I used combofix and it seems to work; however, I'm not sure if it did the trick completely...Any help would be appreciated...
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Starware347
c:\documents and settings\All Users\Application Data\Starware347\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\pranks.bmp
c:\documents and settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware347\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware347\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware347\contexts\travel.xml
c:\documents and settings\Owner\Favorites\Online Security Test.url
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-3174833745-3462817390-458618091-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\Install.txt
c:\windows\system32\drivers\UACkrvkbgkxvmpxxslhr.sys
c:\windows\system32\Install.txt
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\UACbyuiqxdcimmtkltlt.dll
c:\windows\system32\UACdjlqrdhtmuijwnmqs.dat
c:\windows\system32\UACgcdefqhooruypdubr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiumlwxnivvibkbwqp.dll
c:\windows\system32\UACmrgqwiyiyoopptwlo.db
c:\windows\system32\UACrmrunvqltepwevssd.dll
c:\windows\system32\UACsxwbibjktrwnmagjs.dll
c:\windows\system32\uactmp.db
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_pcmstub
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.
2009-07-03 14:20 . 2009-06-24 21:15 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-03 14:20 . 2009-07-03 14:19 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-03 14:20 . 2009-07-03 14:19 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-03 14:20 . 2009-06-24 21:15 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-03 14:20 . 2009-06-24 21:15 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-03 14:20 . 2009-06-24 21:15 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-03 14:20 . 2009-06-24 21:15 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-03 14:20 . 2009-06-24 21:15 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-03 14:20 . 2009-06-24 21:15 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-03 14:19 . 2009-06-24 21:13 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-03 14:19 . 2009-06-24 21:13 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 01:34 . 2009-02-10 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-03 14:19 . 2009-02-10 03:25 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 21:15 . 2009-02-10 03:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 21:15 . 2009-02-10 03:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-08 03:08 . 2009-02-10 03:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2007-01-22 00:27 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2006-05-07 00:24 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2007-01-22 00:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2006-05-07 00:24 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-01-22 00:29 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-12-20 16:34 . 2007-01-23 05:00 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 16:34 . 2007-01-23 05:00 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 16:34 . 2007-01-24 04:22 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 16:34 . 2007-01-24 04:22 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 16:34 . 2007-01-23 05:00 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 21:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/9/2009 11:25 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/9/2009 11:25 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/9/2009 11:25 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/9/2009 11:25 PM 298776]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2/2/2009 8:54 PM 36224]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [1/21/2007 8:40 PM 69692]
S3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\FA31XND5.SYS [1/31/2009 9:24 PM 16007]
.
Contents of the 'Scheduled Tasks' folder
2009-07-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-04-08 13:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3524
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebse...?p=ZUxdm399YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8dnt2hq1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 23:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-929327701-3546639514-108031270-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:10,27,1c,08,b3,18,e4,2b,3a,1d,e3,7e,6f,1b,7b,96,c1,ae,1d,47,d3,a3,b9,
43,3e,bb,14,52,dc,d1,4d,95,75,ca,c6,3f,60,f7,65,8e,42,e6,a9,ea,25,83,09,e0,\
"??"=hex:39,78,07,68,49,0d,3b,32,f4,27,d3,f3,5c,36,15,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-07-12 23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-12 03:28
Pre-Run: 129,464,496,128 bytes free
Post-Run: 132,782,321,664 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
210 --- E O F --- 2009-06-30 13:53