Search:

I have scanned with spybot and fixed issues but they keep returning. Used ERUNT to back up system registry as directed. Here is my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan...

Hi Blade - thank you so much for your valuable help. All seems to be running fine now. I am running scans just to be sure. Windows has been updated.

Thanks again for your help!!!!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 14:53:23.03 on Thu 06/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1418 [GMT...

I thought I had done it correctly, but just in case I recopied and saved to notepad and then dropped the script into combofix. On reboot I got the blue screen of death with Invalid_Kernel_Handle...

ComboFix 09-06-09.06 - Administrator 06/10/2009 11:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1449 [GMT -5:00]
Running from: c:\documents and...

ComboFix 09-06-09.06 - Administrator 06/10/2009 10:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1563 [GMT -5:00]
Running from: c:\documents and...

Hi - I followed the instructions on your last post, however after double clicking the exe file the initial prompt to run comes up and I click run nothing else happens.

Logs as requested -


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 14:14:44.61 on Tue 06/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional ...

Hello- I have tried to remove this with spybot (had to drop the run command backup in a command prompt), adaware and symantec to no avail. below is my hijack this log:

Logfile of Trend Micro...

I have uninstalled Combofix. Thank you again for all of your help with this, you are truly a warrior - please continue the fight!

I am glad to hear the logs look good! The computer is running fine.

I did not find a temporary internet folder as noted. Emptied quarantine and ran HJT, here is the fresh log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:49:38, on 1/27/2009...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 26, 2009
Operating System: Microsoft Windows XP Professional...

HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0_09
HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0_10
HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0_11...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\ C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150000}...

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaPlugin.141
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaPlugin.141_01
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JavaPlugin.141_02...

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0000-0014-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components ACB9B14518A96D117A58000B0D410201...

HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0
HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0_02
HKEY_CURRENT_USER\Software\JavaSoft\Java2D\1.5.0_03...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150010}...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jre.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.1...

Malwarebytes' Anti-Malware 1.33
Database version: 1680
Windows 5.1.2600 Service Pack 3

1/22/2009 2:51:36 PM
mbam-log-2009-01-22 (14-51-36).txt

Scan type: Full Scan (C:\|)
Objects scanned:...

I could not sign on with the network log on for the user so I used the administrator logon.


SmitFraudFix v2.391

Scan done at 11:49:26.18, Thu 01/22/2009
Run from C:\Documents and...

SmitFraudFix v2.391

Scan done at 10:11:26.55, Thu 01/22/2009
Run from C:\Documents and Settings\s.grieger\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The...

Thank you soo much for your help. I have followed the last of your instructions for tool removal and have added more protection to this machine! You guys to a great job, thank you so much!

========== FILES ==========
LoadLibrary failed for c:\windows\oldvmreg.dll
c:\windows\oldvmreg.dll NOT unregistered.
c:\windows\oldvmreg.dll moved successfully.
c:\windows\system32\viyivifa.exe...

I have Spyeare Guard 2008 on another computer, here is the HJT log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:24 PM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)...

+ 2008-04-14 00:12:08 102,400 ------w c:\windows\ServicePackFiles\i386\win32spl.dll
+ 2008-04-13 16:48:53 1,647,616 ------w c:\windows\ServicePackFiles\i386\winbrand.dll
+ 2008-04-14...

c:\windows\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 08:08:14 207,872 ------w c:\windows\ServicePackFiles\i386\pclxl.dll
+ 2008-04-13...

c:\windows\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 10:41:58 423,936 ------w c:\windows\ServicePackFiles\i386\licdll.dll
+ 2008-04-14...

c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04...

ComboFix 09-01-19.01 - J.Krautkremer 2009-01-19 11:11:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1461 [GMT -6:00]
Running from: c:\documents and...

Can I attach the combofix log or should I use several posts for it? Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:47 AM, on 1/19/2009
Platform: Windows XP SP3...

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 2

1/19/2009 8:49:19 AM
mbam-log-2009-01-19 (08-49-19).txt

Scan type: Full Scan (C:\|)
Objects scanned:...

Last post archived. Please Help!!! Here is my HJT for this computer, I have the same problem on another computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:05 PM, on 1/12/2009...

This continues to pop up even after cleaning it multiple times with spybot, symantec antivirus and windows defender. Also have run spybot in safe mode to no avail. Have used this forum before with...

My computer apprears to be clean now. I followed your instructions and made the modifications to Internet Explorer and went online to get Microsoft Critical Updates - I was suprised to find 12...

ComboFix 08-05-21.2 - c.saar 2008-05-29 13:32:20.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1424 [GMT -5:00]
Running from: C:\Documents and...

Hi - here are the logs generated after following your instructions.



KASPERSKY ONLINE SCANNER REPORT
2008-05-28 16:18
Operating System: Microsoft Windows XP Professional, Service Pack 2...

KASPERSKY ONLINE SCANNER REPORT
2008-05-27 12:09
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus...

I ran Spybot in safe mode signed on with administrator rights and these keep returning. I read a post that had a simular problem and downloaded and ran combofix and here is my log.

ComboFix...