1.88
WebFldrs XP
Welcome to VAIO life
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
XoftSpy
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec v1.0.3 (remove only)
Zoom Player (remove only)
Zortam ID3 Tag Editor

==== End Of File ===========================

broni · 2010/04/27

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

nljpj · 2010/04/28

It seems that msconfig isn't working again.

ComboFix 10-04-26.05 - losthostage 04/27/2010 22:34:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.159 [GMT -7:00]
Running from: c:\documents and settings\losthostage\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\losthostage\Local Settings\Temporary Internet Files\fbk.sts
c:\recycler\S-1-5-21-2000478354-1935655697-854245398-1003
c:\recycler\S-1-5-21-2519100724-456854399-911373916-1003
c:\recycler\S-1-5-21-3424102909-3587146395-3622334083-1003
c:\recycler\S-1-5-21-3634463518-1164549874-975694134-1003
c:\recycler\S-1-5-21-4188284009-2866619558-3977789960-1003
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\office.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wiaserviv.log

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VDMT16
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Legacy_WINLOW

((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.

2010-04-27 05:03 . 2010-04-27 05:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 04:46 . 2010-04-27 04:46 -------- d-----w- c:\documents and settings\losthostage\Application Data\Malwarebytes
2010-04-27 04:43 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 04:43 . 2010-04-27 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-27 04:42 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 04:42 . 2010-04-27 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 00:24 . 2010-04-27 00:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-27 00:12 . 2010-04-27 00:12 -------- d-sh--w- c:\documents and settings\losthostage\PrivacIE
2010-04-26 23:50 . 2010-04-26 23:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-26 23:49 . 2010-04-26 23:49 -------- d-sh--w- c:\documents and settings\losthostage\IETldCache
2010-04-26 23:46 . 2010-04-26 23:48 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-26 22:41 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-26 22:41 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-26 22:40 . 2010-04-26 22:47 -------- d-----w- c:\windows\ie8updates
2010-04-26 22:33 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-26 22:12 . 2010-04-26 22:32 -------- dc-h--w- c:\windows\ie8
2010-04-26 02:53 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-26 02:53 . 2010-04-26 02:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-26 02:43 . 2010-04-26 02:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-26 02:41 . 2010-04-26 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-04-16 04:54 . 2010-04-22 09:52 -------- d-----w- c:\documents and settings\losthostage\Application Data\vlc
2010-04-09 02:24 . 2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
2010-04-09 02:24 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-04-09 02:24 . 2006-12-08 22:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-04-09 02:21 . 2010-04-09 02:21 -------- d-----w- c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 04:51 . 2009-07-30 02:42 -------- d-----w- c:\documents and settings\losthostage\Application Data\uTorrent
2010-04-26 23:27 . 2006-06-03 22:28 -------- d-----w- c:\program files\Lavasoft
2010-04-26 23:20 . 2009-07-31 03:48 -------- d-----w- c:\program files\Common Files\AOL
2010-04-26 23:17 . 2005-07-31 07:53 -------- d-----w- c:\program files\Azureus
2010-04-26 17:59 . 2005-02-25 07:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-26 07:57 . 2005-02-25 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-26 00:08 . 2005-02-16 16:11 -------- d-----w- c:\program files\InterVideo
2010-04-26 00:08 . 2004-01-10 01:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 00:07 . 2005-02-22 01:39 -------- d-----w- c:\program files\Common Files\InterVideo
2010-04-09 04:41 . 2006-01-04 07:40 -------- d-----w- c:\program files\SpywareBlaster
2010-04-09 02:16 . 2005-02-22 00:22 -------- d-----w- c:\documents and settings\losthostage\Application Data\AVG7
2010-04-09 02:16 . 2005-02-22 00:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG7
2010-04-09 02:15 . 2005-02-22 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG7
2010-03-10 06:15 . 2004-01-09 23:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-02-07 08:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-01-09 23:32 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-01-09 23:32 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-01-09 23:32 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-01-09 23:33 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-03-25 17:56 . 2006-03-25 17:56 176 -c--a-w- c:\program files\plabapp.log
2007-07-23 10:22 . 2006-03-29 02:52 61038 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-23 10:22 . 2006-03-29 02:53 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-23 10:22 . 2006-03-29 02:52 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2005-03-12 10:35 . 2005-03-12 10:35 163 -csha-r- c:\windows\Regbak.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor "= "c:\progra~1\SPYWAR~1\swdoctor.exe" [2006-11-03 2111632]
"Google Update "= "c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-07-30 288048]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-21 98304]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-21 499712]
"ATIModeChange "= "Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-20 335872]
"HKSERV.EXE "= "c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2003-10-25 167936]
"VAIO Update 2 "= "c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2003-11-29 135168]
"VAIO Recovery "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IntelliType "= "c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 69632]
"SunServer "= "c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-10-28 290816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor "= "c:\program files\Spyware Doctor\swdoctor.exe" [2006-11-03 2111632]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\warnhp.html
FriendlyName= Warning homepage

