Found the Quote info and have played with it in the past - just can't get it to work for me. Not sure if you're suppose to highlight the text and then select quote ( which doesn't work for me), or select Quote Reply before selecting Add Reply (also doesn't work). I can figure out some complex things at times, but this has me stumped...? Just not intuitive I guess.
Anyway, on to the repair - here's the log file after running ComboFix with the custom script. BTW, after launching ComboFix it asked if I wanted to download and use a newer version than the one I have, and I responded with no as I wasn't sure if the custom script was specific to the older version I have used.
ComboFix 11-03-12.01 - PJ 03/14/2011 15:46:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1588 [GMT -4:00]
Running from: c:\documents and settings\PJ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PJ\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
FILE ::
"c:\documents and settings\All Users\Application Data\iKjFoPc06300"
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-12 18:25 . 2011-03-12 18:25 -------- d-----w- C:\_OTL
2011-03-08 03:02 . 2011-03-11 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\iKjFoPc06300
2011-02-26 17:11 . 2011-02-26 17:11 -------- d-----w- c:\documents and settings\PJ\Local Settings\Application Data\Xenocode
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-09-10 17:11 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-09-10 17:11 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-09-10 17:11 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-09-10 17:11 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-09-10 17:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-09-10 17:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-09-10 17:11 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-09-10 17:11 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-09-10 17:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 11:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2010-08-20 19:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 11:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2010-08-20 19:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 11:00 389120 ----a-w- c:\windows\system32\html.iec
2010-02-25 22:56 . 2010-02-25 22:55 98181416 ----a-w- c:\program files\iTunesSetup.exe
2009-11-13 02:15 . 2009-11-13 02:15 4938616 ----a-w- c:\program files\Silverlight.exe
2009-11-05 16:12 . 2009-11-05 16:12 3218761 ----a-w- c:\program files\SetupSureCutsALot_2_005.exe
2008-06-29 18:12 . 2008-06-29 18:12 16535022 ----a-w- c:\program files\CDSInstaller.exe
2003-08-27 19:19 . 2005-03-26 16:56 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-05 180269]
"BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-11-29 221295]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-11-25 155715]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^PJ^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/10/2010 1:11 PM 294608]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\SYSTEM32\DRIVERS\eusk2par.sys [12/15/2007 8:02 PM 24786]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 SbFw;SbFw;c:\windows\SYSTEM32\DRIVERS\SbFw.sys [9/10/2010 1:18 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\SYSTEM32\DRIVERS\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/10/2010 1:11 PM 17744]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 EUCR;ENE USB Mass Storage;c:\windows\SYSTEM32\DRIVERS\EUCR6SK.sys [2/13/2006 2:23 PM 42240]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\SYSTEM32\DRIVERS\SbFwIm.sys [9/10/2010 1:18 PM 65576]
S2 gupdate1c9b1b792ea9b30;Google Update Service (gupdate1c9b1b792ea9b30);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2009 12:16 AM 133104]
S3 epppdt;EPSON 1394.3 Class;c:\windows\SYSTEM32\DRIVERS\epppdt.sys [6/18/2006 5:41 PM 31269]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows\SYSTEM32\DRIVERS\epppdtpr.sys [6/18/2006 5:41 PM 14457]
S3 eusk3usb;SmartKey 3 USB;c:\windows\SYSTEM32\DRIVERS\eusk3usb.sys [12/15/2007 8:02 PM 45534]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\SYSTEM32\DRIVERS\OlyCamComm.sys [12/9/2010 9:48 PM 21648]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys --> c:\windows\system32\DRIVERS\SPCP825K.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2011-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-17 03:23]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 04:15]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 04:15]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://www.docs.co.clay.mn.us/AppXtender/client/IrcViewer.cab
DPF: {89F1C7A1-B54C-406D-8CD6-901D277F6388} - hxxp://www.docs.co.clay.mn.us/AppXtender/client/IrcResultSet.cab
FF - ProfilePath - c:\documents and settings\PJ\Application Data\Mozilla\Firefox\Profiles\rj0t53qj.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-03-14 15:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1244)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-14 15:59:04
ComboFix-quarantined-files.txt 2011-03-14 19:58
ComboFix2.txt 2011-03-13 18:07
.
Pre-Run: 5,341,315,072 bytes free
Post-Run: 5,331,189,760 bytes free
.
- - End Of File - - D276BADCB254C657BC35D8F70EF335DE