Ok, what my problem was is that I had two folders on my USB Drive, one which apparently was an older folder and the other containing the newer download copy.
I was inadvertently copying over the older ComboFix.exe
Now the right one is on the desktop, and has processed. During the processing I did have a window pop up "windows is running is safe mode"
but the ComboFix script continued seemingly without interruption.
The PC rebooted on its own,
I forced F8 Safemode
Selected Administrator user
Got the regular complete Black screen "Safemode"
CTRL ALT DEL gives me task manager
File Run gpupdate returns desktop, and apparently is allowing ComboFix to finish
Got the Desktop popup window again indicating "Windows is running in Safe Mode, to proceed in safe mode press Yes"
Except I can see & hear that combofix is having a buffet of the hard drive so I figure I will wait until it's blue screen in the background indicates it's done before I click Yes to proceed in Safemode .......
The Log.txt screen has popped up, and my safemode box has disappeared along with my desktop.
I close the Log.txt and CTL ALT DEL and gpupdate and the desktop returns along with a recurring error box that reads.
/idlist,:428:1356,c:\windows\system32
Windows cannot find /idlist,:428:1356,c:\windows\system32
Make sure you typed ......
ComboFix 08-11-14.01 - Administrator 2008-11-15 23:22:57.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1787 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FILE ::
c:\windows\SYSTEM32\1112.dat
c:\windows\SYSTEM32\cnmhypvr.dll
c:\windows\system32\Drivers\Otx83.sys
c:\windows\SYSTEM32\ebkp.dll
c:\windows\system32\kcbgtcnu.dll
c:\windows\system32\mlljg.dll
c:\windows\SYSTEM32\oxvqlkrv.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LiveAntispy
c:\program files\LiveAntispy\LiveAntispy.lic
c:\windows\SYSTEM32\1112.dat
c:\windows\SYSTEM32\cnmhypvr.dll
c:\windows\system32\Drivers\Otx83.sys
c:\windows\SYSTEM32\ebkp.dll
c:\windows\system32\kcbgtcnu.dll
c:\windows\SYSTEM32\oxvqlkrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSISERVER
-------\Service_MSIServer
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
2008-11-15 21:26 . 2008-11-15 21:27 <DIR> d-------- C:\Old_ComboFix
2008-11-09 23:30 . 2008-11-09 23:30 <DIR> d-------- C:\rsit
2008-11-09 23:26 . 2008-11-09 23:26 <DIR> d-------- c:\program files\Trend Micro
2008-11-08 17:32 . 2008-11-08 17:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TrueCrypt
2008-11-08 16:19 . 2008-11-15 21:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 16:19 . 2008-11-15 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 15:47 . 2008-11-08 15:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 22:27 . 2008-11-09 22:54 250 --a------ c:\windows\gmer.ini
2008-11-07 00:23 . 2008-11-07 00:23 <DIR> d-------- c:\program files\CCleaner
2008-11-05 22:41 . 2008-11-05 22:42 <DIR> d-------- c:\windows\ERUNT
2008-11-05 22:35 . 2008-11-07 00:23 <DIR> d-------- C:\SDFix
2008-11-05 22:30 . 2008-11-05 22:30 <DIR> d-------- C:\ClamWinPortable
2008-11-05 22:28 . 2004-08-04 02:56 21,504 --a------ c:\windows\SYSTEM32\hidserv.dll
2008-11-05 22:28 . 2004-08-04 00:58 14,848 --a------ c:\windows\SYSTEM32\DRIVERS\kbdhid.sys
2008-11-05 22:28 . 2001-08-17 13:48 12,160 --a------ c:\windows\SYSTEM32\DRIVERS\mouhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 21:57 --------- d---a-w c:\program files\Lycos
2008-11-07 05:41 --------- d-----w c:\program files\Canon
2008-11-06 05:27 --------- d-----w c:\documents and settings\All Users\Application Data\mralotun
2001-06-20 20:19 40,960 ----a-w c:\program files\ACMonitor_X83.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Otx83.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Lan Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Lan Utility.lnk
backup=c:\windows\pss\Wireless Lan Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-10-30 11:01 392832 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-13 23:20 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-05-21 23:12 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-03-06 03:47 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-06-02 06:00 122880 c:\windows\BCMSMMSG.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
S0 Otx83;Otx83;c:\windows\system32\Drivers\Otx83.sys []
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\Drivers\usbscan.sys [2005-07-28 15104]
S2 IOPort;IOPort;\??\c:\windows\System32\DRIVERS\IOPORT.SYS [1998-11-27 6144]
S2 lxdc_device;lxdc_device;c:\windows\System32\lxdccoms.exe -service []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-24 24652]
S3 ADM8211;Wireless PC Card;c:\windows\system32\DRIVERS\WLANPCI.sys [2004-06-10 86656]
S3 TTUQNRGA;TTUQNRGA;c:\docume~1\ADMINI~1\LOCALS~1\Temp\TTUQNRGA.exe []
S3 WLANNDIS5;WLANNDIS5 NDIS Protocol Driver;\??\c:\progra~1\WIRELE~1\WLANNDIS5.SYS [2004-06-10 15872]
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3799CB4-CC4D-4367-AEF0-307D6EF89F7F} - c:\windows\system32\mlljg.dll
BHO-{b4c0d877-5bfc-4dae-b3ab-a80cb4af5d77} - c:\windows\system32\kcbgtcnu.dll
MSConfigStartUp-00d971c8 - c:\windows\system32\cnmhypvr.dll
MSConfigStartUp-BM03ea4254 - c:\windows\system32\oxvqlkrv.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-15 23:31:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-15 23:36:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 04:36:04
ComboFix2.txt 2008-11-10 03:39:36
Pre-Run: 63,227,719,680 bytes free
Post-Run: 63,219,433,472 bytes free
111