Combofix Log help

I need help with Combofix please.

ComboFix 09-05-20.A1 - Administrator 05/26/2009 17:11.11 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.834 [GMT -4:00]
Running from: E:\ComboFix2.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.exe
c:\windows\Fonts\[u]0[/u]1d6f8a91b925ce4c2df5e9d416d215f.dat
c:\windows\system32\borCFileName.dll
c:\windows\system32\borCFileName.exe
c:\windows\system32\dp1.fne
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\UACnoepdpjyxdgtkme.sys
c:\windows\system32\Exmlrpc.fne
c:\windows\system32\krnln.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\uacinit.dll
c:\windows\system32\UACinkwwllpbdovokm.log
c:\windows\system32\UACkcuvomjexllkent.dat
c:\windows\system32\UACkindmpapaeofdxa.dll
c:\windows\system32\UACllfvklrsvpepppq.dll
c:\windows\system32\UACqirumhpahajmxmi.dll
c:\windows\system32\UACriyfsuaglctxjsv.dll
c:\windows\system32\UACrujreacvavorogd.log
c:\windows\system32\UACxljykjsadruxhvo.log
c:\windows\system32\UACykjejaqgxuwrmdx.dll
C:\wow.exe

----- BITS: Possible infected sites -----

hxxp://downloadsoftwareserver.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_SNAME
-------\Service_SName


(((((((((((((((((((((((((   Files Created from 2009-04-26 to 2009-05-26  )))))))))))))))))))))))))))))))
.

2009-05-23 21:27 . 2009-05-23 21:27      --------      d-----w      c:\program files\iMesh Applications
2009-05-23 00:30 . 2009-05-23 00:30      --------      d-----w      c:\documents and settings\All Users\Application Data\Blizzard
2009-05-12 07:00 . 2009-03-11 02:18      453512      ----a-w      c:\windows\system32\KB905474\wgasetup.exe
2009-05-12 07:00 . 2009-03-11 02:26      1403264      ----a-w      c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-12 07:00 . 2009-05-12 07:00      --------      d-----w      c:\windows\system32\KB905474
2009-05-01 23:09 . 2009-05-01 23:09      --------      d-----w      c:\program files\Common Files\Gibinsoft Shared
2009-05-01 23:09 . 2009-05-01 23:09      --------      d-----w      c:\program files\GiPo@Utilities
2009-05-01 22:04 . 2009-05-02 04:35      --------      d-----w      c:\program files\Unlocker
2009-05-01 17:39 . 2009-05-01 17:39      --------      d-----w      c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 17:39 . 2009-04-06 19:32      15504      ----a-w      c:\windows\system32\drivers\mbam.sys
2009-05-01 17:39 . 2009-04-06 19:32      38496      ----a-w      c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 17:39 . 2009-05-01 17:39      --------      d-----w      c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 17:39 . 2009-05-01 18:29      --------      d-----w      c:\program files\Malwarebytes' Anti-Malware
2009-04-30 19:10 . 2009-05-05 04:06      --------      d-----w      C:\VundoFix Backups
2009-04-30 14:34 . 2009-03-19 19:13      184320      ----a-w      c:\windows\system32\InetCntrl0013.dll
2009-04-30 14:34 . 2009-02-03 18:35      39424      ----a-w      c:\windows\system32\drivers\BSafFltr.sys
2009-04-30 14:34 . 2007-06-04 14:55      29024      ----a-w      c:\windows\system32\drivers\bsofrwl.sys
2009-04-30 13:07 . 2009-04-30 13:07      --------      d-----w      c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-29 22:35 . 2009-04-29 22:35      --------      d-----w      c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-29 22:35 . 2009-04-30 14:19      --------      d-----w      c:\program files\SUPERAntiSpyware
2009-04-29 21:49 . 2009-04-29 21:49      --------      d-----w      c:\program files\Common Files\Wise Installation Wizard
2009-04-29 21:49 . 2009-04-29 21:49      --------      d-----w      c:\documents and settings\Administrator\Application Data\TrojanHunter
2009-04-29 20:47 . 2009-05-02 04:35      --------      d-----w      c:\program files\TrojanHunter 5.0

