Solve : Think Point Virus?

1.	Solve : Think Point Virus?
Answer» I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart INSTALLER. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can TAKE some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Hi! Dave, After a few attempts, i finally succeeded to download the ESET. I unchecked the box "remove found threats", because i was not sure you wanted it that way. You didn't mention if i needded to keep it on not. Here is the results of the scan: C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll Win32/Adware.Toolbar.Dealio application C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll Win32/Adware.Toolbar.Dealio application C:\Windows\Installer\6bcc6a.msi Win32/Adware.Toolbar.Dealio application Operating memory Win32/Adware.Toolbar.Dealio application Waiting your intructions eagerly. Regards, YvesPlease run it again and check "remove found threats".Hi! Dave, Here is the results: C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting (after the next restart) - quarantined C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined C:\Users\Yves\AppData\Local\Temp\NOD349B.tmp Win32/Adware.Toolbar.Dealio application cleaned by deleting (after the next restart) - quarantined C:\Windows\Installer\6bcc6a.msi Win32/Adware.Toolbar.Dealio application deleted - quarantined Regards, YvesHow's your computer running now?. Any issues?Hi! Dave, My PC seem to be O.K, but how can i make sure there is nothing left from that" Think Point" on it? There is still some names of files on the "Windows Task Manager", how can i get rid of them? See additional. atiedxx.exe, csrss.exe, winlogon.exe Regards, Yveshere is the additional [recovering disk space - old attachment deleted by admin] Quote atiedxx.exe This is a file for your video card. Quote csrss.exe The Microsoft Client Server Runtime Server subsystem utilizes the process csrss.exe for managing the majority of the graphical instruction sets under the Microsoft Windows operating system. Quote winlogon.exe winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated. You can google all those files to find out what are their functions . Let's see if you can run ComboFix again as OUTLINED in Reply #9 Hi! Dave, O.K , i run the ComboFix and here is the results: ComboFix 10-11-09.01 - Yves 10/11/2010 5:47.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3070.2010 [GMT 10:00] Running from: c:\users\Yves\Desktop\commy.exe Command switches used :: /stepdel . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\arp.exe G:\Autorun.inf c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 ))))))))))))))))))))))))))))))) . 2010-11-09 20:47 . 2010-11-09 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-09 08:06 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44CDFD57-B753-47D5-9915-893F16DBC98A}\mpengine.dll 2010-11-09 04:26 . 2010-11-09 04:26 -------- d-----w- c:\program files\Vodafone 2010-11-03 04:36 . 2010-11-03 04:36 -------- d-----w- c:\program files\Common Files\Java 2010-11-03 04:35 . 2010-11-03 04:35 -------- d-----w- c:\program files\Sun 2010-11-03 04:32 . 2010-11-03 04:34 -------- d-----w- c:\program files\Java 2010-11-03 02:59 . 2010-11-03 02:59 -------- d-----w- c:\users\Yves\AppData\Roaming\Malwarebytes 2010-11-03 02:59 . 2010-11-08 23:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-03 02:59 . 2010-11-03 02:59 -------- d-----w- c:\programdata\Malwarebytes 2010-11-02 23:16 . 2010-11-02 23:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-10-26 20:45 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-10-26 20:45 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll 2010-10-26 20:45 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax 2010-10-26 20:45 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2010-10-26 20:39 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2010-10-23 11:36 . 2010-10-23 11:36 -------- d-----w- c:\programdata\5D 2010-10-23 10:25 . 2010-10-23 11:28 -------- d-----w- c:\users\Yves\AppData\Local\BearShare 2010-10-23 10:18 . 2010-10-23 20:49 -------- dc-h--w- c:\programdata\~0 2010-10-23 10:18 . 2010-10-23 10:18 -------- d-----w- c:\users\Yves\AppData\Local\PackageAware 2010-10-20 14:18 . 2010-10-20 14:18 -------- d-----w- c:\windows\en 2010-10-20 14:18 . 2010-10-20 14:18 -------- dc----w- c:\windows\system32\DRVSTORE 2010-10-20 14:18 . 2010-09-22 14:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2010-10-20 14:13 . 2010-10-20 14:13 -------- d-----w- c:\program files\MSN Toolbar 2010-10-20 14:13 . 2010-10-20 14:14 -------- d-----w- c:\program files\Bing Bar Installer 2010-10-20 14:13 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2010-10-20 14:13 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-10-20 14:13 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2010-10-20 14:12 . 2010-10-20 14:12 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\c76b1f1e1cb70602b\InstallManager_WLE_WLE.exe 2010-10-20 14:11 . 2010-10-20 14:11 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5d373971cb706020\MeshBetaRemover.exe 2010-10-20 14:11 . 2010-10-20 14:11 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DSETUP.dll 2010-10-20 14:11 . 2010-10-20 14:11 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DXSETUP.exe 2010-10-20 14:11 . 2010-10-20 14:11 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\dsetup32.dll 2010-10-20 14:11 . 2010-10-20 14:11 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DXSETUP.exe 2010-10-20 14:11 . 2010-10-20 14:11 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\dsetup32.dll 2010-10-20 14:11 . 2010-10-20 14:11 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DSETUP.dll 2010-10-20 14:09 . 2010-11-06 03:26 -------- d-----w- c:\users\Yves\AppData\Local\Windows Live 2010-10-20 14:09 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2010-10-20 14:09 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2010-10-20 14:09 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll 2010-10-15 21:34 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll 2010-10-15 21:03 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-15 21:01 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-15 21:01 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-15 21:01 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 21:01 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-15 21:01 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-15 21:01 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-15 21:01 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 04:35 . 2010-07-27 22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-19 01:41 . 2010-07-26 23:48 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 14:47 . 2010-09-22 14:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-22 14:32 . 2010-09-22 14:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-21 04:03 . 2010-09-21 04:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL 2010-08-25 20:48 . 2010-08-25 20:48 53248 ----a-r- c:\users\Yves\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2010-08-21 05:32 . 2010-09-15 06:16 316928 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-09-29 2942856] "AnyTime Organizer"="c:\program files\AnyTime Organizer Premier\AtDem.exe" [2007-11-21 29696] "E09AXLRD_2727443"="c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" [2008-06-03 351000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-07-20 1038848] "MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-06-25 253952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AnyTime.lnk] path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk backup=c:\windows\pss\AnyTime.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FastStone Capture.lnk] path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk backup=c:\windows\pss\FastStone Capture.