Just can't get all the bugs off!

**MichiganGirl** · 2007-07-29, 17:18

I was getting pop-up IE and Firefox windows. I disabled system restore. Then scanned in regular and safe modes with: Adware SE Professional, Spybot S&D, Spyware Blaster, and AVG AntiSpyware.

Then I realized that on Spybot it let something change my IE settings to allow all cookies and being able to download everything. Last night I got avast anti-virus, and it took off a few things. But I'm still getting a pop-up tab in Firefox, and I dare not even use IE.

I took off things from the allow list in Spybot, so it should ask me if I want to allow the changes in IE settings, but it still resets my IE options when I start the computer!

Is there anything that can help? I'm really fed up with this!

Thanks.

**steamwiz** · 2007-07-29, 20:31

Hi

First ... turn system restore back on & make st=ure you have a valid retore point, even an infected restore point is better than none...

THEN...

Download a self-extracting copy of HijackThis from :-
http://downloads.malwareremoval.com/hijackthis_sfx.exe
1. save it to your Desktop.
2. Double-click on the file hijackthis_sfx.exe and it will self-extract into its own folder,
C:\Program Files\HijackThis
3. Go to this folder and run the hijackthis.exe file
4. click Do a system scan and save a logfile
5. Copy & paste the logfile into your next post here...

steam

**MichiganGirl** · 2007-07-31, 01:53

Logfile of HijackThis v1.99.1
Scan saved at 7:49:26 PM, on 7/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\FCyberAlert\Syslogin.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and

Settings\Anisah\Desktop\Downloads\hijackthis\HijackT

his.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ie/default

s/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ie/default

s/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.pageaday.com/pad/2007CATS/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://red.clientapps.yahoo.com/customize/ie/default

s/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ie/default

s/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ie/default

s/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ie/default

s/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows Internet

Explorer provided by Comcast
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Inter

net Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) -

{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) -

~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) -

{3964D8D6-86D0-493A-B460-A805B5401114} -

C:\WINDOWS\System32\mljhggd.dll (file missing)
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -

{60875658-630e-4dfa-84d3-806432bdc66d} -

C:\WINDOWS\System32\vvdiais.dll
O2 - BHO: (no name) -

{706706E8-3111-423C-B165-69AD659F541C} - (no file)
O2 - BHO: (no name) -

{72F6D9A2-853F-41ED-AC9F-62E1CB8E7639} - (no file)
O2 - BHO: PeoplePC ScamGuard -

{7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - c:\program

files\peoplepc\toolbar\scamgrd.dll
O2 - BHO: (no name) -

{A01FE583-05C0-49EB-AF73-C13FDE6DF8AF} -

C:\WINDOWS\System32\ssttr.dll (file missing)
O2 - BHO: (no name) -

{A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) -

{AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) -

{FD4AE849-FEDD-4564-A873-D3EA7592F76B} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program

Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program

Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FamilyCyberAlert]

C:\WINDOWS\system32\FCyberAlert\Syslogin.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: Open with ScanSoft PDF

Converter 4.0 - res://C:\Program Files\ScanSoft\PDF

Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(Installation Support) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -
O16 - DPF: {74CAD4F9-5085-4F13-8CD5-7F96F4D0B768} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}

(CamImage Class) -
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\
O20 - Winlogon Notify: mljhggd - mljhggd.dll (file

missing)
O20 - Winlogon Notify: ssttr -

C:\WINDOWS\System32\ssttr.dll (file missing)
O23 - Service: avast! iAVS4 Control Service

(aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"

/service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"

/service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT

s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: DomainService - Unknown owner -

C:\WINDOWS\System32\qwerty12.exe (file missing)
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel,

Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony

Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service

(TUWinStylerThemeSvc) - TuneUp Software GmbH -

C:\Program Files\TuneUp Utilities

2004\WinStylerThemeSvc.exe
O23 - Service: Windows User Mode Driver Framework

(UMWdf) - Unknown owner -

C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) -

Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**steamwiz** · 2007-07-31, 18:22

Hi

Please download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".

7. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix until it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

Keep running vundofix untill it gives you the message "no infected files were found"

-
Before you post your next hjackthis log, at the top of the log, click "format" ... uncheck "wordwrap" the check it again...

steam

**MichiganGirl** · 2007-08-01, 16:48

Thanks Steamwiz. I got that and scanned. It found nothing.

From my scans it seems to be called WhyPPC, or at least that's something that my programs keeps deleting.

I'm probably gonna have to redo the computer. I was trying to avoid that.

Anyone have anything else I can try first?

Thanks.

**steamwiz** · 2007-08-01, 23:09

HI

You have nothing we can't fix, there is no need to "redo the computer"

I'd still like to see the log from vundofix ... even if it did fund nothing... I'd like to see the header...

& a new hijackthis ... the one you posted is very hard to read ... but does show malware.. see my last post for what to do before posting a new one...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

steam

**MichiganGirl** · 2007-08-02, 17:37

Here is the log for Vundo Fix:

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:34:53 PM 7/31/2007

Listing files found while scanning....

No infected files were found.

I ran Spyware doctor, then Combo fix. Here is the Combo fix log:

ComboFix 07-07-30.2 - "Anisah" 2007-08-02 10:36:14.2 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

2007-08-01 22:42 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-01 22:42 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-01 22:42 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-01 22:42 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-08-01 22:42 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-01 22:41 <DIR> d-------- C:\DOCUME~1\Anisah\APPLIC~1\PC Tools
2007-08-01 22:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-01 22:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 23:34 <DIR> d-------- C:\VundoFix Backups
2007-07-30 15:56 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-30 15:54 <DIR> d-------- C:\Program Files\Kitty Luv
2007-07-29 13:29 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-29 13:29 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-29 13:29 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-29 13:29 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-29 00:30 <DIR> d-------- C:\Program Files\Safer Networking
2007-07-28 10:23 1,760,645 ---hs---- C:\WINDOWS\system32\rttss.bak2
2007-07-26 12:39 6,466 ---hs---- C:\WINDOWS\system32\rttss.bak1
2007-07-26 12:34 926,352 -r-hs---- C:\WINDOWS\chhgudkA.exe
2007-07-26 12:34 171,520 --a------ C:\WINDOWS\system32\vvdiais.dll
2007-07-26 12:34 <DIR> d-------- C:\Temp\0c2
2007-07-26 12:33 <DIR> d-------- C:\Temp\brr
2007-07-26 12:33 <DIR> d-------- C:\Temp
2007-07-26 08:30 147,456 --a------ C:\WINDOWS\system32\AbsoluteHttp.dll
2007-07-26 08:30 1,392,671 --a------ C:\WINDOWS\system32\msvbvm60.dll
2007-07-26 08:30 <DIR> d-------- C:\WINDOWS\system32\FCyberAlert
2007-07-25 14:00 <DIR> d-------- C:\Program Files\iPod
2007-07-25 13:59 <DIR> d-------- C:\Program Files\iTunes
2007-07-25 13:41 <DIR> d-------- C:\Program Files\QuickTime
2007-07-25 13:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-24 15:48 <DIR> d-------- C:\Program Files\Aurelon PhotoPro
2007-07-23 11:24 <DIR> d-------- C:\Program Files\support.com
2007-07-23 11:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-07-16 09:03 <DIR> d-------- C:\DOCUME~1\Anisah\APPLIC~1\Snapfish
2007-07-16 08:32 45,152 --------- C:\WINDOWS\system32\PPCOUNIN.exe
2007-07-16 08:09 <DIR> d-------- C:\Program Files\Common Files\PeoplePC

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 08:16 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-31 23:24 --------- d-------- C:\Program Files\FTM
2007-07-27 17:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 17:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 16:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-26 18:34 --------- d-------- C:\Program Files\SpywareBlaster
2007-07-26 12:34 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-26 10:20 --------- d-------- C:\DOCUME~1\Anisah\APPLIC~1\XnView
2007-07-25 13:38 --------- d-------- C:\Program Files\Apple Software Update
2007-07-25 13:08 --------- d-------- C:\Program Files\MSN Messenger
2007-07-25 11:12 --------- d-------- C:\Program Files\FontExpert
2007-07-23 11:26 --------- d-------- C:\Program Files\BroadJump
2007-07-20 15:35 --------- d-------- C:\DOCUME~1\Anisah\APPLIC~1\Snappy Fax 2000
2007-07-16 09:03 4329 --a------ C:\WINDOWS\mozver.dat
2007-07-16 08:32 --------- d-------- C:\Program Files\PeoplePC
2007-06-27 15:05 --------- d-------- C:\Program Files\Sony
2007-06-27 15:01 --------- d-------- C:\DOCUME~1\Anisah\APPLIC~1\Aim
2007-06-15 06:13 --------- d-------- C:\Program Files\AIM
2007-06-07 21:18 --------- d-------- C:\DOCUME~1\Anisah\APPLIC~1\Viewpoint
2007-05-02 21:50 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2006-02-10 15:45 1740 --a------ C:\Program Files\Adobe Reader 7.0.lnk

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60875658-630e-4dfa-84d3-806432bdc66d}]
2007-07-26 12:34 171520 --a------ C:\WINDOWS\System32\vvdiais.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{706706E8-3111-423C-B165-69AD659F541C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72F6D9A2-853F-41ED-AC9F-62E1CB8E7639}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD4AE849-FEDD-4564-A873-D3EA7592F76B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhggd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anisah^Start Menu^Programs^Startup^Firefox.lnk]
path=C:\Documents and Settings\Anisah\Start Menu\Programs\Startup\Firefox.lnk
backup=C:\WINDOWS\pss\Firefox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6200\BIN\PPCOLink.exe -STATION

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
"C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]
"C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PuttPuttMoon.exe]
C:\DOCUME~1\Anisah\Desktop\DOWNLO~1\PUTTPU~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartMeSGS]
C:\Program Files\SOS Online Backup\SOS Online Backup v1.3\sosuploadagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\TISKY009.exe SKY009

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\System32\DRIVERS\e100b325.sys
R3 i81x;i81x;C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
R3 IKFileFlt;File Filter Driver;C:\WINDOWS\System32\drivers\ikfileflt.sys
R3 IKFileSec;File Security Driver;C:\WINDOWS\System32\drivers\ikfilesec.sys
R3 IkSysFlt;System Filter Driver;C:\WINDOWS\System32\drivers\iksysflt.sys
R3 IKSysSec;System Security Driver;C:\WINDOWS\System32\drivers\iksyssec.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\System32\drivers\MxlW2k.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\System32\Drivers\BW2NDIS5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\System32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
S3 pmxscan;Memorex USB Kernel;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Anisah\LOCALS~1\Temp\tni1F.tmp
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service;C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Contents of the 'Scheduled Tasks' folder
2007-07-27 22:25:26 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
2007-07-25 18:38:41 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-02 05:00:01 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 14:00:03 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 15:00:01 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 16:00:01 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 17:00:05 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 18:00:04 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 19:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 20:00:02 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 21:00:01 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 22:00:03 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-01 23:00:01 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 06:00:00 C:\WINDOWS\Tasks\At2.job
2007-08-02 00:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 01:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 02:00:06 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 03:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 04:00:16 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 07:00:02 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 08:00:06 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 09:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 10:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 11:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\yk4awMYE.exe
2007-08-02 13:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\System32\yk4awMYE.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 10:54:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 10:59:16
C:\ComboFix-quarantined-files.txt ... 2007-08-02 10:58
C:\ComboFix2.txt ... 2007-08-01 22:33

--- E O F ---

I can't post my hijack this in the same post, so I'll post it next. Thanks so much for your help!

**MichiganGirl** · 2007-08-02, 17:40

My hijack this log. I thought I had removed all entries that said no file, except for the wdfmgr.exe one, someone told me not to remove it, but they're all back again. After I did hijack this, they kept trying to get back on, and I could not click deny, I had to x out of the teabot notifications.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:23 AM, on 8/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Anisah\Desktop\Downloads\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pageaday.com/pad/2007CATS/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60875658-630e-4dfa-84d3-806432bdc66d} - C:\WINDOWS\System32\vvdiais.dll
O2 - BHO: (no name) - {706706E8-3111-423C-B165-69AD659F541C} - (no file)
O2 - BHO: (no name) - {72F6D9A2-853F-41ED-AC9F-62E1CB8E7639} - (no file)
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - c:\program files\peoplepc\toolbar\scamgrd.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: (no name) - {FD4AE849-FEDD-4564-A873-D3EA7592F76B} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74CAD4F9-5085-4F13-8CD5-7F96F4D0B768} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
O20 - Winlogon Notify: ddayx - C:\WINDOWS\
O20 - Winlogon Notify: mljhggd - C:\WINDOWS\
O20 - Winlogon Notify: ssttr - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

When I start or restart my computer, something comes up that says Configuration settings have changed, and it takes me to setup, but I just exit out of setup. Does that have anything to do with any of the bugs?

Thanks again!

**steamwiz** · 2007-08-02, 21:35

Hi

The vundofix log shows your java is out-of-date

jre1.5.0 now has update _11 ... But jre1.6.0 is much faster...

Go to add/remove programs and uninstall any earlier versions ... (jre1.5.0.6)

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6' and press the 'Download' button.

Running an out-of-date version of java is an infection risk.

-

Originally Posted by MichiganGirl

When I start or restart my computer, something comes up that says Configuration settings have changed, and it takes me to setup, but I just exit out of setup. Does that have anything to do with any of the bugs?

Thanks again!

No this has nothing to do with malware ... it's because you've unchecked items in Msconfig (startup tab) ... just check the box which says " don't show this again"

-
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

Code:

File::
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\chhgudkA.exe
C:\WINDOWS\system32\vvdiais.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job 
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\VundoFix Backups
C:\Temp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60875658-630e-4dfa-84d3-806432bdc66d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{706706E8-3111-423C-B165-69AD659F541C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72F6D9A2-853F-41ED-AC9F-62E1CB8E7639}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD4AE849-FEDD-4564-A873-D3EA7592F76B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhggd] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]

Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam

**MichiganGirl** · 2007-08-03, 03:32

Originally Posted by steamwiz

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

I got the newer Java. But when I tried to drag that text file to Combo Fix, it just rearranged the files, it did not open it at all. How do I get it to open it?

Thread: Just can't get all the bugs off!

Thread Tools

Display

Just can't get all the bugs off!

My Hijackthis Log

Posting Permissions