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B} "= "c:\program files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" [2005-10-28 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextToSpeechMP3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextToSpeechMP3.lnk
backup=c:\windows\pss\TextToSpeechMP3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^losthostage^Start Menu^Programs^Startup^winupdate16301579[1].exe]
path=c:\documents and settings\losthostage\Start Menu\Programs\Startup\winupdate16301579[1].exe
backup=c:\windows\pss\winupdate16301579[1].exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^losthostage^Start Menu^Programs^Startup^winupdate90767452[1].exe]
path=c:\documents and settings\losthostage\Start Menu\Programs\Startup\winupdate90767452[1].exe
backup=c:\windows\pss\winupdate90767452[1].exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber "= "A209F-X00-F4R7-80H6-J3 "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Documents and Settings\\losthostage\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\losthostage\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-26 1265264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [2002-10-07 172544]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2003-01-23 12800]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:52]

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530681381-19472445-2978676521-1005Core.job
- c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 08:26]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530681381-19472445-2978676521-1005UA.job
- c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 08:26]

2006-02-07 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2006-01-16 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\losthostage\Application Data\Mozilla\Firefox\Profiles\vt53cw5x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "signon.prefillForms ", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
HKCU-Run-P2kAutostart - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\Qualcomm\Eudora\EuShlExt.dll
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-OMI WebCamDV - c:\program files\webcamdv\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 22:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath "= "\??\c:\windows\TEMP\mc21.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*]
"Data "= "InstallTime=1c60d35:847b51e0\0d\0aLastRunTime=1c60d35:847b51e0\0d\0a "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\SPYWAR~1\Tools\klg.dat

- - - - - - - > 'lsass.exe'(672)
c:\progra~1\SPYWAR~1\Tools\klg.dat

- - - - - - - > 'explorer.exe'(5728)
c:\windows\system32\WININET.dll
c:\progra~1\SPYWAR~1\Tools\klg.dat
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll

- - - - - - - > 'csrss.exe'(588)
c:\progra~1\SPYWAR~1\Tools\klg.dat
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\System32\snmp.exe
c:\windows\System32\wdfmgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-04-27 23:44:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 06:43

Pre-Run: 3,157,729,280 bytes free
Post-Run: 3,944,923,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons

- - End Of File - - D435918943B1805E8DAD0DE97C22B5F4

broni · 2010/04/28

You have some Norton's leftovers.
Please, download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

=================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

=================================================================

You also don't have any real AV program running, but we'll take care of it, when we're done with Combofix.

================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::
c:\documents and settings\losthostage\Application Data\AVG7
c:\documents and settings\LocalService\Application Data\AVG7
c:\documents and settings\All Users\Application Data\AVG7


Driver::

DirLook::
c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}


Registry::

RegNull::
[HKEY_LOCAL_MACHINE\software\WinHound.com\WinHound\WinHound\License*]

