okay, here are the new logs
COMBO FIX:
ComboFix 08-03-30.1 - Owner 2008-03-31 1:57:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238 [GMT 1:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 01:24 . 2008-03-31 01:24 98,304 --a------ C:\WINDOWS\system32\pypadwbw.exe
2008-03-30 23:14 . 2008-03-30 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-30 23:12 . 2008-03-30 23:14 <DIR> d-------- C:\Program Files\Xerox One Touch
2008-03-30 23:12 . 2002-10-09 14:06 888,832 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2008-03-30 23:12 . 2002-08-23 14:59 716,288 --a------ C:\WINDOWS\Ltwvc11n.dll
2008-03-30 23:12 . 2002-08-23 14:59 226,816 --a------ C:\WINDOWS\system32\ltefx11n.dll
2008-03-30 23:12 . 2008-03-30 23:13 752 --a------ C:\WINDOWS\maxlink.ini
2008-03-30 23:06 . 2008-03-30 23:21 270,336 --a------ C:\WINDOWS\IHelper.exe
2008-03-30 23:06 . 2008-03-30 23:21 663 --a------ C:\WINDOWS\fe.INI
2008-03-30 10:27 . 2008-03-30 10:27 94,208 --a------ C:\WINDOWS\system32\nspehwlk.exe
2008-03-29 22:33 . 2008-03-29 22:33 90,112 --a------ C:\WINDOWS\system32\ghanojsx.exe
2008-03-29 22:05 . 2008-03-29 22:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-29 22:04 . 2008-03-29 22:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 22:04 . 2008-03-29 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 22:44 . 2008-03-28 22:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 12:27 . 2008-03-27 23:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-27 12:27 . 2008-03-27 12:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-03-27 12:27 . 2007-12-10 15:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-27 12:27 . 2007-12-10 15:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-27 12:27 . 2007-12-10 15:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-27 12:27 . 2007-12-10 15:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-27 11:31 . 2008-03-31 01:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 02:40 . 2008-03-27 02:40 <DIR> d-a------ C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\WINDOWS
2008-03-27 02:40 . 2008-03-27 02:40 <DIR> d-a------ C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\Symantec
2008-03-27 02:40 . 2008-03-27 02:40 <DIR> d-a------ C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\SampleView
2008-03-27 02:40 . 2008-03-27 02:40 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\InterVideo
2008-03-27 02:40 . 2008-03-27 02:40 <DIR> d-a------ C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\InterTrust
2008-03-27 02:38 . 2003-04-04 22:23 <DIR> d-a------ C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\VERITAS
2008-03-27 02:38 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.007\Application Data\MSN6
2008-03-26 20:39 . 2008-03-26 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\uvunotob
2008-03-26 20:39 . 2008-03-26 20:39 94,208 --a------ C:\WINDOWS\system32\uvsnermx.exe
2008-03-24 18:36 . 2008-03-24 18:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Mobipocket
2008-03-24 18:12 . 2008-03-24 18:12 <DIR> d-------- C:\Program Files\Mobipocket.com
2008-03-14 13:03 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.006\Application Data\VERITAS
2008-03-14 13:03 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.006\Application Data\MSN6
2008-03-14 08:48 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.005\Application Data\VERITAS
2008-03-14 08:48 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.005\Application Data\MSN6
2008-03-10 19:50 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.004\Application Data\VERITAS
2008-03-10 19:50 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.004\Application Data\MSN6
2008-03-04 13:20 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.003\Application Data\VERITAS
2008-03-04 13:20 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.003\Application Data\MSN6
2008-03-01 13:18 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.002\Application Data\VERITAS
2008-03-01 13:18 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.002\Application Data\MSN6
2008-02-23 14:52 . 2003-04-04 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.000\Application Data\VERITAS
2008-02-23 14:52 . 2003-09-10 17:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-5MJAFE1HD3.000\Application Data\MSN6
2008-02-21 21:22 . 2008-02-22 01:24 <DIR> d-------- C:\Documents and Settings\Owner\Praat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-30 22:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-03-30 22:12 --------- d-----w C:\Program Files\ScanSoft
2008-03-30 22:12 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-29 08:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-28 14:01 3,794 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-27 12:18 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-27 03:11 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-27 01:40 --------- d---a-w C:\Program Files\Symantec
2008-03-26 21:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-26 21:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-26 21:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-26 21:09 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-26 21:08 --------- d---a-w C:\Program Files\Common Files\Symantec Shared
2008-03-26 08:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-22 15:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-18 00:39 --------- d-----w C:\Program Files\Kontiki
2008-01-30 15:22 --------- d-----w C:\Program Files\QuickTime
2008-01-30 15:20 --------- d-----w C:\Program Files\iTunes
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-11-23 14:58 40,160 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-26 18:00 25,600 -c--a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2006-10-26 18:00 22,768 -c--a-w C:\Documents and Settings\Owner\usbsermpt.sys
2002-10-09 13:06 286,720 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 13:06 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2002-10-09 09:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 14:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-08-23 13:58 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2004-12-05 23:31 56 -csh--r C:\WINDOWS\system32\1BB6D875F5.sys
