[rupertdigby]

should i connect to the internet with the sick computer or just put the cfscript and combo fix on the desk top from the flash drive? what do i do if cf needs to update? nothing appears to be on the flash drive anymore

[Advertisements]

all seams to be running as described. connected to the internet, all pop ups occurred and clicked yes, created a recovery console, rebooted and is preparing a log

[rupertdigby]

all seams to be running as described. connected to the internet, all pop ups occurred and clicked yes, created a recovery console, rebooted and is preparing a log

[rupertdigby]

ComboFix 11-01-31.02 - Rnady Barron 02/02/2011 20:58:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.481 [GMT -5:00]
Running from: c:\documents and settings\Rnady Barron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rnady Barron\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Slizilizodo.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Slizilizodo.bin
c:\windows\system32\ms.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-02 22:03 . 2001-08-17 18:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-02-02 22:02 . 2001-08-17 17:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2011-02-02 22:01 . 2001-08-17 17:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-02-02 21:57 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-02-02 19:43 . 2011-02-02 19:43 507904 ------w- c:\windows\system32\winlogon.exe
2011-01-29 15:25 . 2011-01-29 15:25 -------- d-sh--w- c:\documents and settings\Rnady Barron\IECompatCache
2011-01-28 22:38 . 2011-01-28 22:38 -------- d-----w- C:\_OTM
2011-01-28 18:12 . 2011-01-28 18:12 -------- d-sh--w- c:\documents and settings\Rnady Barron\PrivacIE
2011-01-28 15:20 . 2011-01-28 15:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-28 15:19 . 2011-01-28 15:19 -------- d-sh--w- c:\documents and settings\Rnady Barron\IETldCache
2011-01-28 15:07 . 2011-01-28 15:09 -------- dc-h--w- c:\windows\ie8
2011-01-28 15:04 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-28 15:03 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-28 15:03 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-28 15:03 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-28 15:03 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-28 15:03 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-28 15:03 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-28 15:03 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-28 13:53 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8E29306B-EDFA-47F8-9507-10EBF53CA530}\mpengine.dll
2011-01-26 18:38 . 2011-01-26 18:38 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\DriverCure
2011-01-26 18:38 . 2011-01-26 18:38 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\ParetoLogic
2011-01-26 18:38 . 2011-01-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-01-26 15:58 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-26 15:58 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-26 15:58 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-26 15:58 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-26 15:58 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-26 15:58 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-26 15:58 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-26 15:58 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-26 15:58 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-25 15:21 . 2011-01-25 15:21 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\AVG8
2011-01-21 17:52 . 2011-01-29 17:00 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\FixCleaner
2011-01-21 17:51 . 2011-01-29 17:00 -------- d-----w- c:\program files\FixCleaner
2011-01-21 03:20 . 2011-01-21 03:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-01-21 02:22 . 2011-01-21 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-21 01:07 . 2011-01-21 01:07 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-20 22:11 . 2011-01-21 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-20 22:04 . 2011-01-20 22:04 -------- d--h--w- c:\windows\PIF
2011-01-20 21:22 . 2011-01-20 21:22 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-01-20 18:47 . 2011-02-02 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-01-20 18:37 . 2011-01-21 03:03 -------- d-sh--w- c:\documents and settings\Rnady Barron\Application Data\Desktop
2011-01-20 18:37 . 2011-01-20 18:37 190976 ---h--w- c:\temp\8a702136-2fcf-42b5-a671-c7b38facb426\OfferApp-2492.exe
2011-01-13 03:20 . 2008-04-13 19:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2011-01-13 02:56 . 2011-01-13 02:56 -------- d-----w- c:\program files\directx
2011-01-13 02:54 . 2011-01-13 02:54 -------- d-----w- c:\program files\PIXELA
2011-01-13 02:52 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-01-13 02:52 . 2011-01-13 04:05 -------- d-----w- c:\documents and settings\drivers\SonyUSB
2011-01-13 02:52 . 2001-11-05 14:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2011-01-13 02:52 . 2001-11-05 14:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2011-01-13 02:52 . 2001-11-05 14:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2011-01-13 02:52 . 2001-07-04 01:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2011-01-13 02:52 . 2001-07-04 01:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-02-11 22:39 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-20 23:09 . 2010-01-21 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-21 04:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-06-30 16:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\UserData ----

