Welllll, I
do still believe in maracles so let's give it a go!
Here's the log you requested:-
ComboFix log:-
"Shaun" - 2007-06-04 20:37:28 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "F:\Downloads\"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\start.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))
2007-06-04 12:03 12,484 --a------ C:\dnsbak.reg
2007-06-02 16:06 <DIR> d-------- C:\WINDOWS\pss
2007-06-02 12:28 <DIR> d-------- C:\DOCUME~1\Shaun\.SunDownloadManager
2007-05-30 12:34 <DIR> d-------- C:\Program Files\WinPFind3u
2007-05-29 11:28 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-05-28 17:12 <DIR> d-------- C:\DOCUME~1\Shaun\.idlerc
2007-05-28 17:09 <DIR> d-------- C:\Python25
2007-05-27 13:02 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-05-27 12:41 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-05-27 12:33 <DIR> d-------- C:\Program Files\HJThis
2007-05-25 21:14 <DIR> d-------- C:\DOCUME~1\Shaun\APPLIC~1\Wrensoft
2007-05-25 21:13 <DIR> d-------- C:\Program Files\Zoom Search Engine 5.0
2007-05-20 10:56 <DIR> d-------- C:\DOCUME~1\Shaun\APPLIC~1\Nvu
2007-05-20 10:55 <DIR> d-------- C:\Program Files\Nvu
2007-05-18 15:56 <DIR> d-------- C:\DOCUME~1\Shaun\APPLIC~1\Management-Ware
2007-05-18 15:55 <DIR> d-------- C:\DOCUME~1\Shaun\APPLIC~1\Management-Ware Solutions Inc
2007-05-13 21:13 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2007-05-13 21:12 <DIR> d-------- C:\DOCUME~1\Shaun\APPLIC~1\PassMark
2007-05-13 21:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-13 21:11 <DIR> d-------- C:\Program Files\PerformanceTest
2007-05-08 19:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-04 19:51:38 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\MailWasherPro
2007-06-04 19:51:22 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-04 19:51:13 -------- d-----w C:\Program Files\SpeedFan
2007-06-04 12:55:11 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-06-04 12:55:11 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-06-04 12:55:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-06-02 11:14:32 -------- d-----w C:\Program Files\Common Files\Real
2007-06-02 11:13:29 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\Google
2007-06-02 10:56:53 2,608 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-01 15:33:38 14,511 ----a-w C:\WINDOWS\mozver.dat
2007-05-31 14:34:39 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-26 21:55:48 -------- d-----w C:\Program Files\mIRC
2007-05-23 11:18:45 -------- d-----w C:\Program Files\Opera
2007-05-21 13:40:18 65,344 ----a-w C:\DOCUME~1\Shaun\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-20 12:23:52 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\uTorrent
2007-05-19 22:50:50 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\gtk-2.0
2007-05-18 17:43:38 -------- d-----w C:\Program Files\XanaNews
2007-05-13 11:33:52 -------- d-----w C:\Program Files\QuickTime
2007-05-13 11:32:04 -------- d-----w C:\Program Files\Apple Software Update
2007-05-13 11:27:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-02 19:41:11 2,496 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-30 17:48:17 -------- d-----w C:\Program Files\Webroot
2007-04-30 17:46:20 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\Webroot
2007-04-29 09:54:22 -------- d-----w C:\Program Files\MSXML 6.0
2007-04-26 22:02:34 14,084 ----a-w C:\DOCUME~1\Shaun\APPLIC~1\ViewerApp.dat
2007-04-26 14:49:46 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-04-26 14:12:34 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\Thunderbird
2007-04-26 13:26:39 -------- d-----w C:\Program Files\Sony Corporation
2007-04-26 13:26:30 -------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-04-25 19:36:18 164 ----a-w C:\install.dat
2007-04-24 15:28:59 -------- d-----w C:\Program Files\Common Files\ISpell
2007-04-24 13:03:35 -------- d-----w C:\Program Files\IrfanView
2007-04-24 08:50:17 -------- d-----w C:\DOCUME~1\Shaun\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-30 05:47:45 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-23 05:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2007-03-22 19:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 23:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-08 23:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-02-24 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar_en_3.0.131-deleon.dll [2006-02-14 20:05]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 C:\WINDOWS\mixer.exe]
"nwiz"="nwiz.exe" [2005-06-15 17:20 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\ppe.exe" [2002-06-25 15:35]
"SystemTray"="SysTray.Exe" [2001-08-23 13:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" [2005-05-27 14:23]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 01:04]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 13:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [2006-01-01 16:08]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-02 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Directory Opus Desktop Dblclk"="C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" [2007-06-01 17:29]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"=rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"="C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll" [2007-06-01 17:29]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 15:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"Gainward"=C:\WINDOWS\TBPanel.exe /A
"ICSMGR"=ICSMGR.EXE
"C-Media Mixer"=Mixer.exe /startup
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"Pop-Up Stopper"="C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
2007-05-30 17:59:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-04 19:52:11 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-01 21:00:14 C:\WINDOWS\tasks\wrSpySweeper_L0885B4742CF64541A439C08E989DC867.job
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-04 20:49:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-04 21:00:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-04 21:00
--- E O F ---
Many thanks John,
Shaun