2005-01-11 10:16 5,224 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-31_ 1.12.33.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-31 00:21:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"ILO_Office_Manager"="IntEdReg.exe" [2002-10-15 01:30 53760 C:\WINDOWS\system32\intedreg.exe]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 22:54 961536]
"System Mechanic Popup Stopper"="C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-09-21 22:36 43520]
"bold joy"="C:\DOCUME~1\Owner\APPLIC~1\DEAFEN~1\pure city flap.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 16:16 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-21 18:51 3481600]
"oxtkanlp"="C:\WINDOWS\system32\uvsnermx.exe" [2008-03-26 20:39 94208]
"vvyvbbhe"="C:\WINDOWS\system32\ghanojsx.exe" [2008-03-29 22:33 90112]
"qbzpjzvm"="C:\WINDOWS\system32\nspehwlk.exe" [2008-03-30 10:27 94208]
"cllkqcvf"="C:\WINDOWS\system32\pypadwbw.exe" [2008-03-31 01:24 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intense Registry Service"="IntEdReg.exe" [2002-10-15 01:30 53760 C:\WINDOWS\system32\intedreg.exe]
"PDUiP6000DMon"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" [2004-05-31 14:26 57344]
"PDUiP6000DTskbr"="C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" [2004-05-28 10:29 69632]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"RecSche"="C:\Program Files\TVR\RecSche.exe" [ ]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" [ ]
"ScanRegistry"="C:\W" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 12:30 53408]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-14 00:29 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-17 08:48 1838592]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"ABOUTSUPPORT4THIRD"="C:\Documents and Settings\All Users\Application Data\ProxyRealAboutSupport\uploadplatform.exe" [ ]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50 36864]
"PP8 Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-09-26 07:06 57344]
"OneTouch Monitor"="C:\Program Files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 16:14 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - C:\Program Files\BELKIN\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 02:00:00 65588]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-07-27 18:21:12 217088]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-07-17 14:17:26 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"8FVMAWkN4w"= C:\Documents and Settings\All Users\Application Data\uvunotob\yrslozsb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk
backup=C:\WINDOWS\pss\Belkin 11Mbps Wireless Desktop Network Card Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-05 07:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-04-12 12:30 53408 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2002-10-16 21:05 114688 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-08 07:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]
--a--c--- 2002-10-26 06:33 69632 C:\Program Files\USB Storage RW\shwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2005-09-23 12:21 120464 c:\PROGRA~1\NORTON~1\Cfgwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a--c--- 2002-12-12 17:00 798789 C:\WINDOWS\system32\nview.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2002-12-12 17:00 319488 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-08-01 03:28 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-14 12:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2002-06-18 22:01 155648 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
C:\Program Files\Coloreal\coloreal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\__Res]
c:\hp\bin\cloaker c:\hp\bin\SetRes\SetRes.bat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\WINDOWS\system32\DRIVERS\BEL6001P.sys [2002-11-07 04:43]
S2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S3 BTUsbrXP®;BT Voyager 1010 USB Adapter;C:\WINDOWS\system32\DRIVERS\btusbrxp.sys []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\System32\DRIVERS\COMFiltr.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 22:34]
S3 TSClient;Tatara Protocol Driver;C:\WINDOWS\system32\drivers\tsclient.sys []
S3 USBFVNETR;Belkin 11Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2001-10-31 21:50]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01]
S4 Msfudio;Msfudio;C:\WINDOWS\System32\drivers\alcdxg.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 01:00:00 C:\WINDOWS\Tasks\859EAD20919149A0.job"
- c:\docume~1\owner\applic~1\deafen~1\
01 bin upload.exe
"2008-03-24 13:18:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-28 21:10:42 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-31 02:00:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 2008-03-31 2:01:03
ComboFix-quarantined-files.txt 2008-03-31 01:00:47
ComboFix2.txt 2008-03-31 00:18:48
Pre-Run: 16,814,837,760 bytes free
Post-Run: 16,794,845,184 bytes free
.
2008-03-16 15:03:55 --- E O F ---
HIJACK LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03:23, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\All Users\Application Data\uvunotob\yrslozsb.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\uvsnermx.exe
C:\Program Files\BELKIN\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ABOUTSUPPORT4THIRD] C:\Documents and Settings\All Users\Application Data\ProxyRealAboutSupport\uploadplatform.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4\PopupStopper.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [bold joy] C:\DOCUME~1\Owner\APPLIC~1\DEAFEN~1\pure city flap.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [oxtkanlp] C:\WINDOWS\system32\uvsnermx.exe
O4 - HKCU\..\Run: [vvyvbbhe] C:\WINDOWS\system32\ghanojsx.exe
O4 - HKCU\..\Run: [qbzpjzvm] C:\WINDOWS\system32\nspehwlk.exe
O4 - HKCU\..\Run: [cllkqcvf] C:\WINDOWS\system32\pypadwbw.exe
O4 - HKLM\..\Policies\Explorer\Run: [8FVMAWkN4w] C:\Documents and Settings\All Users\Application Data\uvunotob\yrslozsb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\BELKIN\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search -
http://kl.bar.need2f...earch.html?p=KLO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail....es/MSNPUpld.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1157916875656O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft...tail/DASAct.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 12209 bytes
This topic is locked
Sign In
Create Account
