Member Avatar for tharun.bhascker

My explorer.exe keeps restarting every 5 secs.

1. I used combo fix
2. I deleted my user account and logged into a new one.

Nothing worked.

Here is the log:

ComboFix 09-04-19.05 - Tharun 04/19/2009 17:50.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.809 [GMT 5.5:30]
Running from: c:\documents and settings\Tharun\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\msonpmon.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 12:13 . 2009-04-19 12:13 -------- d-----w c:\windows\system32\xircom
2009-04-19 12:13 . 2009-04-19 12:13 -------- d-----w c:\program files\microsoft frontpage
2009-04-19 12:04 . 2009-04-19 12:06 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-19 07:06 . 2009-04-19 07:06 -------- dc-h--w c:\documents and settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2009-04-18 07:22 . 2009-04-18 07:22 64987 ----a-w C:\simple_clock.zip
2009-04-18 06:50 . 2009-04-18 07:29 -------- d-----w c:\documents and settings\Tharun\Application Data\AveDesk
2009-04-18 06:49 . 2009-04-19 10:39 -------- d-----w C:\AVEDESK
2009-04-18 06:49 . 2009-04-18 06:49 -------- d-----w c:\program files\TopDesk
2009-04-18 06:36 . 2005-01-22 12:35 20480 ----a-w c:\windows\system32\wbload.dll
2009-04-18 06:36 . 2003-02-26 14:57 36864 ----a-w c:\windows\system32\wbsys.dll
2009-04-18 06:36 . 2009-04-18 06:36 -------- d-----w c:\program files\Stardock
2009-04-18 06:34 . 2009-04-18 06:34 -------- d-----w c:\documents and settings\Tharun\Local Settings\Application Data\Stardock
2009-04-18 06:33 . 2009-04-18 06:33 -------- d-----w c:\program files\CursorXP
2009-04-18 06:13 . 2001-08-17 08:18 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-18 06:13 . 2009-04-18 06:13 -------- d-----w c:\program files\SP36869
2009-04-18 06:01 . 2005-11-03 03:01 1902 ------w c:\windows\system32\SetupBD.din
2009-04-17 14:49 . 2008-04-13 18:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-17 10:30 . 2009-04-17 10:47 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-17 10:30 . 2009-04-17 10:30 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-17 10:30 . 2009-04-17 10:30 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-17 10:30 . 2009-04-17 10:30 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-17 10:30 . 2009-04-17 10:30 -------- d-----w c:\program files\COMODO
2009-04-17 09:22 . 2009-04-17 09:22 -------- d-----w C:\Wallpapers
2009-04-17 09:14 . 2006-10-26 07:58 30512 ----a-w c:\windows\system32\mdimon.dll
2009-04-17 09:12 . 2009-04-17 09:15 -------- d-----w c:\program files\RocketDock
2009-04-17 09:11 . 2009-04-17 09:11 -------- d-----w c:\program files\Microsoft Works
2009-04-17 09:10 . 2009-04-17 09:10 -------- d-----w c:\program files\Microsoft.NET
2009-04-17 09:08 . 2009-04-17 09:08 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-17 09:06 . 2009-04-17 09:11 -------- d-----w c:\windows\SHELLNEW
2009-04-17 09:06 . 2009-04-17 09:08 -------- d-----w C:\AECS3_Best_plugins
2009-04-17 09:05 . 2009-04-17 09:05 -------- d-----w c:\documents and settings\Tharun\Local Settings\Application Data\Microsoft Help
2009-04-17 09:05 . 2009-04-17 09:14 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 09:03 . 2009-04-17 09:03 -------- d-----w c:\program files\VSTplugins
2009-04-17 09:03 . 2009-04-17 09:03 -------- d-----w c:\documents and settings\Tharun\Application Data\Publish Providers
2009-04-17 09:03 . 2009-04-17 09:03 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-17 09:03 . 2009-04-17 09:03 -------- d-----w c:\documents and settings\Tharun\Local Settings\Application Data\Sony
2009-04-17 09:03 . 2009-04-17 09:03 -------- d-----w c:\documents and settings\Tharun\Application Data\Sony
2009-04-17 09:00 . 2009-04-17 09:00 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-17 09:00 . 2009-04-17 09:00 0 ----a-w c:\windows\nsreg.dat
2009-04-17 08:59 . 2009-04-17 08:59 -------- d-----w c:\documents and settings\Tharun\Local Settings\Application Data\Mozilla
2009-04-17 08:58 . 2009-04-17 08:58 -------- d-----w c:\program files\Sony Setup
2009-04-17 08:58 . 2009-04-19 09:56 -------- d-----w c:\documents and settings\Tharun\Local Settings\Application Data\Adobe
2009-04-17 08:57 . 2009-04-17 10:22 68456 ----a-w c:\documents and settings\Tharun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 08:55 . 2009-04-17 08:55 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-17 08:47 . 2009-04-17 08:47 -------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-04-17 08:45 . 2007-02-20 04:04 190696 ----a-w c:\windows\system32\NPSWF32_FlashUtil.exe
2009-04-17 08:45 . 2007-02-20 04:04 2463976 ----a-w c:\windows\system32\NPSWF32.dll
2009-04-17 08:42 . 2009-04-17 12:32 -------- d-----w C:\Util
2009-04-17 08:38 . 2009-04-17 08:38 -------- d-----w c:\program files\Bonjour
2009-04-17 08:34 . 2009-04-17 08:34 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-17 08:31 . 2009-04-17 08:51 -------- d-----w c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 12:38 . 2009-03-17 10:33 -------- d-----w c:\documents and settings\Tharun\Application Data\DivX
2009-04-17 09:11 . 2009-04-16 14:33 -------- d-----w c:\program files\MSBuild
2009-04-16 15:34 . 2009-04-16 15:34 -------- d-----w c:\documents and settings\Tharun\Application Data\ESET
2009-04-16 15:34 . 2009-04-16 15:34 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-04-16 15:33 . 2009-04-16 15:33 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-16 15:33 . 2009-04-16 15:33 34090180 ----a-w c:\windows\ESS4.exe
2009-04-16 15:33 . 2009-04-16 15:33 40960 ----a-w c:\windows\wow.exe
2009-04-16 15:21 . 2009-04-16 15:21 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-16 15:19 . 2009-04-16 15:19 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-16 15:19 . 2009-04-16 15:19 -------- d-----w c:\documents and settings\Tharun\Application Data\DAEMON Tools