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-03-27 06:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe] 2010-06-04 08:49 530768 ----a-w- c:\program files\Acronis\DriveMonitor\adm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 13:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-22 18:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-22 12:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyTime Organizer] 2007-11-21 03:45 29696 ----a-w- c:\progra~1\ANYTIM~1\AtDem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter] 2010-09-29 05:30 2942856 ----a-w- c:\program files\DU Meter\DUMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_15580131] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2163780] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2494237] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2519946] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_25437101] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_31464294] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5542044] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5633040] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_582850] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6173833] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6696436] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_738477] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_8550430] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_9218411] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_969171] 2008-06-03 10:05 351000 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-18 06:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] 2010-10-22 20:47 353736 ----a-w- c:\program files\IncrediMail\Bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2010-07-21 06:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2010-07-21 07:07 1778064 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid] 2010-05-11 06:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD] 2010-05-11 06:43 6061400 ----a-w- c:\program files\Logitech\Vid\Vid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS] 2010-05-07 08:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 00:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] 2010-06-25 02:57 253952 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES] 2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 01:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 03:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-03-27 06:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime2006] 2007-10-21 07:17 1486848 ----a-w- c:\program files\AnyTime Organizer Premier\WorldTime.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-09-29 18576] R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-06-15 35568] R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-06-10 9216] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400] R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2009-10-28 105216] R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2009-10-28 105216] R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2009-10-28 105216] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-07-27 911680] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-27 2480048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-03 176128] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928] S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-09-29 1412488] S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 26352] S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 493032] S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-06-25 9216] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-07-27 160704] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-03 6096384] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-03 214016] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432] S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-03-01 61952] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-30 105856] S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-10 194048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . . ------- Supplementary Scan ------- . uStart Page = about:blank TCP: {E481D8DE-43C8-4878-B42D-DD2FAEC18884} = 202.124.65.22 202.124.65.18 . - - - - ORPHANS REMOVED - - - - BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll HKLM-Run-atr.exe - (no file) MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE MSConfigStartUp-SearchSettings - c:\program files\YouTube Downloader Toolbar\SearchSettings.exe AddRemove-Hoadley Options Strategy Evaluation Tool_is1 - c:\program files\HoadleyOptions\unins000.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3860) c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\A\ESBRes.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Acronis\DriveMonitor\adm.exe . ************************************************************************ . Completion time: 2010-11-10 07:20:44 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-09 21:20 Pre-Run: 313,216,090,112 bytes free Post-Run: 313,234,837,504 bytes free - - End Of File - - 15DBDB942C9E623E8AA909342BBEF4BF Look a pretty long one and very impressive. Please, explain to me the results! Should i delete "ComboFix" from my PC? Best regards, YvesPlease download SystemLook from one of the links below and save it to your desktop. Link # 1 Link # 2 Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double-click SystemLook.exe to run it. Copy the contents of the following codebox into the main textfield. Code: [Select]:filefind userinit.exe Click the Look button to start the scan. Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer). When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt ************************** SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop. Double click Sysprot.exe to start the program. Click on the Log tab. In the Write to log box select the following items. Process << Selected Kernel Modules << Selected SSDT << Selected Kernel HOOKS << Selected IRP Hooks << NOT Selected Ports << NOT Selected Hidden Files << Selected At the bottom of the page Hidden Objects Only << Selected Click on the Create Log button on the bottom right. After a few seconds a new window should appear. Select Scan Root Drive. Click on the Start button. When it is complete a new window will appear to indicate that the scan is finished. The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here. [/list] Hi! Dave, Here are the results of the scan with " SystemLook". Regards, Yves SystemLook 04.09.10 by jpshortstuff Log created at 09:23 on 11/11/2010 by Yves Administrator - Elevation successful ========== filefind ========== Searching for "userinit.exe " C:\Windows\ERDNT\cache\userinit.exe --a---- 26112 bytes [21:08 09/11/2010] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175 C:\Windows\System32\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175 -= EOF =-Hi! Dave, Here are the results with the scan SysProtAntirootkit SysProt AntiRootkit v1.0.1.0 by swatkat ************************************************************************************** ************************************************************************************** No Hidden Processes found ************************************************************************************** ************************************************************************************** No Hidden Kernel Modules found ************************************************************************************** ************************************************************************************** No SSDT Hooks found ************************************************************************************** ************************************************************************************** No Kernel Hooks found ************************************************************************************** ************************************************************************************** No hidden files/folders found I am happy with the results. Regards, YvesOk. Let's see if we can fix that corrupted/infected file. Re-running ComboFix to remove infections: Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Quote KillAll:: FCopy:: C:\Windows\ERDNT\cache\userinit.exe \| c:\windows\system32\userinit.exe Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt** Please post the contents of the log in your next reply. Hi! Dave, Here i am not sure.... I got the "commy.exe" and it is this one i have to use and drag "CFScript.txt" in it. Or re-download the original ComboFix? Regards, YvesYes, use the one you have on your desktop.

