Hi,
You're welcome. I'll copy the logs here and will get back to you when I've reviewed them. Please do not attach the logs unless specifically asked to do so. It makes it harder for us to review them.
ComboFix 08-12-07.04 - ANT 2008-12-08 23:32:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.238 [GMT 0:00]
Running from: c:\documents and settings\ANT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ANT\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\setup.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 21:07 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-04 17:32 . 2008-12-04 17:32 250 --a------ c:\windows\gmer.ini
2008-12-03 18:51 . 2008-12-03 18:51 <DIR> d-------- c:\program files\Common Files\Java
2008-11-30 09:34 . 2008-11-30 09:34 <DIR> d-------- c:\program files\Panda Security
2008-11-26 20:22 . 2008-12-02 14:38 <DIR> d-------- c:\program files\REAPER
2008-11-26 20:22 . 2008-12-03 18:51 <DIR> d-------- c:\documents and settings\ANT\Application Data\REAPER
2008-11-23 19:59 . 2008-11-23 19:59 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 15:26 . 2008-11-22 15:41 81 --a------ c:\windows\WB.ini
2008-11-22 15:13 . 2008-11-22 15:13 <DIR> d-------- c:\program files\Stardock
2008-11-22 15:13 . 2007-07-11 15:06 42,672 --a------ c:\windows\system32\wbsys.dll
2008-11-12 17:42 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:37 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 23:31 --------- d-----w c:\program files\PeerGuardian2
2008-12-08 23:15 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-08 18:15 --------- d-----w c:\program files\Mozilla Sunbird
2008-12-07 20:54 --------- d-----w c:\documents and settings\ANT\Application Data\uTorrent
2008-12-07 20:52 --------- d-----w c:\documents and settings\ANT\Application Data\foobar2000
2008-12-03 18:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 13:25 --------- d-----w c:\program files\Java
2008-11-29 17:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-29 17:54 --------- d-----w c:\program files\SpywareBlaster
2008-11-18 16:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-01 15:43 --------- d-----w c:\program files\AlbumArtDownloader
2008-10-29 21:03 --------- d-----w c:\documents and settings\ANT\Application Data\Mp3tag
2008-10-29 19:02 --------- d-----w c:\program files\Mp3tag
2008-10-25 19:17 --------- d-----w c:\documents and settings\ANT\Application Data\SharePod
2008-10-25 18:23 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-25 18:21 --------- d-----w c:\program files\iPod
2008-10-25 18:10 --------- d-----w c:\documents and settings\ANT\Application Data\Apple Computer
2008-10-25 17:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-23 136600]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-08-30 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-11-22 15:15 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTHelper"=CTHELPER.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTBatteryMeter"=c:\program files\VibrateGameDeviceDriver\RFPIcon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.5.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.8.4-enGB-downloader.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2234:TCP"= 2234:TCP:Soulseek
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-07 28544]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2004-08-18 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2004-08-18 19240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-09 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-09 20560]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2002-12-30 12160]
S2 Upsagent;Upsagent - UPS Monitor;c:\progra~1\Upsmon\Upsag_nt.exe []
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys []
S3 FNETNI2K;FNETNI2K Protocol Driver;\??\c:\windows\system32\FNETNI2K.SYS []
S3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);c:\windows\system32\DRIVERS\hcwPVRP2.sys [2004-12-16 814464]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4b38f8-6d49-11d9-8339-806d6172696f}]
\shell\play\command - "c:\program files\iTunes\iTunes.exe" /playCD "%L"
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2006-04-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Name of App - c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
Notify-AtiExtEvent - (no file)
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*
http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*
http://uk.search.yahoo.com/
IE: Convert To Image
IE: Download all with iGetter
IE: Download with iGetter
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {3F5168E6-379A-4F8A-8A1F-C5493F27BE69} = 192.168.1.1
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\ANT\Application Data\Mozilla\Firefox\Profiles\1ghrhp4a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\nptnt.dll
FF -: plugin - c:\program files\Panda Security\ActiveScan 2.0\npwrapper(2).dll
FF -: plugin - c:\program files\Panda Security\ActiveScan 2.0\npwrapper(3).dll
FF -: plugin - c:\program files\Panda Security\ActiveScan 2.0\npwrapper(4).dll
FF -: plugin - c:\program files\Panda Security\ActiveScan 2.0\npwrapper(5).dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-08 23:35:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgfilter]
"ImagePath"="\??\c:\program files\PeerGuardian2\pgfilter.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2008-12-08 23:36:41
ComboFix-quarantined-files.txt 2008-12-08 23:36:28
Pre-Run: 75,867,987,968 bytes free
Post-Run: 75,995,865,088 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
186 --- E O F --- 2008-11-12 18:00:48
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Advanced Diary v1.1 (Build 28)
Album Art Downloader XUI 0.19
AnyDVD
AsusUpdate
ATI Control Panel
ATI Display Driver
Audio Recorder for FREE v5.6
avast! Antivirus
AVG Anti-Spyware 7.5
CloneCD
CrossLoop 2.20
Dawn Of War
Dawn Of War - Winter Assault
Drive Manager
EasyCleaner
EVEREST Home Edition v1.10
Exact Audio Copy 0.95b3
foobar2000 v0.9.5.3
Hotfix for Windows XP (KB952287)
InFlac 1.1.1
iPod for Windows 2006-01-10
Ipswitch WS_FTP Professional 2006
Java(TM) 6 Update 10
Java(TM) 6 Update 7
Last.fm 1.5.1.29527
LG USB Modem driver
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.4)
Mozilla Sunbird (0.8)
Mozilla Thunderbird (2.0.0.18)
Mp3tag v2.42
MSXML 6.0 Parser (KB933579)
NVIDIA System Utility
NvMixer
Panda ActiveScan 2.0
PeerGuardian 2.0
Power Tab Editor 1.7
PowerDVD
REAPER
Reason 4.0
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
SpywareBlaster 4.1
Sygate Personal Firewall Pro
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VirtualCloneDrive
WebFldrs XP
WebReg
Winamp (remove only)
WindowBlinds
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Encoder 9 Series
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Zoo Tycoon 2 - Marine Mania