2011-01-20 21:22 . 2011-01-20 21:20 16384 ----a-w- c:\documents and settings\LocalService\UserData\index.dat

---- Directory of c:\documents and settings\Rnady Barron\Application Data\Desktop ----


---- Directory of c:\windows\system32\%APPDATA% ----

2011-01-21 01:07 . 2011-01-21 01:07 86 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.log
2011-01-21 01:07 . 2010-07-07 09:45 31743 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data1.hdr
2011-01-21 01:07 . 2010-07-07 09:44 234304 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.inx
2011-01-21 01:07 . 2010-06-14 15:06 165 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.iss
2011-01-21 01:07 . 2009-06-10 11:57 550192 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.ocx
2011-01-21 01:07 . 2009-05-21 12:53 21494 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\0x0409.ini
2011-01-21 01:07 . 2010-06-14 15:32 152 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\config.txt
2011-01-21 01:07 . 2010-07-07 09:45 473 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\layout.bin
2011-01-21 01:07 . 2010-07-07 09:44 1178 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.ini
2011-01-21 01:07 . 2010-07-07 09:45 3525401 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data2.cab
2011-01-21 01:07 . 2010-07-07 09:45 567840 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data1.cab


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-10 13:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 15:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 04:41 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 04:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 04:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2006-10-30 11:39 57344 ----a-w- c:\program files\Quicken\bagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LVCOMSer"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [1/12/2011 9:52 PM 6097]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2011 10:58 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2011 10:58 AM 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [1/12/2011 9:52 PM 299923]
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2011-02-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/today/Marietta+GA+30062
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: The Browser Highlighter: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 21:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8048)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-02-02 21:10:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-03 02:10
ComboFix2.txt 2011-02-03 00:51

Pre-Run: 49,584,033,792 bytes free
Post-Run: 49,521,639,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7136835F525A22C16F0C88316440AAC5

[rupertdigby]

what's next to clean this machine

[rupertdigby]