2009-04-16 15:19 . 2009-04-16 15:19 -------- d-----w c:\documents and settings\Tharun\Application Data\Windows Search
2009-04-16 15:18 . 2009-04-16 15:18 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 15:15 . 2009-04-16 15:15 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-16 15:15 . 2009-04-16 15:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-04-16 15:15 . 2009-04-16 15:15 -------- d-----w c:\program files\Hewlett-Packard
2009-04-16 15:15 . 2009-04-16 15:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 15:15 . 2009-04-16 15:15 -------- d-----w c:\documents and settings\Tharun\Application Data\InstallShield
2009-04-16 15:14 . 2009-04-16 15:14 -------- d-----w c:\program files\CONEXANT
2009-04-16 15:12 . 2009-04-16 15:12 -------- d-----w c:\program files\Synaptics
2009-04-16 15:12 . 2009-04-16 15:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-16 15:05 . 2009-04-16 15:05 -------- d-----w c:\documents and settings\Tharun\Application Data\Windows Desktop Search
2009-04-16 14:44 . 2009-04-16 14:44 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-03-26 21:08 . 2009-04-17 01:46 329752 ----a-w c:\windows\system32\drivers\iaStor.sys
2009-03-26 21:08 . 2009-04-17 01:50 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-26 21:08 . 2009-04-17 01:50 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-26 21:08 . 2009-04-17 01:50 990208 ----a-w c:\windows\system32\syssetup.dll
2009-03-26 21:08 . 2009-04-17 01:49 140288 ----a-w c:\windows\system32\sfc_os.dll
2009-03-26 17:23 . 2009-04-17 01:50 756224 ----a-w c:\windows\system32\winntbbu.dll
2009-03-26 17:23 . 2009-04-17 01:49 4569 ----a-w c:\windows\system32\secupd.dat
2009-03-17 10:34 . 2009-03-17 10:34 -------- d-----w c:\documents and settings\Tharun\Application Data\Media Player Classic
2009-03-17 10:12 . 2009-03-17 10:11 -------- d-----w c:\program files\DivX
2009-03-17 10:11 . 2009-03-17 10:11 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-16 20:48 . 2009-04-17 01:51 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 20:48 . 2009-04-17 01:51 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 20:48 . 2009-04-17 01:45 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 20:48 . 2009-04-17 01:44 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 21:57 . 2009-04-17 01:45 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 21:57 . 2009-04-17 01:45 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 21:57 . 2009-04-17 01:45 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 11:04 . 2009-04-17 01:50 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:04 . 2009-04-17 01:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:03 . 2009-04-17 01:45 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:03 . 2009-04-17 01:50 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:02 . 2009-04-17 01:45 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:02 . 2009-04-17 01:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:01 . 2009-04-17 01:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:01 . 2009-04-17 01:48 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:01 . 2009-04-17 01:48 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 10:52 . 2009-04-17 01:48 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-02 08:30 . 2009-04-16 14:27 22024 ----a-w c:\windows\system32\drivers\tdtcp.sys
2009-02-24 19:35 . 2009-03-17 10:11 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 . 2009-03-17 10:11 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 . 2009-03-17 10:11 43528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-02-24 19:35 . 2009-03-17 10:11 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2009-03-17 10:11 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-03-17 10:11 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-09 18:38 . 2009-04-17 01:50 1847552 ----a-w c:\windows\system32\win32k.sys
2009-02-07 02:08 . 2009-04-17 01:48 407552 ----a-w c:\windows\system32\netlogon.dll
2009-01-23 23:38 . 2009-04-17 01:49 92424 ----a-w c:\windows\system32\rdpdd.dll
2009-01-23 23:35 . 2009-04-17 01:48 133120 ----a-w c:\windows\system32\msv1_0.dll
2009-01-23 17:15 . 2009-04-17 01:48 715264 ----a-w c:\windows\system32\ntdll.dll
2009-01-21 21:43 . 2009-04-16 14:27 1328968 ----a-w c:\windows\system32\msxml4.dll
2009-01-21 21:42 . 2009-04-16 14:27 88904 ----a-w c:\windows\system32\msxml4r.dll
2009-01-21 18:46 . 2009-04-17 01:48 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-01-20 22:48 . 2009-04-17 01:46 56832 ----a-w c:\windows\system32\dot3msm.dll
2009-01-20 22:44 . 2009-04-17 01:46 132096 ----a-w c:\windows\system32\dot3svc.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-03-26 21:08 361600 25A740D70E8007814A48D3FA1B34FA34 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TopDesk"="c:\program files\TopDesk\topdesk.exe" [2006-03-01 201216]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-04-18 06:38 176128 ----a-w c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"hpqwmiex"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"cmdAgent"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-17 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-17 24336]
R3 Flash1;Flash1;c:\program files\SP36869\winphlash\Flash1.sys [2006-03-01 3456]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be086c4-2bde-11de-8f58-0013025c6b7b}]
\Shell\AutoRun\command - F:\husyu8n.exe
\Shell\open\Command - F:\husyu8n.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {EBC46F27-C301-4012-AC7D-21BCAA5E5C8F} = 203.145.184.32,203.145.184.40
FF - ProfilePath - c:\documents and settings\Tharun\Application Data\Mozilla\Firefox\Profiles\m622jmws.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1417001333-1644491937-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(288)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(924)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-04-19 17:54
ComboFix-quarantined-files.txt 2009-04-19 12:24