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 20:09 . 2007-02-25 01:39      --------      d-----w      c:\program files\Microsoft Money 2007
2009-05-25 23:07 . 2007-12-08 00:01      597524      --sha-w      c:\windows\system32\drivers\fidbox.idx
2009-05-25 23:07 . 2007-12-08 00:01      51857440      --sha-w      c:\windows\system32\drivers\fidbox.dat
2009-05-23 21:28 . 2008-05-08 11:15      21840      ----atw      c:\windows\system32\SIntfNT.dll
2009-05-23 21:28 . 2008-05-08 11:15      17212      ----atw      c:\windows\system32\SIntf32.dll
2009-05-23 21:28 . 2008-05-08 11:15      12067      ----atw      c:\windows\system32\SIntf16.dll
2009-05-23 00:38 . 2008-09-06 00:28      --------      d-----w      c:\program files\Frets on Fire
2009-05-23 00:28 . 2008-04-19 23:00      --------      d-----w      c:\program files\Common Files\Blizzard Entertainment
2009-05-05 00:51 . 2008-10-04 12:55      256      ----a-w      c:\windows\system32\pool.bin
2009-05-02 02:35 . 2007-05-23 07:06      16862709      ----a-w      c:\windows\Internet Logs\tvDebug.zip
2009-04-30 16:49 . 2007-08-07 23:04      --------      d-----w      c:\program files\Spybot - Search & Destroy
2009-04-30 16:38 . 2007-02-25 01:26      --------      d-----w      c:\program files\CCleaner
2009-04-30 12:57 . 2009-04-30 13:25      44032      ----a-w      c:\windows\Internet Logs\xDB1A.tmp
2009-04-30 11:45 . 2008-12-13 01:20      --------      d-----w      c:\program files\Unity
2009-04-30 11:39 . 2007-01-23 12:08      --------      d--h--w      c:\program files\InstallShield Installation Information
2009-04-30 11:38 . 2008-11-26 16:14      --------      d-----w      c:\program files\Cartoon Network
2009-04-30 11:35 . 2009-02-21 18:18      --------      d-----w      c:\program files\Apple Software Update
2009-04-26 23:39 . 2009-04-27 19:02      2621440      ----a-w      c:\windows\Internet Logs\xDB19.tmp
2009-04-10 19:27 . 2007-01-23 12:12      125856      ----a-w      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 19:23 . 2009-04-10 19:23      --------      d-----w      c:\program files\Guitar Pro 5
2009-03-30 22:45 . 2009-03-30 22:45      --------      d-----w      c:\program files\MSECache
2009-03-06 14:22 . 2004-08-11 22:00      284160      ----a-w      c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-11 22:00      826368      ----a-w      c:\windows\system32\wininet.dll
2009-02-26 22:11 . 2009-02-27 00:07      1881088      ----a-w      c:\windows\Internet Logs\xDB18.tmp
2009-02-26 22:07 . 2009-02-26 22:08      1881088      ----a-w      c:\windows\Internet Logs\xDB17.tmp
.

(((((((((((((((((((((((((((((   SnapShot_2009-05-01_19.05.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 14:34 . 2009-05-26 20:28      66722              c:\windows\system32\InetCntrl\Data\userpolicy.bin
- 2009-04-30 14:34 . 2009-05-01 19:05      66722              c:\windows\system32\InetCntrl\Data\userpolicy.bin
+ 2007-02-25 00:49 . 2009-05-26 20:33      32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-25 00:49 . 2009-05-01 19:04      32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-25 00:49 . 2009-05-01 19:04      32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-02-25 00:49 . 2009-05-26 20:33      32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-01 23:09 . 2009-05-01 23:09      14336              c:\windows\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      23040              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      23040              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      61440              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      61440              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      27136              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      27136              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      11264              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      11264              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      12288              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      12288              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-13 07:01 . 2009-05-13 07:01      38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-04-17 07:03 . 2009-04-17 07:03      38240              c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 01:07 . 2006-10-27 01:07      17680              c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2009-05-23 21:41 . 2009-05-23 21:41      49152              c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-23 21:41 . 2009-05-23 21:41      77824              c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2007-02-25 15:37 . 2009-05-13 07:02      4096              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      4096              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      409600              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      409600              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      286720              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      286720              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      249856              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      249856              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      794624              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      794624              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      135168              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      135168              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-25 15:37 . 2009-05-13 07:02      593920              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-02-25 15:37 . 2009-04-30 18:13      593920              c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-22 20:13 . 2009-05-22 20:13      202729              c:\windows\.silabclient_store_32\code2.dat
+ 2008-10-04 12:59 . 2009-05-17 12:14      1199114              c:\windows\system32\InetCntrl\Email\michaelsmom1@charter.net\gusrwds.bin
- 2008-10-04 12:59 . 2009-04-14 22:55      1199114              c:\windows\system32\InetCntrl\Email\michaelsmom1@charter.net\gusrwds.bin
+ 2009-04-30 14:44 . 2009-05-25 23:11      1107301              c:\windows\system32\InetCntrl\AV\avvnames.dat
+ 2009-04-30 14:44 . 2009-05-25 23:11      2648493              c:\windows\system32\InetCntrl\AV\avvclean.dat
+ 2007-02-28 22:51 . 2009-05-07 07:16      24699336              c:\windows\system32\MRT.exe
+ 2009-04-30 14:44 . 2009-05-25 23:11      69908133              c:\windows\system32\InetCntrl\AV\avvscan.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2009-03-30 841048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05      356352      ----a-w      c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Beatty^Start Menu^Programs^Startup^ChkDisk.dll]
path=c:\documents and settings\Mike Beatty\Start Menu\Programs\Startup\ChkDisk.dll
backup=c:\windows\pss\ChkDisk.dllStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Beatty^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\Mike Beatty\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\SkillGround\\Games\\UTG\\Main.exe"=
"c:\\Program Files\\SkillGround\\Games\\WarPath\\System\\Warpath.exe"=
"c:\\Program Files\\SkillGround\\Games\\KungFu\\System\\KungFu.exe"=
"c:\\Program Files\\SkillGround\\Games\\cqc\\system\\CQC.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - BSafeFilter
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 17:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(284)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-26 17:21 - machine was rebooted
ComboFix-quarantined-files.txt  2009-05-26 21:21
ComboFix2.txt  2009-05-02 02:41
ComboFix3.txt  2009-05-02 01:55
ComboFix4.txt  2009-05-01 22:45
ComboFix5.txt  2009-05-26 21:00

