ok, combofix run, here is log...
ComboFix 08-04-13.2 - alex parish 2008-04-16 10:28:26.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.148 [GMT -4:00]
Running from: C:\Documents and Settings\alex parish\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-16 07:01 . 2008-04-16 07:01 106,496 --a------ C:\WINDOWS\system32\lwbsbkja.exe
2008-04-13 22:33 . 2008-04-13 22:33 94,208 --a------ C:\WINDOWS\system32\hilorudu.exe
2008-04-13 17:26 . 2008-04-13 17:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-13 16:48 . 2008-04-13 16:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 09:27 . 2008-04-13 09:28 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-13 08:25 . 2008-04-13 09:16 320 --a------ C:\WINDOWS\wininit.ini
2008-04-13 07:55 . 2008-04-13 17:42 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\TmpRecentIcons
2008-04-13 06:39 . 2008-04-13 06:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-13 06:39 . 2008-04-13 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 06:35 . 2008-04-13 06:35 <DIR> d-------- C:\Program Files\CCleaner
2008-04-12 08:39 . 2008-04-12 08:39 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-04-12 08:20 . 2008-04-12 08:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 08:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-10 15:33 . 2008-04-10 15:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 15:33 . 2008-04-10 15:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 06:30 . 2008-04-07 06:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-07 06:29 . 2008-04-07 06:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-07 06:29 . 2008-04-07 06:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-07 06:28 . 2008-04-07 06:30 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 09:18 . 2008-04-07 19:10 560 --a------ C:\Documents and Settings\alex parish\Application Data\ViewerApp.dat
2008-04-05 09:06 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-05 09:06 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-04-03 12:12 . 2008-04-03 12:14 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-03 12:12 . 2008-04-03 12:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-03 12:12 . 2008-04-03 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-03 12:12 . 2008-04-03 12:12 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\Yahoo!
2008-04-03 12:06 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-03 12:05 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-03 12:05 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-03 12:05 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-03 12:05 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-03 12:05 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-03 12:05 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-03 12:05 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-03 12:05 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-03 12:05 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-03 04:02 . 2008-04-03 04:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-02 10:36 . 2008-04-02 10:36 <DIR> d-------- C:\Program Files\Auction Client
2008-04-02 08:22 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 08:20 . 2006-12-07 02:40 2,362,184 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-04-02 08:16 . 2007-04-16 11:52 984,576 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-04-02 08:16 . 2008-02-20 01:32 148,992 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-04-02 08:16 . 2006-06-26 13:37 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-04-02 07:16 . 2008-04-02 07:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-04-01 22:49 . 2008-04-01 22:49 <DIR> d-------- C:\WINDOWS\Sun
2008-04-01 22:47 . 2008-04-01 22:47 <DIR> d--hs---- C:\Documents and Settings\alex parish\UserData
2008-04-01 22:43 . 2008-04-01 22:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-01 22:37 . 2008-04-01 22:37 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\AdobeUM
2008-04-01 22:36 . 2008-04-01 22:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-01 22:19 . 2008-04-01 22:35 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-01 22:19 . 2008-04-01 22:19 2,397 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2008-04-01 22:18 . 2008-04-01 22:20 <DIR> d-------- C:\Program Files\Symantec
2008-04-01 22:18 . 2008-04-13 21:24 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-01 22:18 . 2008-04-01 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-01 22:18 . 2008-04-01 22:18 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\Symantec
2008-04-01 22:18 . 2003-11-21 10:07 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-01 22:18 . 2003-11-21 10:07 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-01 22:12 . 2008-04-03 10:36 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\HP
2008-04-01 22:11 . 2008-04-01 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-01 22:10 . 2008-04-01 22:11 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-01 22:09 . 2008-04-01 22:10 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 22:09 . 2008-04-01 22:09 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 22:08 . 2005-10-11 22:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-01 22:08 . 2006-03-19 20:48 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-01 22:08 . 2006-07-03 12:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-04-01 22:08 . 2006-03-19 20:48 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-01 22:08 . 2006-03-19 20:48 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-01 22:06 . 2008-04-01 22:06 <DIR> d-------- C:\WINDOWS\carrier