Pre-Run: 19,541,041,152 bytes free
Post-Run: 19,533,832,192 bytes free

236

Any help ?

  • 2 Contributors
  • 2 Replies
  • 181 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by jholland1964
Member Avatar for jholland1964

Who told you to run combofix, and WHY? It appears you have run it more than once. WHY was it run more than one time? I quote here from combofix instructions at bleepingcomputer

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

This tool is a very specialized tool and only called for in certain circumstances and when specific indicators are evident from other tool logs. It appears you have not run those tools, at least you didn't include them here.
This is what we need:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Next download and run a Full System Scan with HiJackThis and save the log.
Post back here with the MBA-M log and the HiJackThis log.

Member Avatar for jholland1964

Who told you to run combofix, and WHY? It was run incorrectly as both the av program and firewall were running at the time of the scan. All security programs are supposed to be turned off when it is run as they will interfere with the proper running of the program. It also appears you have run it more than once. WHY? Running it more than once is NOT usual procedure except under specific circumstances and then it would be run in a completely different way.
I quote here from combofix instructions at bleepingcomputer

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

This tool is a very specialized tool and only called for in certain circumstances and when specific indicators are evident from other tool logs. It appears you have not run those tools, at least you didn't include them here.
This is what we need right now:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Next download and run a Full System Scan with HiJackThis and save the log.
Post back here with the MBA-M log and the HiJackThis log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.