So I dragged and drop the text file CFScript.txt with the code you provided and I had to update Combofix.exe. After some time it produce a log. (log.txt)
Combofix logComboFix 11-04-04.01 - Work 04/04/2011 20:54:14.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.553 [GMT -4:00]
Running from: c:\documents and settings\Work\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Work\Desktop\CFScript.txt.txt
.
file zipped: c:\windows\UDB.zip
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Work\Application Data\Nebu
c:\documents and settings\Work\Local Settings\Application Data\{D4887D25-F5DF-4FDE-B99E-ACCEE339DC60}
c:\documents and settings\Work\Local Settings\Application Data\{D4887D25-F5DF-4FDE-B99E-ACCEE339DC60}\chrome.manifest
c:\documents and settings\Work\Local Settings\Application Data\{D4887D25-F5DF-4FDE-B99E-ACCEE339DC60}\chrome\content\_cfg.js
c:\documents and settings\Work\Local Settings\Application Data\{D4887D25-F5DF-4FDE-B99E-ACCEE339DC60}\chrome\content\overlay.xul
c:\documents and settings\Work\Local Settings\Application Data\{D4887D25-F5DF-4FDE-B99E-ACCEE339DC60}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-01 00:15 . 2011-04-01 16:45 -------- d-----w- c:\documents and settings\Work\Application Data\Axkoyz
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\Work\Application Data\Malwarebytes
2011-03-31 20:20 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 20:20 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 03:56 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52 . 2011-04-03 17:44 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:52 . 2011-04-05 01:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-31 03:51 . 2011-04-03 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-07 20:32 . 2011-03-07 20:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-07 20:32 . 2011-03-07 20:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 15:54 . 2011-03-31 03:56 2125 ----a-w- c:\windows\UDB.zip
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Work\Application Data\Axkoyz ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-03_23.24.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-05 01:03 . 2011-04-05 01:03 16384 c:\windows\Temp\Perflib_Perfdata_788.dat
+ 2008-08-09 14:32 . 2011-04-05 00:48 73418 c:\windows\system32\perfc009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 73418 c:\windows\system32\perfc009.dat
+ 2008-08-09 14:32 . 2011-04-05 00:48 445884 c:\windows\system32\perfh009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 445884 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
vavyb.exe [2011-3-31 82944]
.
c:\documents and settings\TONY\Start Menu\Programs\Startup\
iRotate.lnk - c:\program files\iRotate\iRotate.exe [2008-6-1 58104]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
viox.exe [2011-3-31 82944]
.
c:\documents and settings\Work\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIZMO2]
2008-11-17 16:34 2229512 ----a-w- c:\program files\GIZMO2\GIZMO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 03:08 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [29/09/2010 5:21 PM 18432]
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [30/03/2011 11:56 PM 247760]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [16/10/2009 10:21 PM 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2010-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://eeepc.asus.com/globalIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\i5art0as.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage -
hxxp://en-US.start3.mozilla.com/firefox ... S:officialFF - prefs.js: keyword.URL -
hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr .exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-04 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2011-04-04 21:09:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-05 01:09
ComboFix2.txt 2011-04-03 23:28
.
Pre-Run: 22,514,319,360 bytes free
Post-Run: 22,494,658,560 bytes free
.
- - End Of File - - E52C5C0031CC55C758849018DF56EF44
Upload was successful