Pre-Run: 120,810,340,352 bytes free
Post-Run: 120,790,409,216 bytes free

227      --- E O F ---      2009-05-13 07:02
csimikeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rpggamergirlCommented:
Combofix was run in safe mode..... it doesn't need to be run in safe mode as it's optimized to run in normal mode.

I had a quick look at the log there's really not much I can see but one bad value in the registry pointing to a bad file that no longer exist.
Combofix already deleted a lot of files there.. How's the pc going?
Is BSafefilter still installed?
If you're experiencing pc problems also try running an online scan with Kaspersky to check if it finds any threats.
http://www.kaspersky.com/virusscanner
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JonveeCommented:
A newly created file in your ComboFix log file is >>
c:\windows\system32\KB905474\wgasetup.exe

Information on WGASETUP.EXE:
http://www.prevx.com/filenames/1373297688916902-X1/WGASETUP.EXE.html

Also, are you by any chance getting excessive C: drive fragmentation due to the fidbox.dat file, or  sluggish "chkdsk" ?    
If yes, this thread may interest you>

"fidbox.dat is eating my hard drive":
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Desktop_Anti-Virus/Q_23753290.html

Therefore suggest you try further scanning using these>
a-squared Free:
http://www.emsisoft.com/en/software/free/

"Trend Micro's FREE online virus scanner":            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".      

0
JonveeCommented:
From the Combo log i realise the file size for your update 'wgasetup.exe' is 453512 and doesn't agree with the wgasetup.exe file size information from prevx.com above, but thought it worth further investigation by scanning.              
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

torimarCommented:
You say you need help with this Combofix log, but you do not say why.

In general, it suffices to just run Combofix in order to get rid of any "normal" infection. Logfile analysis, and possibly CF scripts, will only need to be applied in obstinate cases, i.e. when the issue (malfunctioning, strange behaviour etc) that was due to malware still persists even after Combofix has been run.

Is this the case with you? If so, what exactly is it that makes you think your system is still infected?
0
csimikeAuthor Commented:
Hey Thanks for the feedback. This computer had the WinPCVirus Scan stuff and what combo fix called rootkit. I think Combo fix took care of most of it, but wasn't 100% sure. I still had a few thing the spyware scans found. PC seems to be running great. One thing though, I didn't get any email notifying me anyone had responded to my questions. Thanks! I will look at all the above and get back with you!
0
csimikeAuthor Commented:
O, and rpg. the only way I could get the Combo fix to run was in safemode, and I had to rename the .exe file for it to even start.
0
JonveeCommented:
Yes, ideally ComboFix should be run in normal mode, although it will work in safe mode if you're unable to reach normal mode .. and it's not unusual to have to rename ComboFix before saving it to your desktop, before it will run.

If you ever have difficulties downloading it, another option is to try downloading to another machine, then into a USB memory stick (or equivalent).  Then rename it and connect to the problematic machine.  
0
rpggamergirlCommented:
Glad to know it's sresolved.
<<<"O, and rpg. the only way I could get the Combo fix to run was in safemode, and I had to rename the .exe file for it to even start.">>>

Sorry, when there's no choice of mode then that's okay... I just wanted it known that CF is optimized to be run in normal mode as many people seem to think that CF works better in safe mode.
And yeah.... most often CF and other tools need to be rename to run because nasties block them.

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.