what is this thing and how can I get rid of it?

[haus_kat]

okay, I have done the other scans too

[Saving space, attachment deleted by admin]

[SuperDave]

Thank you. Please do this:

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
(Description: For fuji cameras - only needed when you are going to uninstall the software.)

O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
(Description: This is a shortcut that has been disabled. You may remove this without any ill effects.)

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[haus_kat]

okay, I have done this scan also.
I have done so many scans that you have asked. I'm surprised that each scan keeps finding something new just when I thought the computer was finally clean!

[Saving space, attachment deleted by admin]

[SuperDave]

Hello haus_kat. Infection removal can be a long and tedious process but it looks as if you're in the clear. I just need you to run another HJT scan and paste it here.

[haus_kat]

okay, here is the hjt log. thanks for helping!

[Saving space, attachment deleted by admin]

[SuperDave]

Hello haus_kat. You HJT log looks good and if there are no other issues, we'll do some clean-up.

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

You can uninstall HJT. SAS & MBAM can be kept and update and run them about once a week to keep your computer clean.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Then hit Enter

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Safe Surfing.

[haus_kat]

I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan. I have been unable to remove ComboFix. It won't uninstall because it says that Microsoft Security Essentials prevents it or something.

I have SpywareBlaster and I also got WOT some time ago but it just disappeared one day by itself. I guess you can only have one app at a time on FireFox? I installed another one after WOT and then I didn't see WOT there any more.

[SuperDave]

I don't understand. I installed Online Armor days ago (mentioned in a previous post) and it was running when I did HJT scan.

I'm sorry about the message about the Firewall. I'm trying to juggle too many fixes at once. Try this to remove ComboFix:

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt

I'm not sure what the issue is with WOT on Firefox. You might be able to get some info on this link where you can visit their support site.

[haus_kat]

I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names.

[SuperDave]

I found and deleted everything except for C:\Combo-Fix folder and C:\Combo-Fix-quarantined-files.txt I searched for them but the computer found nothing with those names.

They must have been removed in a previous fix.  It looks like you're good to go. Luck.

[haus_kat]

Thanks for all your help!

[Tun Naing]

In my computer, i saw virus with the name of "Net.Worm.Win32.kido.jq"
so how can i clean it .I have only Kaspersky trial version 8.0
please suggest me.

[SuperDave]

Tun Naing. The best way to get help is to go to the first thread in this forum (Read this before requesting malware removal help) and follow the directions, then start a thread of your own and post the necessary logs.