Whew; again...
I'm using IE. (I downloaded Firefox a day or so ago in case IE was un-fixable)
I disabled AVG for the 15 minutes, (which appears to be the maximum) By the time I got under way, that time expired during ComboFix, but CF saw it and put up a warning. I simply un-installed AVG. Then I brought ComboFix back up and proceeded as you directed. It came to a blue box with, "preparing to run." I waited, and it asked to download Recovery Console, which I did. Then, before I could type in the line you wanted ending in, "stepdel," it went into AutoScan. Ran through some 50 processes. I just let it go. The end log is included here:
ComboFix 10-11-03.04 - Dennis 11/04/2010 19:35:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.189 [GMT -7:00]
Running from: c:\documents and settings\Dennis\Desktop\commy.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.
2010-11-04 06:12 . 2010-11-04 06:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-03 14:17 . 2010-11-03 14:17 -------- d-----w- c:\program files\Trend Micro
2010-11-01 23:33 . 2010-11-01 23:33 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Mozilla
2010-11-01 19:52 . 2010-11-01 19:52 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes
2010-11-01 19:52 . 2010-11-01 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-01 16:27 . 2010-11-01 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-01 01:00 . 2010-11-01 01:10 -------- d-----w- C:\f5b763e5d84ff038215219e7ba16
2010-11-01 00:15 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-01 00:15 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-01 00:15 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-01 00:14 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-31 23:47 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-30 04:03 . 2010-10-30 04:03 -------- d-----w- c:\documents and settings\Dennis\Application Data\AVG10
2010-10-30 03:57 . 2010-10-30 03:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-30 03:51 . 2010-11-05 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-30 03:50 . 2010-10-30 03:50 -------- d-----w- c:\program files\AVG
2010-10-30 03:18 . 2010-10-30 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2003-03-31 02:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-03-31 02:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-03-31 02:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-03-31 02:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-02-07 01:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2003-03-31 02:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2003-03-31 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2003-03-31 02:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-03-31 02:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2003-03-31 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-03-31 02:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-31 02:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-15 01:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2003-03-31 02:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2003-03-31 02:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-05-22 02:54 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-25 101080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 335872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-01-16 229376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-22 98304]
"TV Now"="c:\program files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 282624]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-03-13 102400]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 868352]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"CARPService"="carpserv.exe" [2003-05-21 4608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
c:\documents and settings\Dennis\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-9 111376]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-06-08 86016]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ATCS Monitor\\atcsmon.exe"=
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/21/2004 6:27 PM 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/21/2004 6:27 PM 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [7/16/2003 6:01 PM 28280]
S2 AvgCore;AVG6 Kernel;\??\c:\progra~1\Grisoft\AVG6\avgcore.sys --> c:\progra~1\Grisoft\AVG6\avgcore.sys [?]
S2 AvgFsh;AVG6 Rezident Driver;\??\c:\progra~1\Grisoft\AVG6\avgfsh.sys --> c:\progra~1\Grisoft\AVG6\avgfsh.sys [?]
S2 AvgServ;AVG6 Service;c:\progra~1\Grisoft\AVG6\avgserv.exe --> c:\progra~1\Grisoft\AVG6\avgserv.exe [?]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [4/16/2003 6:00 PM 57344]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\w8arz9zr.default\
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HPHUPD05 - c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-04 19:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?
?4?5?4?0?
?deB?
??B?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-04 19:44:58
ComboFix-quarantined-files.txt 2010-11-05 02:44
Pre-Run: 44,638,343,168 bytes free
Post-Run: 44,634,873,856 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 855AE7DCFB7C6D1C7976972B2C5442BD
So did I do wrong by not finding a place or opportunity to type in that one line?
Presently I have un-installed ALL my protection programs in preparation for ComboFix. So when we finish, I'll need to begin all over to download everything I, or YOU suggest, I need.
Since this is now a defense-less laptop, I'll turn it off until I hear from you again.
I'm glad YOU understand these logs.
Dennis