mbam log


ComboFix 11-01-31.02 - Rnady Barron 02/02/2011 20:58:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.481 [GMT -5:00]
Running from: c:\documents and settings\Rnady Barron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rnady Barron\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Slizilizodo.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Slizilizodo.bin
c:\windows\system32\ms.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-02 22:03 . 2001-08-17 18:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-02-02 22:02 . 2001-08-17 17:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2011-02-02 22:01 . 2001-08-17 17:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-02-02 21:57 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-02-02 19:43 . 2011-02-02 19:43 507904 ------w- c:\windows\system32\winlogon.exe
2011-01-29 15:25 . 2011-01-29 15:25 -------- d-sh--w- c:\documents and settings\Rnady Barron\IECompatCache
2011-01-28 22:38 . 2011-01-28 22:38 -------- d-----w- C:\_OTM
2011-01-28 18:12 . 2011-01-28 18:12 -------- d-sh--w- c:\documents and settings\Rnady Barron\PrivacIE
2011-01-28 15:20 . 2011-01-28 15:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-28 15:19 . 2011-01-28 15:19 -------- d-sh--w- c:\documents and settings\Rnady Barron\IETldCache
2011-01-28 15:07 . 2011-01-28 15:09 -------- dc-h--w- c:\windows\ie8
2011-01-28 15:04 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-28 15:03 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-28 15:03 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-28 15:03 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-28 15:03 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-28 15:03 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-28 15:03 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-28 15:03 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-28 13:53 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8E29306B-EDFA-47F8-9507-10EBF53CA530}\mpengine.dll
2011-01-26 18:38 . 2011-01-26 18:38 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\DriverCure
2011-01-26 18:38 . 2011-01-26 18:38 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\ParetoLogic
2011-01-26 18:38 . 2011-01-26 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-01-26 15:58 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-26 15:58 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-26 15:58 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-26 15:58 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-26 15:58 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-26 15:58 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-26 15:58 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-26 15:58 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-26 15:58 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-25 15:21 . 2011-01-25 15:21 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\AVG8
2011-01-21 17:52 . 2011-01-29 17:00 -------- d-----w- c:\documents and settings\Rnady Barron\Application Data\FixCleaner
2011-01-21 17:51 . 2011-01-29 17:00 -------- d-----w- c:\program files\FixCleaner
2011-01-21 03:20 . 2011-01-21 03:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-01-21 02:22 . 2011-01-21 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-21 01:07 . 2011-01-21 01:07 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-20 22:11 . 2011-01-21 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-20 22:04 . 2011-01-20 22:04 -------- d--h--w- c:\windows\PIF
2011-01-20 21:22 . 2011-01-20 21:22 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-01-20 18:47 . 2011-02-02 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-01-20 18:37 . 2011-01-21 03:03 -------- d-sh--w- c:\documents and settings\Rnady Barron\Application Data\Desktop
2011-01-20 18:37 . 2011-01-20 18:37 190976 ---h--w- c:\temp\8a702136-2fcf-42b5-a671-c7b38facb426\OfferApp-2492.exe
2011-01-13 03:20 . 2008-04-13 19:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2011-01-13 02:56 . 2011-01-13 02:56 -------- d-----w- c:\program files\directx
2011-01-13 02:54 . 2011-01-13 02:54 -------- d-----w- c:\program files\PIXELA
2011-01-13 02:52 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-01-13 02:52 . 2011-01-13 04:05 -------- d-----w- c:\documents and settings\drivers\SonyUSB
2011-01-13 02:52 . 2001-11-05 14:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2011-01-13 02:52 . 2001-11-05 14:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2011-01-13 02:52 . 2001-11-05 14:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2011-01-13 02:52 . 2001-07-04 01:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2011-01-13 02:52 . 2001-07-04 01:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-02-11 22:39 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-20 23:09 . 2010-01-21 04:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-21 04:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-06-30 16:59 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\LocalService\UserData ----

2011-01-20 21:22 . 2011-01-20 21:20 16384 ----a-w- c:\documents and settings\LocalService\UserData\index.dat

---- Directory of c:\documents and settings\Rnady Barron\Application Data\Desktop ----


---- Directory of c:\windows\system32\%APPDATA% ----

2011-01-21 01:07 . 2011-01-21 01:07 86 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.log
2011-01-21 01:07 . 2010-07-07 09:45 31743 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data1.hdr
2011-01-21 01:07 . 2010-07-07 09:44 234304 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.inx
2011-01-21 01:07 . 2010-06-14 15:06 165 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.iss
2011-01-21 01:07 . 2009-06-10 11:57 550192 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.ocx
2011-01-21 01:07 . 2009-05-21 12:53 21494 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\0x0409.ini
2011-01-21 01:07 . 2010-06-14 15:32 152 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\config.txt
2011-01-21 01:07 . 2010-07-07 09:45 473 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\layout.bin
2011-01-21 01:07 . 2010-07-07 09:44 1178 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\setup.ini
2011-01-21 01:07 . 2010-07-07 09:45 3525401 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data2.cab
2011-01-21 01:07 . 2010-07-07 09:45 567840 ----a-w- c:\windows\system32\%APPDATA%\WhiteSmokeSetup\data1.cab


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-10 13:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 15:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 04:41 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 04:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 04:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2006-10-30 11:39 57344 ----a-w- c:\program files\Quicken\bagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LVCOMSer"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [1/12/2011 9:52 PM 6097]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2011 10:58 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2011 10:58 AM 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [1/12/2011 9:52 PM 299923]
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2011-02-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/today/Marietta+GA+30062
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: The Browser Highlighter: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: The Browser Highlighter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 21:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1462859062-1627159297-3116196774-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8048)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-02-02 21:10:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-03 02:10
ComboFix2.txt 2011-02-03 00:51

Pre-Run: 49,584,033,792 bytes free
Post-Run: 49,521,639,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7136835F525A22C16F0C88316440AAC5

[SweetTech]

Hello,

It appears you posted the ComboFix log instead of the MBAM log in your previous post.

