AUTORUN-GEN and WIN32:CONFI defeated?

[mulongo]

first i apologize fo my english.

i've avast 6.0 freware version, updated today, on a portatile pc with wondows XP professional.

Making a complete scan Avast detected Autorun-gen

I put it in trash bin as suggested.
Then Avast suggested me a boot scan that detected Win32:Confi. I canceled it as suggested

then... in my rescue folder i had Combofix. I updated it and make it run. I know i sould have to ask someone before... but the last time my pc was infected i did it an so...

Do you think Avast alone defeated those malwares?

i can attach the log report file is requested...

Thanks in advance to anyone would like to help me.
Simone

[essexboy]

Could you attach the combofix log please and I will have a look see 

[mulongo]

Could you attach the combofix log please and I will have a look see  

dear essexboy, hallo.

here the file

thanks

ps. i have renamed file in "logCombofix"...

[essexboy]

Just one port to close by the looks of it.  Are you experiencing any problems ?

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4198:TCP"=-

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.  This will start ComboFix again.

[mulongo]

Just one port to close by the looks of it.  Are you experiencing any problems ?

before my Avast scan slowness in all apps
And a strange error opening control panel of windows (it seemed don't find the control panel folder)

<b>the second log file is attached</b>

i hope i ddi all correctly

thank you

[essexboy]

That looks good, are you unable to open control panel ?

Download OTS to your Desktop and double-click on it to run it

• Make sure you close all other programs and don't use the PC while the scan runs.
  
• Select All Users
  
• Under additional scans select the following

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  
• When the scan is complete Notepad will open with the report file loaded in it.
• Please attach the log in your next post.

[mulongo]

That looks good, are you unable to open control panel ?

sorry, i didn't check it again after Avast cleaning... now control panel seems working.

Download and run OTS anyway?

thanks

[essexboy]

Yes please - just to make sure 

[mulongo]

Yes please - just to make sure 

done

[essexboy]

Nope looks OK  there are a few traces to go but that is all... This will also empty your temporary folders which seem to be a tad full

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (Comodo Anti-Virus and Anti-Spyware Service) Comodo Anti-Virus and Anti-Spyware Service [Disabled | Stopped] ->
[Driver Services - Safe List]
YY -> (catchme) catchme [Kernel | On_Demand | Running] ->
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9AA2F14F-E956-44B8-8694-A5B615CDF341} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1659004503-287218729-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-287218729-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
[File - Lop Check]
NY ->  Avg7 -> C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.  Post that information back here

[mulongo]

Nope looks OK  there are a few traces to go but that is all... This will also empty your temporary folders which seem to be a tad full

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

well :'( i guess something went wrong.

After Run fix, a few seconds working ... BLUE SCREEN for a second! and Windows re-start automatically...

No OTS log file.

 

[essexboy]

Now that is not normall

Lets check deeper

Download aswMBR.exe ( 511KB ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan

 
On completion of the scan click save log, save it to your desktop and post in your next reply

[mulongo]

Now that is not normall

Lets check deeper

Download aswMBR.exe ( 511KB ) to your desktop.

sorry, i needed to be offline for householding duties

this is the log

thank you... i guess "i see you" tomorrow

[emantoyaks]

try to scan your system using this one to remove the conficker:

http://www.bdtools.net/

[SafeSurf]

@ emantoyaks,

While we appreciate your help, Essexboy is in the middle of malware removal.  Some tools are already on the OP's machine that he will eventually need to remove or instruct the OP how to remove.  Therefore we will let Essexboy continue his malware removal on his own for now.  Thank you.