In between the first Combofix and this one, you downloaded and installed HitmanPro.
Why did you do that?
2010-04-07 17:57 . 2010-04-07 17:57 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-07 17:49 . 2010-04-07 20:51 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-07 17:49 . 2010-04-07 17:57 -------- d-----w- c:\programdata\Hitman Pro
2010-04-07 17:49 . 2010-04-07 17:49 -------- d-----w- c:\program files\Hitman Pro 3.5
Some days I have to stop and ask myself why I do this! You changed the system when you did that.
Is there a particular reason you don't recommend the Hitman program?
Yes, a few. Based on what I read and the cleaning programs I run. Others may think differently. The publisher's description is:
Anti-spyware program combines up to six popular engines to maximize removal effectiveness.
Part is personal preference, wanting to maintain control over my system. Hitman is also different in the versions. One main objection is the use of multiple programs that are free on the internet. Depending on the program, it should prevent and/or remove. While the scans with Hitman are free, removal of the malware can only be done within the 30 trial.
Hitman Pro (version 1 and 2) automatically downloads, installs and runs third party anti-spyware and anti-adware programs that are freely available on the Internet:
[*] Eset NOD32 antivirus system (trial, expires in 30 days)
[*] Webroot Spy Sweeper (trial, expires in 7 days)
[*] PC tools Spyware doctor (demo, will not clean anything)
[*] Lavasoft AdAware SE (freeware)
[*] Safer Networking Spybot - Search & Destroy (freeware)
[*] TrendMicro CWShredder (freeware)
[*] JavaCool Software SpywareBlaster (freeware)
[*] McAfee VirusScan SuperDAT (virus signature definition updates, McAfee PrimeSupport license required for qualifying product)
[*] Ewido Micro Scanner (freeware)(AVG)
The scan time was very long, the program used many system resources and errors in the used third party programs could cause system instability.
Hitman Pro is using other people’s knowledge without their permission. NOD32 has granted permission to use their software. Software producer Lavasoft is in discussion with Mr. Loman over changes to the program before granting any official permission to implement their software and McAfee says they did not grant permission and claim no knowledge at all of the program with no further comment.
Hitman Pro 3 uses a white list that includes Windows system files and other (safe) files that are present on most PCs.
Hitman Pro 3 also requires a license key to remove malware found on a users computer, however it does offer a free 30-day trial.
The new version of Hitman Pro, version 3, uses:
- NOD32 Antivirus
- Avira AntiVir
- Prevx
- G DATA Anti-Virus
- a-squared Anti-Malware
Virus scanners are not installed on the local computer, but in the scan cloud on Internet
Unlimited
free scanning and free
30-day version to remove detected malware
None of these programs- alone or together have the power of a program like Combofix- or other 'intensive' programs. While Hitman may resolve one problem, that does not mean all of the malware has been removed.
Most of the logs I see have multiple malware infections. Some, like the DNS Changer malware, will require a DNS flush and a router reset. If that isn't done, the resolution to the problem is only temporary.
[/QUOTE]
Remove my cleaning tools:
Uninstall ComboFix and all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTCleanIt by OldTimer and save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
- Go to Start > All Programs > Accessories > System Tools
- Click "System Restore".
- Choose "Create a Restore Point" on the first screen then click "Next".
- Give the Restore Point a name> click "Create".
- Go back and follow the path to > System Tools.
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
More details and screenshots for Disk Cleanup in Windows Vista can be found here.