I'd like to see a copy of the MBAM log.

Malwarebytes' Anti-Malware

• Open Malwarebytes' Anti-Malware
• Select the Logs tab
• Click on the latest log. The bottom most log is the latest
• Click Open
• Notepad will open. Please post this log in your next reply.

NEXT:




OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  c:\windows\system32\%APPDATA%
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

[rupertdigby]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5663

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/2/2011 9:34:21 PM
mbam-log-2011-02-02 (21-34-21).txt

Scan type: Quick scan
Objects scanned: 157211
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[SweetTech]

Do you have the OTL fix log?

Lets run a few additional scans to make sure nothing else is hiding.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:


Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[rupertdigby]

the otl is rebooting.

i want to c;ean up another dell inspiron 6000. i don't have a clue if there is a recovery console. will i run the same combofix and otl on it?

[rupertdigby]

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\%APPDATA%\WhiteSmokeSetup folder moved successfully.
c:\windows\system32\%APPDATA% folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Rnady Barron\Desktop\repairs\cmd.bat deleted successfully.
C:\Documents and Settings\Rnady Barron\Desktop\repairs\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3504874 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: drivers

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1491078 bytes
->FireFox cache emptied: 3531483 bytes
->Flash cache emptied: 41822 bytes

User: NetworkService
->Temp folder emptied: 2762 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 8156 bytes
->Flash cache emptied: 39577 bytes

User: Rnady Barron
->Temp folder emptied: 30955290 bytes
->Temporary Internet Files folder emptied: 18171660 bytes
->Java cache emptied: 89776196 bytes
->FireFox cache emptied: 103268199 bytes
->Flash cache emptied: 363992 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1264665 bytes
%systemroot%\System32 .tmp files removed: 1768465 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 639854 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 8774186 bytes

Total Files Cleaned = 252.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: drivers

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rnady Barron
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02032011_191021

Files\Folders moved on Reboot...
C:\Documents and Settings\Rnady Barron\Local Settings\Temporary Internet Files\Content.IE5\W21NXK6Y\background-banner-middle-v9[2].jpg moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Temporary Internet Files\Content.IE5\W21NXK6Y\background-banner-right-v9[1].jpg moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Temporary Internet Files\Content.IE5\W21NXK6Y\background_banner_green_50_v9[2].jpg moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Temporary Internet Files\Content.IE5\TBFJF1SI\background_button_green_full[1].png moved successfully.
C:\Documents and Settings\Rnady Barron\Local Settings\Temporary Internet Files\Content.IE5\NJXF6ESZ\list-item-plus[1].png moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File\Folder C:\WINDOWS\temp\TMP0000000EA37176375A81BDD2 not found!

Registry entries deleted on Reboot...

[SweetTech]

Not necessarily. ComboFix is not a tool that you normally run on your own.

You'll need to create a new thread with an OTL log and a description of the issues your experiencing with them.

[rupertdigby]

the eset takes along time scan right? i turned of the avast and a fire fox add on no script that i found here. should i have done any thing else. it is connected to the net

[SweetTech]

Nope, that's fine. It can take a bit of time to run.

[rupertdigby]

C:\Qoobox\Quarantine\C\Documents and Settings\Rnady Barron\Application Data\net.bat.vir MSIL/Autorun.N worm
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Patched.GO trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir Win32/Bamital.DV trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000004.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000005.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000016.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000017.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001017.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001035.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0001036.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002030.exe Win32/Dursg.E trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002040.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002041.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002060.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002096.exe Win32/Dursg.E trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002292.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002293.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002310.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002311.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0002325.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004660.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004673.exe Win32/Patched.GO trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP15\A0004835.dll Win32/Bamital.DV trojan
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0002351.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0002386.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003385.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003400.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003401.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0003408.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0003445.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0003514.bat MSIL/Autorun.N worm
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP5\A0003516.bat MSIL/Autorun.N worm
C:\temp\8a702136-2fcf-42b5-a671-c7b38facb426\OfferApp-2492.exe Win32/Dursg.E trojan

[rupertdigby]

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 17
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````