Thanks for the reply. I have downloaded and run combofix - however, I had forgotten that long ago I had installed the Windows Recovery Console (since I purchased this computer with XP pre-loaded and don't have the disk), so when I dragged the WRC icon onto the ComboFix icon, it launched the program before I realized to shut down my antivirus and firewall. It scanned fine and with no problems, but if the running AV and firewall will mess up the log, I can rerun and post again.
In the meantime, here is the log...
ComboFix 08-12-06.06 - Owner 2008-12-07 13:09:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.542 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common\helper.sig
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-05 13:38 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-03 16:26 . 2008-12-03 16:25 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-03 08:02 . 2008-12-03 08:02 250 --a------ c:\windows\gmer.ini
2008-11-25 17:35 . 2008-12-07 13:10 <DIR> d-------- c:\program files\Common
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 03:51 --------- d-----w c:\program files\gmax
2008-12-05 00:16 --------- d-----w c:\program files\SpeedFan
2008-12-04 00:25 --------- d-----w c:\program files\Java
2008-12-02 21:48 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-02 18:00 --------- d-----w c:\program files\SecCopy
2008-12-01 22:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-13 19:30 1,411,584 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-10 22:32 --------- d-----w c:\program files\Games
2008-11-06 18:09 1,394,176 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-03 21:34 --------- d-----w c:\program files\Firefly Studios
2008-10-31 23:29 631 ----a-w c:\windows\Fonts\readme.txt
2008-10-31 23:28 422 ----a-w c:\windows\Fonts\DEUTSCH.TXT
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 01:13 --------- d-----w c:\program files\Zone Labs
2008-10-14 18:10 --------- d-----w c:\program files\Trend Micro
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2004-06-15 04:03 0 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy 2000"="c:\progra~1\SecCopy\SecCopy.exe" [2001-09-17 1134080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-12-11 53248]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-21 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-06 188416]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Propel Accelerator"="c:\program files\DSL Extreme X-Dial Accelerator\trayctl.exe" [2005-03-07 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 32768]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-01 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-01 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2004-06-11 36953]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2004-03-07 65588]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-10-03 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\MP3POW~1\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-30 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-02 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-30 76040]
S3 nenum13E;nenum13E;\??\c:\docume~1\Owner\LOCALS~1\Temp\nenum13E.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection c:\program files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-12-01 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#240#CN36F130NG6Q.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 12:45]
2008-12-05 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-05-22 05:03]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RecordNow! - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uInternet Settings,ProxyOverride = localhost
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Allow pop-ups from this site - c:\program files\DSL Extreme X-Dial Accelerator\pac-addwl.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Refresh Pa&ge with Full Quality - c:\program files\DSL Extreme X-Dial Accelerator\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\DSL Extreme X-Dial Accelerator\pac-image.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
LSP: c:\program files\DSL Extreme X-Dial Accelerator\prplsf.dll
TCP: {9F06EE57-57D1-454D-B697-163DC721F333} = 192.168.2.1,192.168.2.2
c:\windows\Downloaded Program Files\WBEtoolsAX.dll - O16 -: Web-Based Email Tools
hxxp://email.secureserver.net/Download.CAB
c:\windows\Downloaded Program Files\OSD2CBF.OSD
c:\windows\Downloaded Program Files\OneCC.dll - O16 -: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=eb9bd6a79bd90545629244b92d314bf2&url=http%3A%2F%2Fd.69.25.47.79.downloads.estara.com.%2Fas%2FOneCCDM.php&template=62035&sessionid=1387364455_69.25.47.79_42934&=&req=1159550798343OneCC.cab
c:\windows\Downloaded Program Files\OneCC.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-07 13:22:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\avgrsstx.dll
c:\program files\DSL Extreme X-Dial Accelerator\prplsf.dll
.
Completion time: 2008-12-07 13:24:48
ComboFix-quarantined-files.txt 2008-12-07 21:23:30
Pre-Run: 11,621,236,736 bytes free
Post-Run: 12,178,649,088 bytes free
187 --- E O F --- 2008-11-12 22:53:16