Answer» I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart INSTALLER. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can TAKE some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi! Dave,
After a few attempts, i finally succeeded to download the ESET.
I unchecked the box "remove found threats", because i was not sure you wanted it that way. You didn't mention if i needded to keep it on not.
Here is the results of the scan:
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll   Win32/Adware.Toolbar.Dealio application
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe   Win32/Adware.Toolbar.Dealio application
C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe   Win32/Adware.Toolbar.Dealio application
C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll   Win32/Adware.Toolbar.Dealio application
C:\Windows\Installer\6bcc6a.msi   Win32/Adware.Toolbar.Dealio application
Operating memory   Win32/Adware.Toolbar.Dealio application
Waiting your intructions eagerly.
Regards,
YvesPlease run it again and check "remove found threats".Hi! Dave,
Here is the results:
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll   Win32/Adware.Toolbar.Dealio application   cleaned by deleting (after the next restart) - quarantined
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe   Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe   Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll   Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Users\Yves\AppData\Local\Temp\NOD349B.tmp   Win32/Adware.Toolbar.Dealio application   cleaned by deleting (after the next restart) - quarantined
C:\Windows\Installer\6bcc6a.msi   Win32/Adware.Toolbar.Dealio application   deleted - quarantined

Regards, YvesHow's your computer running now?. Any issues?Hi! Dave,
My PC seem to be O.K, but how can i make sure there is nothing left from that" Think Point" on it?
There is still some names of files on the "Windows Task Manager", how can i get rid of them? See additional. atiedxx.exe, csrss.exe, winlogon.exe
Regards, Yveshere is the additional

[recovering disk space - old attachment deleted by admin] Quote

atiedxx.exe

This is a file for your video card.

Quote

csrss.exe

The Microsoft Client Server Runtime Server subsystem utilizes the process csrss.exe for managing the majority of the graphical instruction sets under the Microsoft Windows operating system.

Quote

winlogon.exe

winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.

You can google all those files to find out what are their functions .
Let's see if you can run ComboFix again as OUTLINED in Reply #9

Hi! Dave,
O.K , i run the ComboFix and here is the results:
ComboFix 10-11-09.01 - Yves 10/11/2010 5:47.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3070.2010 [GMT 10:00]
Running from: c:\users\Yves\Desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\arp.exe
G:\Autorun.inf