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

nljpj · 2010/04/28

ComboFix 10-04-28.03 - losthostage 04/28/2010 16:42:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.164 [GMT -7:00]
Running from: c:\documents and settings\losthostage\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\losthostage\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG7
c:\documents and settings\LocalService\Application Data\AVG7
c:\documents and settings\LocalService\Application Data\AVG7\Log\emc.log
c:\documents and settings\losthostage\Application Data\AVG7
c:\documents and settings\losthostage\Application Data\AVG7\Log\emc.log
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-27 05:03 . 2010-04-27 05:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-27 04:46 . 2010-04-27 04:46 -------- d-----w- c:\documents and settings\losthostage\Application Data\Malwarebytes
2010-04-27 04:43 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 04:43 . 2010-04-27 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-27 04:42 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 04:42 . 2010-04-27 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 00:24 . 2010-04-27 00:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-27 00:12 . 2010-04-27 00:12 -------- d-sh--w- c:\documents and settings\losthostage\PrivacIE
2010-04-26 23:50 . 2010-04-26 23:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-26 23:49 . 2010-04-26 23:49 -------- d-sh--w- c:\documents and settings\losthostage\IETldCache
2010-04-26 23:46 . 2010-04-26 23:48 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-26 22:41 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-26 22:41 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-26 22:40 . 2010-04-26 22:47 -------- d-----w- c:\windows\ie8updates
2010-04-26 22:33 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-26 22:12 . 2010-04-26 22:32 -------- dc-h--w- c:\windows\ie8
2010-04-26 02:53 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-26 02:53 . 2010-04-26 02:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-26 02:43 . 2010-04-26 02:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-26 02:41 . 2010-04-26 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-04-26 01:07 . 2010-04-26 01:07 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-04-16 04:54 . 2010-04-22 09:52 -------- d-----w- c:\documents and settings\losthostage\Application Data\vlc
2010-04-09 02:24 . 2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
2010-04-09 02:24 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-04-09 02:24 . 2006-12-08 22:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-04-09 02:21 . 2010-04-09 02:21 -------- d-----w- c:\program files\Realtek AC97

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 21:41 . 2009-07-30 02:42 -------- d-----w- c:\documents and settings\losthostage\Application Data\uTorrent
2010-04-28 21:38 . 2005-06-20 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-28 20:43 . 2005-02-16 16:23 -------- d-----w- c:\program files\Symantec
2010-04-26 23:27 . 2006-06-03 22:28 -------- d-----w- c:\program files\Lavasoft
2010-04-26 23:20 . 2009-07-31 03:48 -------- d-----w- c:\program files\Common Files\AOL
2010-04-26 23:17 . 2005-07-31 07:53 -------- d-----w- c:\program files\Azureus
2010-04-26 17:59 . 2005-02-25 07:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-26 07:57 . 2005-02-25 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-26 02:53 . 2010-04-26 02:53 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-26 02:53 . 2010-04-26 02:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-26 02:53 . 2010-04-26 02:53 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-26 02:53 . 2010-04-26 02:53 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-26 02:53 . 2010-04-26 02:53 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-26 02:53 . 2010-04-26 02:52 210552 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-26 00:08 . 2005-02-16 16:11 -------- d-----w- c:\program files\InterVideo
2010-04-26 00:08 . 2004-01-10 01:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 00:07 . 2005-02-22 01:39 -------- d-----w- c:\program files\Common Files\InterVideo
2010-04-19 21:59 . 2010-04-19 21:59 255472 ----a-w- c:\documents and settings\losthostage\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-09 04:41 . 2006-01-04 07:40 -------- d-----w- c:\program files\SpywareBlaster
2010-03-10 06:15 . 2004-01-09 23:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-02-07 08:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-01-09 23:32 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 2004-01-09 23:32 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-01-09 23:32 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-01-09 23:33 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 15:53 . 2010-04-26 02:43 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2006-03-25 17:56 . 2006-03-25 17:56 176 -c--a-w- c:\program files\plabapp.log
2007-07-23 10:22 . 2006-03-29 02:52 61038 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-23 10:22 . 2006-03-29 02:53 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-23 10:22 . 2006-03-29 02:52 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2005-03-12 10:35 . 2005-03-12 10:35 163 -csha-r- c:\windows\Regbak.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} ----

