Hi.

I recently fixed a bunch of problems on my PC only to find that I can't turn on auto updates. I ran Sbybot S & D and it gave 2 entries for Virtumonde. I told it to fix selected and it claimed to have fixed the issue but subsequent scans told me they were still there. I ran Vundo fix in safe mode and it found no infections. I also ran Virtumundobegone and once complete it BSODed me in order to force a restart but still did not fix the issue.

As for the update problem I tried to change the setings in services.msc and I tried the tweak on Kellys-Korner to no avail. I also deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\NoWindowsUpdate from the registry, and tried to find and delete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate and AUOptions
but could not either. In fact I couldn't find \WindowsUpdate\.
I did find and delete
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\AUOptions
but deleting it also had no effect.

I have researched this to the point of headaches and can find no solutions. Please help. I can't figure out how to remove Virtumonde if Vundofix can't even find it, and I've lost all hope of fixing the auto update thing on my own.

I ran a Hijack This scan in case the log gives you any clues.

Thanks in advance for any help you can give.

Hijack This and VMB logs follow

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:44, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [\YURA8.exe] C:\Windows\system32\YURA8.exe
O4 - HKLM\..\Run: [88cf0e4f] rundll32.exe "C:\WINDOWS\system32\ckrotklv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - https://td.nortonconfidenceonline.com/plug-in/NCO/WSAS.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)
O20 - AppInit_DLLs: uhzssd.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7700 bytes


[09/19/2008, 2:57:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Erin\Desktop\VirtumundoBeGone.exe" )
[09/19/2008, 2:57:37] - Detected System Information:
[09/19/2008, 2:57:37] - Windows Version: 5.1.2600, Service Pack 3
[09/19/2008, 2:57:37] - Current Username: Erin (Admin)
[09/19/2008, 2:57:37] - Windows is in SAFE mode.
[09/19/2008, 2:57:37] - Searching for Browser Helper Objects:
[09/19/2008, 2:57:37] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:37] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:37] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:37] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:37] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - No filename found. Continuing.
[09/19/2008, 2:57:37] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:37] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:37] - BHO 11: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\iifdbbbA
[09/19/2008, 2:57:37] - Found: HKLM\...\Winlogon\Notify\iifdbbbA - This is probably Virtumundo.
[09/19/2008, 2:57:37] - Assigning {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} MSEvents Object
[09/19/2008, 2:57:37] - BHO list has been changed! Starting over...
[09/19/2008, 2:57:37] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:37] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:37] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:37] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:37] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - No filename found. Continuing.
[09/19/2008, 2:57:37] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:37] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:37] - BHO 11: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} (MSEvents Object)
[09/19/2008, 2:57:37] - ALERT: Found MSEvents Object!
[09/19/2008, 2:57:37] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/19/2008, 2:57:37] - BHO 13: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
[09/19/2008, 2:57:37] - BHO 14: {f07be955-9983-4e19-81ff-9c718a267e78} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\uhzssd
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\uhzssd, continuing.
[09/19/2008, 2:57:37] - Finished Searching Browser Helper Objects
[09/19/2008, 2:57:37] - *** Detected MSEvents Object
[09/19/2008, 2:57:37] - Trying to remove MSEvents Object...
[09/19/2008, 2:57:38] - Terminating Process: IEXPLORE.EXE
[09/19/2008, 2:57:38] - Terminating Process: RUNDLL32.EXE
[09/19/2008, 2:57:38] - Disabling Automatic Shell Restart
[09/19/2008, 2:57:38] - Terminating Process: EXPLORER.EXE
[09/19/2008, 2:57:38] - Suspending the NT Session Manager System Service
[09/19/2008, 2:57:39] - Terminating Windows NT Logon/Logoff Manager
[09/19/2008, 2:57:39] - Re-enabling Automatic Shell Restart
[09/19/2008, 2:57:39] - File to disable: C:\WINDOWS\system32\iifdbbbA.dll
[09/19/2008, 2:57:39] - Removing HKLM\...\Browser Helper Objects\{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Removing HKCR\CLSID\{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Adding Kill Bit for ActiveX for GUID: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Deleting ATLEvents/MSEvents Registry entries
[09/19/2008, 2:57:39] - Removing HKLM\...\Winlogon\Notify\iifdbbbA
[09/19/2008, 2:57:39] - Searching for Browser Helper Objects:
[09/19/2008, 2:57:39] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:39] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:39] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:39] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:39] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:39] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - No filename found. Continuing.
[09/19/2008, 2:57:39] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:39] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:39] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:39] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/19/2008, 2:57:39] - BHO 12: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
[09/19/2008, 2:57:39] - BHO 13: {f07be955-9983-4e19-81ff-9c718a267e78} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\uhzssd
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\uhzssd, continuing.
[09/19/2008, 2:57:39] - Finished Searching Browser Helper Objects
[09/19/2008, 2:57:39] - Finishing up...
[09/19/2008, 2:57:39] - A restart is needed.
[09/19/2008, 2:57:39] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[09/19/2008, 2:58:04] - Attempting to Restart via STOP error (Blue Screen!)

Hello Digibetti and welcome at Geekstogo,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Thunderbird1988

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.