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-09 20:47 . 2010-11-09 20:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-11-09 08:06 . 2010-10-07 23:21   6146896   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{44CDFD57-B753-47D5-9915-893F16DBC98A}\mpengine.dll
2010-11-09 04:26 . 2010-11-09 04:26   --------   d-----w-   c:\program files\Vodafone
2010-11-03 04:36 . 2010-11-03 04:36   --------   d-----w-   c:\program files\Common Files\Java
2010-11-03 04:35 . 2010-11-03 04:35   --------   d-----w-   c:\program files\Sun
2010-11-03 04:32 . 2010-11-03 04:34   --------   d-----w-   c:\program files\Java
2010-11-03 02:59 . 2010-11-03 02:59   --------   d-----w-   c:\users\Yves\AppData\Roaming\Malwarebytes
2010-11-03 02:59 . 2010-11-08 23:32   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-03 02:59 . 2010-11-03 02:59   --------   d-----w-   c:\programdata\Malwarebytes
2010-11-02 23:16 . 2010-11-02 23:16   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-10-26 20:45 . 2010-08-04 06:18   641536   ----a-w-   c:\windows\system32\CPFilters.dll
2010-10-26 20:45 . 2010-08-04 06:17   417792   ----a-w-   c:\windows\system32\msdri.dll
2010-10-26 20:45 . 2010-08-04 06:15   204288   ----a-w-   c:\windows\system32\MSNP.ax
2010-10-26 20:45 . 2010-08-04 06:15   199680   ----a-w-   c:\windows\system32\mpg2splt.ax
2010-10-26 20:39 . 2010-07-13 05:22   26504   ----a-w-   c:\windows\system32\drivers\Diskdump.sys
2010-10-23 11:36 . 2010-10-23 11:36   --------   d-----w-   c:\programdata\5D
2010-10-23 10:25 . 2010-10-23 11:28   --------   d-----w-   c:\users\Yves\AppData\Local\BearShare
2010-10-23 10:18 . 2010-10-23 20:49   --------   dc-h--w-   c:\programdata\~0
2010-10-23 10:18 . 2010-10-23 10:18   --------   d-----w-   c:\users\Yves\AppData\Local\PackageAware
2010-10-20 14:18 . 2010-10-20 14:18   --------   d-----w-   c:\windows\en
2010-10-20 14:18 . 2010-10-20 14:18   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-10-20 14:18 . 2010-09-22 14:21   39272   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2010-10-20 14:13 . 2010-10-20 14:13   --------   d-----w-   c:\program files\MSN Toolbar
2010-10-20 14:13 . 2010-10-20 14:14   --------   d-----w-   c:\program files\Bing Bar Installer
2010-10-20 14:13 . 2009-09-04 07:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2010-10-20 14:13 . 2009-09-04 07:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2010-10-20 14:13 . 2009-09-04 07:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2010-10-20 14:12 . 2010-10-20 14:12   469256   ----a-w-   c:\program files\Common Files\Windows Live\.cache\c76b1f1e1cb70602b\InstallManager_WLE_WLE.exe
2010-10-20 14:11 . 2010-10-20 14:11   15712   ----a-w-   c:\program files\Common Files\Windows Live\.cache\b5d373971cb706020\MeshBetaRemover.exe
2010-10-20 14:11 . 2010-10-20 14:11   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DSETUP.dll
2010-10-20 14:11 . 2010-10-20 14:11   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\DXSETUP.exe
2010-10-20 14:11 . 2010-10-20 14:11   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a5a337da1cb706018\dsetup32.dll
2010-10-20 14:11 . 2010-10-20 14:11   525656   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DXSETUP.exe
2010-10-20 14:11 . 2010-10-20 14:11   1691480   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\dsetup32.dll
2010-10-20 14:11 . 2010-10-20 14:11   94040   ----a-w-   c:\program files\Common Files\Windows Live\.cache\a40e8dec1cb706017\DSETUP.dll
2010-10-20 14:09 . 2010-11-06 03:26   --------   d-----w-   c:\users\Yves\AppData\Local\Windows Live
2010-10-20 14:09 . 2010-05-23 10:15   1619456   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2010-10-20 14:09 . 2010-05-23 10:11   196608   ----a-w-   c:\windows\system32\mfreadwrite.dll
2010-10-20 14:09 . 2010-05-23 10:11   3181568   ----a-w-   c:\windows\system32\mf.dll
2010-10-15 21:34 . 2010-05-05 06:46   363520   ----a-w-   c:\windows\system32\StructuredQuery.dll
2010-10-15 21:03 . 2010-08-21 05:36   738816   ----a-w-   c:\windows\system32\wmpmde.dll
2010-10-15 21:01 . 2010-09-01 04:26   164864   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 21:01 . 2010-09-01 04:23   12625408   ----a-w-   c:\windows\system32\wmploc.DLL
2010-10-15 21:01 . 2010-09-01 02:34   2327552   ----a-w-   c:\windows\system32\win32k.sys
2010-10-15 21:01 . 2010-08-27 05:46   168448   ----a-w-   c:\windows\system32\srvsvc.dll
2010-10-15 21:01 . 2010-08-27 03:31   310784   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-10-15 21:01 . 2010-08-27 03:30   308736   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-10-15 21:01 . 2010-08-27 03:30   113664   ----a-w-   c:\windows\system32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 04:35 . 2010-07-27 22:47   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-19 01:41 . 2010-07-26 23:48   222080   ------w-   c:\windows\system32\MpSigStub.exe
2010-09-22 14:47 . 2010-09-22 14:47   49016   ----a-w-   c:\windows\system32\sirenacm.dll
2010-09-22 14:32 . 2010-09-22 14:32   301936   ----a-w-   c:\windows\WLXPGSS.SCR
2010-09-21 04:03 . 2010-09-21 04:03   208768   ----a-w-   c:\windows\system32\LIVESSP.DLL
