What about the Combofix log?
---------
Disable Spybot's TeaTimer
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
----------
Enable Viewing Of Hidden System Files & Folders
1. Click
Start.
2. Select
Control Panel.
3. Select the
Tools menu and click
Folder Options.
4. Select the
View Tab.
5. Under the Hidden files and folders heading select
Show hidden files and folders.
6.
Uncheck the Hide extensions for known file types option.
7.
Uncheck the Hide protected operating system files (recommended) option.
8. Click
Apply.
9. Click
OK.
----------
Open HijackThis and select
Do a system scan only then place a check mark next to:
O2 - BHO: {2caedc36-6ff4-7ec9-4014-089d03b0c4cd} - {dc4c0b30-d980-4104-9ce7-4ff663cdeac2} - C:\WINDOWS\system32\mlsciexr.dll (file missing)
O2 - BHO: (no name) - {EA1E9D10-D79E-475E-B673-5BE194A041E5} - C:\WINDOWS\system32\awtqp.dll (file missing)
O4 - HKLM\..\Run: [382ac0cd] rundll32.exe "C:\WINDOWS\system32\ibfpshbd.dll",b
Close all windows except for HijackThis and click
Fix checked
----------
Double click My Computer from the desktop and locate this file/folder and delete it. (in bold)
C:\WINDOWS\system32\
ibfpshbd.dll
----------
Post a new HijackThis log along with the combofix log.