Search:

Blade,

We followed your final instructions to uninstall ComboFix, as well as delete DDS and the associated log files. We installed the newest Acrobat Reader as you mentioned early on.

Also, we...

Blade...

We had not been using the infected computer (other than performing your operations for cleansing it) up until now. It appears that the redirection problem has disappeared. Links from...

Blade,

As per your instructions...

1) Uninstalled old version of Adobe Reader. (Will install newest version after we're done here.)

2) Dragged your quotebox text into JoanComboFix.exe. (NO...

Thanks a lot for your quick response, Blade. It's much-appreciated!

As per your instructions...

1) Uninstalled old/vulnerable Javas.

2) Downloaded Recovery Console and ComboFix.

NOTE: We...

Thanks in advance for the help, Blade.

As per your instructions, we ran DDS and have copied both files below...

LOG 1:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Joan Zulauf at 11:34:29.15 on...

Hi guys...

You all helped me out last year with an infection on my computer. Now I'm looking for your help with my mom's computer. As mentioned in the title, her computer has been redirecting to...

Dear RiP,

Don't know if this is the correct place to do this, so my apologies if I'm out of line. The original thread that we used to "get me clean" was just recently archived so I can't reply...

RiP,

Ran a final S&D...showed a couple of minor cookies from the Kaspersky site. Wiped them out.

On McAfee AV, my first scan showed a few infected items linked to that MoveIt program and...

Hi RiP,

I deleted that email that you mentioned.

After reboot, things seemed to be working better than they have for quite some time. No popup windows. No warnings coming from my McAfee. Of...

RiP,

Here is the Kaspersky log you asked to see. Looks yucky to me...but hope I'm wrong! Note that the first item on the list is flagged: the file contains a plain text javascript code snippet...

C:\WINDOWS\SYSTEM32\jsdjvjae.ini moved successfully.
C:\WINDOWS\SYSTEM32\euvwtncw.ini moved successfully.
C:\WINDOWS\SYSTEM32\vgpcdgux.ini moved successfully.
C:\WINDOWS\SYSTEM32\qkortegf.ini...

Thanks for the continued help, RiP...

FYI: No error messages, hang-ups, stalls, etc. while running the ATF and OTMoveIt routines.

Latest HJT log below. OTMoveIt log will follow in next post.
...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:07 PM, on 12/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

RiP,

Once again on CF, noticed these messages:

1) Access violation "swreg.cfexe".
2) SED: Can't access temp02: No such file or directory.
3) C:\ComboFix\DirRoot "Not available" (I think was...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:23 AM, on 12/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
...

RiP,

During this ComboFix, I noticed a couple of messages similar to those I mentioned during my first post about CF. One mentioned something about an "access violation due to swreg.exe" and...

Can't say it enough...Thanks, RiP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:34 PM, on 12/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1...

ComboFix 07-12-15.1 - John 2007-12-16 17:38:15.10 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.629 [GMT -5:00]
Running from: C:\Documents and...

RiP...

After my last post about stalled ComboFix, I did some more research here on the forums and found another user who had the same issue. I followed the instructions and got CF to continue by...

RiP...

Sorry for the delay. I spent time backing up as much of my data as I could the past 24 hours or so.

The issue I've been having is in getting through ComboFix (CF).

When I run CF, I...

RiP...

Thanks for your help.

I followed your instructions about disabling TeaTimer. I downloaded the ComboFix.exe program file to my laptop, burned it to CD and am preparing to move it onto my...

Thank you, RiP. Yes...I'm still in need of help. I appreciate your reply.

I will post a new HJT log below. I've been staying offline with the infected computer and using this laptop to stay in...

Hello folks,

I've been working through trying to clean up my computer from a trojan/virus that I believe infected me starting last week. Your forum has been great with all the info provided. I'm...