2008-04-01 22:06 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-01 22:06 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-01 22:05 . 2008-04-01 22:11 <DIR> d-------- C:\Program Files\HP
2008-04-01 22:02 . 2008-04-01 22:14 142,093 --a------ C:\WINDOWS\hpwins05.dat
2008-04-01 22:02 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-01 22:02 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-01 21:56 . 2008-04-01 21:58 <DIR> d-------- C:\Program Files\Microsoft Digital Image 10
2008-04-01 21:56 . 2006-11-27 10:54 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll
2008-04-01 21:56 . 2006-11-27 10:54 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll
2008-04-01 21:56 . 2006-06-01 14:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-04-01 21:56 . 2006-10-13 06:23 163,584 -----c--- C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-04-01 21:56 . 2006-10-13 08:35 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-04-01 21:56 . 2006-10-13 08:35 65,536 -----c--- C:\WINDOWS\system32\dllcache\nwwks.dll
2008-04-01 21:56 . 2006-10-13 08:35 64,000 -----c--- C:\WINDOWS\system32\dllcache\nwapi32.dll
2008-04-01 21:56 . 2006-06-01 14:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-04-01 20:50 . 2008-04-01 20:50 <DIR> d-------- C:\Drivers
2008-04-01 20:50 . 2001-11-05 10:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-04-01 20:50 . 2002-10-15 23:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-04-01 20:50 . 2001-07-03 21:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-04-01 20:50 . 2001-11-05 10:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-04-01 20:50 . 2001-11-05 10:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-04-01 20:50 . 2001-07-03 21:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-04-01 20:49 . 2008-04-01 20:49 <DIR> d-------- C:\Program Files\Sony Corporation
2008-04-01 20:49 . 2008-04-01 20:49 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-04-01 20:30 . 2004-08-10 07:47 46,208 --a------ C:\WINDOWS\system32\drivers\IrBus.sys
2008-04-01 20:30 . 2004-08-04 04:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-01 20:30 . 2004-08-10 07:47 17,024 --a------ C:\WINDOWS\system32\drivers\hidir.sys
2008-04-01 20:30 . 2004-08-04 02:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 19:45 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-01 19:45 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-01 19:44 . 2008-04-01 19:44 <DIR> d-------- C:\Documents and Settings\alex parish\Application Data\Research In Motion
2008-04-01 19:43 . 2008-04-01 19:43 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 12:25 --------- d-----w C:\Program Files\Google
2008-04-12 12:14 --------- d-----w C:\Program Files\Java
2008-04-04 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-04-02 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-01 21:39 --------- d-----w C:\Program Files\Sony
2008-04-01 21:38 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-04-01 21:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_22.34.54.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 02:32:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 14:13:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461556C4-13BB-4740-A683-F22474A579F9}]
C:\WINDOWS\nslbvxpgpbw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{340FFF53-1D47-41B1-93F3-CC8276227C29}"= "C:\WINDOWS\sgoblxtm.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{340fff53-1d47-41b1-93f3-cc8276227c29}]
[HKEY_CLASSES_ROOT\sgoblxtm.1]
[HKEY_CLASSES_ROOT\TypeLib\{31F44EB4-B527-4450-AE3C-DC9EDBB5D97A}]
[HKEY_CLASSES_ROOT\sgoblxtm]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-12 08:14 171448]
"qdfjsiff"="C:\WINDOWS\system32\ubejitqd.exe" [ ]
"iyuyzejk"="C:\WINDOWS\system32\hilorudu.exe" [2008-04-13 22:33 94208]
"tzjopojl"="C:\WINDOWS\system32\xgzatgzo.exe" [ ]
"agqrckvi"="C:\WINDOWS\system32\lwbsbkja.exe" [2008-04-16 07:01 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04 59392]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 11:15 344064]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 19:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17 53248]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 21:44 2744832 C:\WINDOWS\ALCWZRD.EXE]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 22:54 151552]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2004-08-19 18:07 331776]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:54 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 15:35 70800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-07 06:28 413696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-12-14 18:17:12 1212416]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-04-01 20:49:54 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-04-01 20:49:52 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"fKYrUblAXI"= C:\Documents and Settings\All Users\Application Data\qjwrarot\iderorgj.exe
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 12:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-12 03:04:59 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - alex parish.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-04-01 20:36:23 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-16 14:15:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-16 10:30:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-16 10:30:42
ComboFix-quarantined-files.txt 2008-04-16 14:30:37
ComboFix2.txt 2008-04-16 13:59:11
ComboFix3.txt 2008-04-14 02:35:11
Pre-Run: 189,839,306,752 bytes free
Post-Run: 189,826,416,640 bytes free
.
2008-04-12 12:45:14 --- E O F ---