2010-04-26 02:43 . 2010-04-26 02:43 90 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\instance.dat
2010-04-26 02:43 . 2010-04-26 02:43 9 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.lan
2010-04-26 02:43 . 2010-04-26 02:47 497 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.dat
2010-04-26 02:43 . 2010-04-26 02:43 5248 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.par
2010-04-26 02:43 . 2010-02-04 15:53 579362 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\mia.lib
2010-04-26 02:43 . 2010-02-04 15:53 18962688 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.res
2010-04-26 02:43 . 2010-02-04 15:53 1860096 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.msi
2010-04-26 02:43 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor "= "c:\progra~1\SPYWAR~1\swdoctor.exe" [2006-11-03 2111632]
"Google Update "= "c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-07-30 288048]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-21 98304]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-21 499712]
"ATIModeChange "= "Ati2mdxx.exe" [2001-09-05 28672]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-20 335872]
"HKSERV.EXE "= "c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2003-10-25 167936]
"VAIO Update 2 "= "c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2003-11-29 135168]
"VAIO Recovery "= "c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"IntelliType "= "c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 69632]
"SunServer "= "c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-10-28 290816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor "= "c:\program files\Spyware Doctor\swdoctor.exe" [2006-11-03 2111632]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\warnhp.html
FriendlyName= Warning homepage

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B} "= "c:\program files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" [2005-10-28 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextToSpeechMP3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TextToSpeechMP3.lnk
backup=c:\windows\pss\TextToSpeechMP3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^losthostage^Start Menu^Programs^Startup^winupdate16301579[1].exe]
path=c:\documents and settings\losthostage\Start Menu\Programs\Startup\winupdate16301579[1].exe
backup=c:\windows\pss\winupdate16301579[1].exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^losthostage^Start Menu^Programs^Startup^winupdate90767452[1].exe]
path=c:\documents and settings\losthostage\Start Menu\Programs\Startup\winupdate90767452[1].exe
backup=c:\windows\pss\winupdate90767452[1].exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber "= "A209F-X00-F4R7-80H6-J3 "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\eMule\\emule.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Documents and Settings\\losthostage\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\losthostage\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/25/2010 7:53 PM 64288]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/30/2007 3:37 PM 40832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:52]

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530681381-19472445-2978676521-1005Core.job
- c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 08:26]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530681381-19472445-2978676521-1005UA.job
- c:\documents and settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 08:26]

2006-02-07 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2006-01-16 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.msn.com
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\losthostage\Application Data\Mozilla\Firefox\Profiles\vt53cw5x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.cookie.p3plevel ", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.enablePad ", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.default ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.search.param.Google.1.custom ", "chrome://branding/content/searchconfig.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "signon.prefillForms ", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 17:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath "= "\??\c:\windows\TEMP\mc21.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\SPYWAR~1\Tools\klg.dat

- - - - - - - > 'lsass.exe'(652)
c:\progra~1\SPYWAR~1\Tools\klg.dat

- - - - - - - > 'explorer.exe'(772)
c:\windows\system32\WININET.dll
c:\progra~1\SPYWAR~1\Tools\klg.dat
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll

- - - - - - - > 'csrss.exe'(568)
c:\progra~1\SPYWAR~1\Tools\klg.dat
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\System32\snmp.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
.
**************************************************************************
.
Completion time: 2010-04-28 17:31:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-29 00:30
ComboFix2.txt 2010-04-28 06:44

Pre-Run: 3,888,201,728 bytes free
Post-Run: 3,893,837,824 bytes free

- - End Of File - - 5D197AC85AF66D90DB29D131F83FAEFB

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:00:30 PM, on 4/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\losthostage\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\losthostage\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {39BB3BA8-9FFE-49D7-BC0B-0A3C5AF27131} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {39BB3BA8-9FFE-49D7-BC0B-0A3C5AF27131} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C136861C-1876-45D8-9E46-6D489D83E5A1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C136861C-1876-45D8-9E46-6D489D83E5A1} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113986502718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 10785 bytes

broni · 2010/04/28

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Restart computer.

================================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Disable your antivirus program.
Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

Post fresh HijackThis log as well.

Log in or Sign up

Inactive msconfig fixed, now what? (log files included)

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive msconfig fixed, now what? (log files included)

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

nljpj Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches