lostonexxx

Wow quick reply

I transfered the CFScript file across to the pc in safe mode, rebooted into normal mode and tried the drag and drop. This caused the computer to freeze for about twenty minutes, before I rebooted into safe mode again. In safe mode it ran perfectly. The log follows.
I rebooted into normal mode to try and access the internet for the other scan. Iexplorer starts running according to task manager, but is not visible on screen. My computer now opens though, but it just has the little flashlight searching endlessly. The system is immensely slow in normal mode.

ComboFix 08-12-05.06 - Xander Cage 2008-12-06 13:33:18.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.388 [GMT 0:00]
Running from: d:\documents and settings\Xander Cage\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Xander Cage\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
d:\windows\system32\cwegus.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\cwegus.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-03 12:16 . 2008-12-03 12:17 250 --a------ d:\windows\gmer.ini
2008-12-03 11:49 . 2008-12-03 11:49 <DIR> d-------- d:\documents and settings\Xander Cage\Application Data\Malwarebytes
2008-12-03 11:48 . 2008-12-03 11:48 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-12-03 11:48 . 2008-12-03 11:48 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 11:48 . 2008-10-22 16:10 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 11:48 . 2008-10-22 16:10 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2008-12-02 01:39 . 2008-12-02 01:39 <DIR> d--h----- D:\$AVG8.VAULT$
2008-12-02 01:23 . 2008-12-02 01:23 10,520 --a------ d:\windows\system32\avgrsstx.dll
2008-12-02 01:22 . 2008-12-02 01:22 <DIR> d-------- d:\windows\system32\drivers\Avg
2008-12-02 01:22 . 2008-12-02 01:22 <DIR> d-------- d:\documents and settings\Xander Cage\Application Data\AVGTOOLBAR
2008-12-02 01:22 . 2008-12-02 01:22 97,928 --a------ d:\windows\system32\drivers\avgldx86.sys
2008-12-02 01:01 . 2008-12-02 01:26 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2008-11-26 00:59 . 2008-11-26 00:59 <DIR> d-------- d:\program files\Utherverse Digital Inc
2008-11-18 00:19 . 2008-11-18 00:19 <DIR> d-------- d:\program files\DownloadToolz
2008-11-15 18:50 . 2004-08-03 23:10 78,464 --a------ d:\windows\system32\drivers\usbvideo.sys
2008-11-15 18:50 . 2004-08-03 23:10 78,464 --a--c--- d:\windows\system32\dllcache\usbvideo.sys
2008-11-15 18:50 . 2004-08-04 00:56 20,992 --a------ d:\windows\system32\dshowext.ax
2008-11-15 18:50 . 2004-08-04 00:56 20,992 --a--c--- d:\windows\system32\dllcache\dshowext.ax
2008-11-15 01:23 . 2008-12-02 01:22 <DIR> d-------- d:\documents and settings\All Users\Application Data\Avg8
2008-11-12 17:34 . 2008-10-24 11:10 453,632 -----c--- d:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 00:57 --------- d-----w d:\documents and settings\Xander Cage\Application Data\uTorrent
2008-12-01 17:19 --------- d-----w d:\documents and settings\Xander Cage\Application Data\dvdcss
2008-11-15 01:28 --------- d-----w d:\program files\Logitech
2008-11-15 01:24 --------- d-----w d:\program files\Common Files\InstallShield
2008-10-30 17:27 --------- d-----w d:\program files\Pinnacle
2008-10-30 07:43 --------- d-----w d:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-30 07:31 --------- d-----w d:\program files\MSXML 4.0
2008-10-28 20:36 --------- d-----w d:\program files\Common Files\Logitech
2008-10-28 20:35 --------- d--h--w d:\program files\InstallShield Installation Information
2008-10-24 11:10 453,632 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-18 12:12 --------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft
2008-10-16 14:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w d:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-15 09:11 --------- d-----w d:\program files\MUSHclient
2008-10-13 02:22 --------- d-----w d:\program files\K-Lite Codec Pack
2008-09-30 16:43 1,286,152 ----a-w d:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w d:\windows\system32\win32k.sys
2008-09-14 22:39 43,520 ----a-w d:\windows\system32\CmdLineExt03.dll
2002-07-26 16:02 153,088 ----a-w d:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-03-02 98304]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"VMware hptray"="d:\program files\WebMediaViewer\hpmon.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-12-02 01:22 1261336 d:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 07:00 15360 d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 d:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 21:22 3739648 d:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
d:\program files\Logitech\Video\ManifestEngine.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
d:\program files\Logitech\Video\ISStart.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
d:\program files\Logitech\Video\LogiTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 d:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
d:\windows\system32\PSDrvCheck.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-02 13:59 98304 d:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
--a------ 2004-04-06 18:05 61440 d:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2004-04-23 11:00 192512 d:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"StarWindServiceAE"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928]
S2 A5C7DA6261682860;A5C7DA6261682860;\??\d:\documents and settings\Xander Cage\Desktop\A5C7DA6261682860\A5C7DA6261682860 []
S2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]
S2 LicCtrlService;LicCtrl Service;d:\windows\runservice.exe [2008-09-05 2560]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 13:36:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\A5C7DA6261682860]
"ImagePath"="\??\d:\documents and settings\Xander Cage\Desktop\A5C7DA6261682860\A5C7DA6261682860"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\A5C7DA6261682860]
"ImagePath"="\??\d:\documents and settings\Xander Cage\Desktop\A5C7DA6261682860\A5C7DA6261682860"
.
Completion time: 2008-12-06 13:38:20
ComboFix-quarantined-files.txt 2008-12-06 13:37:54
ComboFix2.txt 2008-12-06 12:12:35

Pre-Run: 1,949,175,808 bytes free
Post-Run: 1,937,850,368 bytes free

142 --- E O F --- 2008-11-13 11:27:07