Trojan Win32.Sirefef, PC reboots every minute

My apologies, no issues in terms of error messages or repeated rebooting.

I spoke too soon I think... after clicking on OTL , pc crashed and tried rebooting on Safe Mode to repair and then Normal Mode ...got as far as logging into pc with password and then black screen.

Yes, I tried it, restarting the pc manually ( pulling the plug ) after 1 mn, 5 mns, 20 mns but the same thing happened - when I could get past the log in, pc froze and hung there till I had to shut it down.

Right, remember in my msg#18, thereabouts, I mentioned that when I type in J:\frst.exe that I got a message saying J:\frst.exe is not recognized as internal or external command, operable program or batch file
Do I slot in the OTLPE cd to get the log ?

Ok, I can do this but it will take me a week to get any cds burned .....my clean pc has no burner

Hate to give this up for a week.... is there a possibility to burn the CD using the infected pc but in Safe Mode or using the OTLPE cd ?

Trying out now

I managed to burn the CD but I can't find rst.sh in either sda1 or sda 2 which are the only 2 items I see when I click to open mnt.
I checked my usb that rst.sh is saved on it.

Yes, I suppose Safe Mode worked .
I've left the infected pc on with the ePid cd running for more than 40 mns now and I still don't see sdb.

Do I use the Combofix which has been renamed my_name.exe ?

ComboFix 12-07-21.01 - daphene 23/07/2012 1:36.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2036.1592 [GMT 2:00]
Lancé depuis: c:\users\daphene\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\daphene.exe
c:\daphene.exe\PEV.exe
c:\daphene.exe\snapshot.00.dat
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-22 au 2012-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\daphene\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\maxime\AppData\Local\temp
2012-07-22 23:44 . 2012-07-22 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:29 . 2007-03-14 20:54 332800 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\WGET.EXE
2012-07-22 20:29 . 2006-03-17 18:39 147456 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\BurnCDCC.exe
2012-07-22 01:27 . 2012-07-22 01:27 -------- d-----w- C:\_OTL
2012-07-22 01:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 01:02 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-22 01:02 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-22 01:02 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-21 20:58 . 2012-07-21 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:28 . 2012-07-21 20:28 -------- d-----w- c:\programdata\RoboForm
2012-07-21 20:27 . 2012-07-21 20:27 -------- d-----w- c:\program files\Siber Systems
2012-07-21 20:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-21 20:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-21 20:25 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-21 20:25 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-21 20:25 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-21 20:25 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-21 20:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-21 20:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\programdata\AVAST Software
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\program files\AVAST Software
2012-07-21 18:44 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-21 18:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-21 18:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-21 10:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-21 10:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-21 10:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 12:56 . 2012-07-22 23:02 -------- d-----w- c:\windows\system32\DBBK
2012-07-11 12:56 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-07-11 12:56 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-07-11 12:56 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-07-11 12:56 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-07-11 12:56 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- C:\ZHP
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- c:\program files\ZHPDiag
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\users\daphene\AppData\Local\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\WiseConvert
2012-07-07 13:05 . 2012-07-07 13:05 -------- d-----w- c:\program files\VS Revo Group
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\users\daphene\AppData\Roaming\Malwarebytes
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\programdata\Malwarebytes
2012-07-07 12:52 . 2012-07-07 18:14 -------- d-----w- c:\program files\CCleaner
2012-07-07 11:00 . 2012-07-07 11:00 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-05 22:52 . 2012-07-05 22:52 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- C:\rei
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- c:\program files\Reimage
2012-07-04 10:11 . 2012-07-05 22:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-23 17:30 . 2012-06-23 17:30 -------- d-----w- c:\users\daphene\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:19 . 2012-03-30 09:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:19 . 2011-05-21 09:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 12:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 11:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-29 07:05 . 2012-05-29 07:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\offreg.dll
2012-05-27 13:50 . 2008-03-26 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-08 16:40 . 2012-05-29 06:21 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\mpengine.dll
2012-05-01 14:03 . 2012-06-15 15:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 15:41 . 2011-09-15 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-21 96056]
"Facebook Update"="c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
2008-06-30 21:23 557149 ----a-w- c:\program files\Thomson\ST330\diagnostics\diagnostics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2007-04-13 02:46 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-21 21:25 138096 ----atw- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-25 15:07 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 09:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-25 15:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-25 15:07 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 09:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 01:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-27 13:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-13 02:46 57344 ----a-w- c:\windows\ZSSnp211.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="
"
"FirewallOverride"="
"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:19]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-21 c:\windows\Tasks\HPCeeScheduleFordaphene.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-26 11:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/search?hl=fr&q=++&meta=
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://my.ebay.co.uk/ws/eBayISAPI.d...S/firefox/search/?q=ixquick&appver=&platform=
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 01:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{00000000-0593-4356-9CF7-1D8C2B3343C0}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
04,a1,4b,38,06,e3,e1,5e,cc,2e,6d,07,d4
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25BC7718-0BFA-40EA-B381-4B2D9732D686}"=hex:51,66,7a,6c,4c,1d,38,12,76,74,af,
21,c8,45,84,05,cc,97,08,6d,92,6c,92,92
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}"=hex:51,66,7a,6c,4c,1d,38,12,73,d4,59,
48,d3,1c,6c,01,e1,4d,88,bc,2c,00,8d,ae
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,f7,ff,3c,32,26,cd,01
.
Heure de fin: 2012-07-23 01:47:15
ComboFix-quarantined-files.txt 2012-07-22 23:47
ComboFix2.txt 2012-07-22 00:31
.
Avant-CF: 154 356 658 176 octets libres
Après-CF: 154 264 784 896 octets libres
.
- - End Of File - - 7D4BDF90F00F32EF75B9D055000D5F00

I sent the above using Normal Mode. Prior to this, I tried running COMBO on Safe Mode but got messages that MSE wasn't disabled though I turned off Real Time Protection. I restarted the pc in Normal Mode, and uninstalled MSE. Went back to Safe Mode and ran Combo successfully.
I also attempted the OTL.exe, it didn't work, pc froze.
I'm going to crash myself as it's again 2 am.
I really appreciate your help and am grateful for the patience you've shown to a novice.
I hope other forum users coming here to seek help will be able to get their issues resolved.