2010-08-25 20:48 . 2010-08-25 20:48   53248   ----a-r-   c:\users\Yves\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-08-21 05:32 . 2010-09-15 06:16   316928   ----a-w-   c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-09-29 2942856]
"AnyTime Organizer"="c:\program files\AnyTime Organizer Premier\AtDem.exe" [2007-11-21 29696]
"E09AXLRD_2727443"="c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" [2008-06-03 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-07-20 1038848]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-06-25 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AnyTime.lnk]
path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk
backup=c:\windows\pss\AnyTime.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FastStone Capture.lnk]
path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
backup=c:\windows\pss\FastStone Capture.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Yves^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 06:07   362232   ----a-w-   c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
2010-06-04 08:49   530768   ----a-w-   c:\program files\Acronis\DriveMonitor\adm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 13:07   932288   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 18:47   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 12:10   402432   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyTime Organizer]
2007-11-21 03:45   29696   ----a-w-   c:\progra~1\ANYTIM~1\AtDem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2010-09-29 05:30   2942856   ----a-w-   c:\program files\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_15580131]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2163780]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2494237]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_2519946]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_25437101]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_31464294]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5542044]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_5633040]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_582850]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6173833]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_6696436]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_738477]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_8550430]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_9218411]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09AXLRD_969171]
2008-06-03 10:05   351000   ----a-w-   c:\program files\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 06:13   54576   ----a-w-   c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-10-22 20:47   353736   ----a-w-   c:\program files\IncrediMail\Bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2010-07-21 06:52   1797008   ----a-w-   c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2010-07-21 07:07   1778064   ----a-w-   c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 06:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 06:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 08:35   165208   ----a-w-   c:\program files\Logitech\LWS\Webcam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 00:17   5252408   ----a-w-   c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2010-06-25 02:57   253952   ----a-w-   c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14   354304   ----a-w-   c:\windows\System32\StikyNot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 01:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 03:37   517096   ----a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 06:06   5107232   ----a-w-   c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorldTime2006]
2007-10-21 07:17   1486848   ----a-w-   c:\program files\AnyTime Organizer Premier\WorldTime.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [2010-09-29 18576]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-06-15 35568]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-06-10 9216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2009-10-28 105216]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [2009-10-28 105216]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2009-10-28 105216]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-07-27 911680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-07-27 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-03 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2010-09-29 1412488]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 26352]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 493032]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-06-25 9216]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-07-27 160704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-03 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-03 214016]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-03-01 61952]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-30 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-10 194048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: {E481D8DE-43C8-4878-B42D-DD2FAEC18884} = 202.124.65.22 202.124.65.18
.
- - - - ORPHANS REMOVED - - - -

BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
HKLM-Run-atr.exe - (no file)
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSConfigStartUp-SearchSettings - c:\program files\YouTube Downloader Toolbar\SearchSettings.exe
AddRemove-Hoadley Options Strategy Evaluation Tool_is1 - c:\program files\HoadleyOptions\unins000.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3860)
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\A\ESBRes.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Acronis\DriveMonitor\adm.exe
.
**************************************************************************
.
Completion time: 2010-11-10 07:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-09 21:20

Pre-Run: 313,216,090,112 bytes free
Post-Run: 313,234,837,504 bytes free

- - End Of File - - 15DBDB942C9E623E8AA909342BBEF4BF
Look a pretty long one and very impressive. Please, explain to me the results!
Should i delete "ComboFix" from my PC?
Best regards, YvesPlease download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.
Code: [Select]:filefind
userinit.exe
Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

******************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel HOOKS << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]
Hi! Dave,
Here are the results of the scan with " SystemLook".
Regards,
Yves
SystemLook 04.09.10 by jpshortstuff
Log created at 09:23 on 11/11/2010 by Yves
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe "
C:\Windows\ERDNT\cache\userinit.exe   --a---- 26112 bytes   [21:08 09/11/2010]   [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\System32\userinit.exe   --a---- 26112 bytes   [23:34 13/07/2009]   [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe   --a---- 26112 bytes   [23:34 13/07/2009]   [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175

-= EOF =-Hi! Dave,
Here are the results with the scan SysProtAntirootkit
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found
I am happy with the results.
Regards,
YvesOk. Let's see if we can fix that corrupted/infected file.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

FCopy::
C:\Windows\ERDNT\cache\userinit.exe | c:\windows\system32\userinit.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Hi! Dave,
Here i am not sure....
I got the "commy.exe" and it is this one i have to use and drag "CFScript.txt" in it.
Or re-download the original ComboFix?
Regards, YvesYes, use the one you have on your desktop.

Solve : Think Point Virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment