[My Hijackthis Log For Review[RESOLVED]]

Can you report the Kaspersky log if you still have it? Something along the way corrupted it, and I can't really work with it the way it is.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

• J2SE Runtime Environment 5.0 Update 7
  J2SE Runtime Environment 5.0 Update 9
  Java™ SE Runtime Environment 6 Update 1
  LimeWire 4.16.7
  

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select NO.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:

• Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer
  

Please reboot your computer before continuing.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.

-Ryan

[Does My Laptop Has Any Malwares?[INACTIVE]]

A slow computer does not always mean malware. Since neither the HJT log nor the MBAM log are showing any traces, I believe that this is the case with your computer.

For information on how to fix a slow computer, see http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

For information on how to stay uninfected in the future, read Infection Prevention

Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Let's get an antivirus installed since I didn't see one, and see if a boot time scan reveals anything.

== Install avast! 4 Home ==

Download Avast! 4 Home and get your free Registration Key.

Install avast!, and restart your computer if needed.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

• Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
  Next, choose:
  • Scan all local disks
    
  • scan archive files
    

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\mrwfhtui.ini

C:\WINDOWS\system32\g7.exe

C:\WINDOWS\system32\wvbjiohp.ini

C:\WINDOWS\system32\yyvwxnah.ini

C:\WINDOWS\system32\yfciidcn.ini

C:\18.bat

C:\Documents and Settings\dcomito\4459.bat

C:\42.bat

C:\Documents and Settings\dcomito\3723.bat

C:\460.bat

C:\Documents and Settings\dcomito\4238.bat

C:\371.bat

C:\Documents and Settings\dcomito\1430.bat

C:\52.bat

C:\Documents and Settings\dcomito\8679.bat

C:\WINDOWS\BM97213ab8.xml

C:\602.bat

C:\Documents and Settings\dcomito\2436.bat

C:\128.bat

C:\Documents and Settings\dcomito\7164.bat

C:\498.bat

C:\Documents and Settings\dcomito\5712.bat

C:\824.bat

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

Driver::

smp_lpt.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the latest ComboFix report.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

try wrapping your response in

[quote][/quote]

tags.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

If you have not yet run combofix, please download a new copy before proceding, and use the following as the script:

File::

C:\MapleDream\MapleDreamT003.exe

C:\Program Files\Delta Force Land Warrior\DFLWSetup-dm.exe

C:\Program Files\MonsterTruckStuntRallySetup-dm.exe

C:\Program Files\Project64 1.6\Plugin\Jabo_Dsound.dll

C:\Program Files\RCT2TripleThrillSetup-dm.exe

C:\Program Files\SnailMailSetup-dm.exe

C:\Program Files\WormsFortsSetup-dm.exe

C:\WINDOWS\system32\g88.exe

C:\WINDOWS\system32\LD4D6.tmp

C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

Folder::

C:\_\

C:\Documents and Settings\dcomito\My Documents\LimeWire\

The rest of the instructions regarding it remain the same.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Please go to UploadMalware to upload a suspicious file for analysis.

• Enter your username from this forum
  
• Copy and paste the link to this thread
  
• In the first box for files to submit, copy and paste the following: C:\PROGRA~1\COMMON~1\ffki\ffkim.exe
  
• In the comments, please mention that I asked you to upload this file
  
• Click on Send File
  

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\MapleDream\MapleDreamT003.exe

C:\Program Files\Delta Force Land Warrior\DFLWSetup-dm.exe

C:\Program Files\MonsterTruckStuntRallySetup-dm.exe

C:\Program Files\Project64 1.6\Plugin\Jabo_Dsound.dll

C:\Program Files\RCT2TripleThrillSetup-dm.exe

C:\Program Files\SnailMailSetup-dm.exe

C:\Program Files\WormsFortsSetup-dm.exe

C:\WINDOWS\system32\g88.exe

C:\WINDOWS\system32\LD4D6.tmp

Folder::

C:\_\

C:\Documents and Settings\dcomito\My Documents\LimeWire\

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.
  

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Can you attach it to a post?

-Ryan

[Help, My Computer's Got Issues![INACTIVE]]

Well, if you live in the Ukraine, go to http://whatmyip.com and PM me the number that it says is your IP address.

If you don't live in the Ukraine, let me konw, since that is enough of an answer.

-Ryan

[Services.exe[RESOLVED]]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[Assistance Please With Mass Mailer & Ie File Generator[INACTIVE]]

Please redo the instructions at http://www.besttechie.net/forums/index.php...st&p=113160 (including downloading Combofix and post the latest ComboFix report.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Rereun the OTMI2 instructions, this time pasting in the following: C:\Documents and Settings\dcomito\My Documents\s?stem\ /u

Once you've done that, please complete the following:

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:

• Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer
  

Please reboot your computer before continuing.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan, along with a new HiJack This log and an uninstall list, and let me know how the computer is running.

To obtain an Uninstall list.

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[Hijack This Log For Review[RESOLVED]]

Since the MBAM log was clean, and nothing in the HJT log is malicious, I think its safe to say that your problem isn't malware related.

I would make a thread in the Windows forum about this issue. Tell them that you've been through the malware forum, and that your copmuter is clean.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Open HiJack This and run a scan. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {072D5F0C-CA1D-4B87-A4C2-348F0089458C} - (no file)

O2 - BHO: (no name) - {10BFF6B2-7553-43BD-9C93-6DC96E4C1DE5} - C:\WINDOWS\system32\hgGxyVPG.dll (file missing)

O2 - BHO: (no name) - {1B582B8C-433A-4420-ACA8-F768D313B0EB} - (no file)

O2 - BHO: (no name) - {3D37CBC8-5D26-07D0-0214-5200CECCDBBB} - C:\WINDOWS\system32\rsmaeztl.dll (file missing)

O2 - BHO: (no name) - {451CED79-11D8-4D6C-B3DA-96E43AF65533} - C:\WINDOWS\system32\opnmMecc.dll (file missing)

O2 - BHO: (no name) - {4ACC409F-CCDA-4BC4-BA39-AA98CCF0637A} - (no file)

O2 - BHO: (no name) - {67678E09-5372-48A7-B044-37863861443A} - (no file)

O2 - BHO: (no name) - {6C858D3D-DC48-4D40-8A14-D8348DA008DD} - (no file)

O2 - BHO: (no name) - {85255ebb-c8e6-4ded-bfb5-28c008613ced} - (no file)

O2 - BHO: (no name) - {b91ed9fa-53a0-463e-81ba-f57f6285063b} - (no file)

O2 - BHO: (no name) - {F339E59C-DFF6-4AB7-A1F9-6399B96C91A2} - (no file)

O2 - BHO: (no name) - {FEAAB4DF-26A5-479A-B4A1-16D2A356D667} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O4 - HKCU\..\Run: [Vxsu] "C:\Documents and Settings\dcomito\My Documents\s?stem\m?iexec.exe"

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

Click on Fix Checked when finished and exit HijackThis.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  
• Copy the following item: purity
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt2
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-Ryan

[My Hijackthis Log For Review[RESOLVED]]

Hi there, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

[Hijack This Log For Review[RESOLVED]]

Hi there, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

[Please Help Me :)[RESOLVED]]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[Assistance Please With Mass Mailer & Ie File Generator[INACTIVE]]

Let's see if a boot time scan reveals anything.

== Install avast! 4 Home ==

Download Avast! 4 Home and get your free Registration Key.

Install avast!, and restart your computer if needed.

== Update avast! ==

Right click on the a in the taskbar and select Updating, then select Program.

Avast! will tell you when it has completed the update. If core files were updated, you may get a message asking you to restart. Please allow the computer to restart if prompted.

== Schedule a Boot-Time Scan ==

After you have updated avast! right click the a icon in the taskbar and click Start Avast! AntiVirus.

After this, you will need to Schedule Boot-Time Scan with avast! While all the steps needed to perform this are listed below, you may find a visual tutorial helpful as well.

• Click on the up arrow icon in the left corner, and select Schedule Boot-Time Scan.
  Next, choose:
  • Scan all local disks
    
  • scan archive files
    

Click on Schedule. Avast! will notify you that a system restart is needed. Please select Yes

Your computer will then restart, and avast! will perform the scan prior to Windows loading.

IMPORTANT NOTE: When avast! finds an infected item, it may give you a dialog box with recommended actions. If this happens, please select Move to Chest.

== Request logs ==

Please post the log of the avast scan. It can be found at C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

I would also like to see an Uninstall list. To obtain an uninstall list, please do the following:

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[Please Help Me :)[RESOLVED]]

Only thing I noticed was having a few old versions of Java installed.

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

• J2SE Runtime Environment 5.0 Update 6
  J2SE Runtime Environment 5.0 Update 9
  Java 2 Runtime Environment, SE v1.4.2_03
  Java™ 6 Update 3
  

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

-Ryan

[Please Help Me :)[RESOLVED]]

What browser are you using when you get that warning? Is it a toolbar that is giving the warning? If possible, can you post a screenshot of it?

Let's take a look at an uninstall list and see if anything is there that wasn't showing in the other logs.

To obtain an Uninstall list.

• Open HijackThis, click Config, click Misc Tools
  Click "Open Uninstall Manager"
  Click "Save List" (generates uninstall_list.txt)
  

-Ryan

[Please Help Me :)[RESOLVED]]

Those both look good. How's the computer running?

-Ryan

[Please Help Me :)[RESOLVED]]

There should be a save button, click that, and when it asks where to save it and as what name, there should be an option for save as filetype. CLick there, adn select as text.

-Ryan

[Please Help Me :)[RESOLVED]]

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Close all Internet Explorer, Firefox, and Opera windows before continuing.
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

== Clear System Restore==

Let's make a new restore point and clear the others:

• Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
  Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer
  

Please reboot your computer before continuing.

== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner

You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
  
• Once the files have been downloaded click on NEXT
  
  
• Now click on Scan Settings
  
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    
  • Extended (if available otherwise Standard)
    
  • Scan Options:
    
  • Scan Archives
    Scan Mail Bases
    

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.

-Ryan

[Please Help Me :)[RESOLVED]]

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\toqkhqii.ini

C:\WINDOWS\system32\yhufijth.ini

C:\WINDOWS\system32\uvsmfanu.ini

C:\WINDOWS\BM9f4962ae.xml

C:\WINDOWS\system32\xwmougla.ini

C:\WINDOWS\system32\iifdbxvv.dll

C:\Documents and Settings\Deanne's\services.exe

C:\WINDOWS\system32\tmp.reg

Folder::

C:\WINDOWS\system32\xcsDd18

C:\Temp\berDrv11

Driver::

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4AC5231-62AD-42A5-B012-A5601ED5455F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe9fbad5-b195-4e84-9511-04e0430e8ca6}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxvv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"9c7a5132"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{A4AC5231-62AD-42A5-B012-A5601ED5455F}"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.
  

-Ryan