Page 5 of 8 FirstFirst 12345678 LastLast
Results 41 to 50 of 80

Thread: Numerous Issues Found, Can't Run Spybot or Install Latest HijackThis

  1. #41
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    It looks like we need another option. The same thing happened. GMER appears to have run successfully, and promptly rebooted the system when it appeared to be done. (I was watching, and it really looked like it went through everything.) I did a windows search for ark.txt in case there was a log written to some random place on the harddrive, but no dice. No log to be found anyway.

    No alerts about rootkit activity at any point while it ran.

    Should I run defogger to enable those drivers I disabled earlier?

    What next?

  2. #42
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Let SuperAntiSpyware remove these
    -Adware.TrackingCookie [ 14 items ]
    -Adware.Vundo/Variant-EC [ 1 items ]
    -Adware.Vundo/Variant-Senorita [ 1 items ]
    -Adware.Vundo/Variant-Variant-Yx [ 3 items ]


    Go to MSCONFIG and re enable your updates


    Yes, go ahead and re enable your CD drivers


    If GMER wont run it wont run Have you tried running it in Safemode

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode



    You can try this other one but it may not give me the info I am looking for

    Please download RootRepeal from one of these locations and save it to your desktop
    Here
    Here
    Here
    • Open on your desktop.
    • Click the tab.
    • Click the button.
    • Check just these boxes:
    • Push Ok
    • Check the box for your main system drive (Usually C:, and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
    Last edited by ken545; 2010-04-17 at 13:07.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #43
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Which entries in MSConfig were you referring to? You mean the Spybot TeaTimer? Or Windows Updates?

    I have run defogger and reenabled the cd emulators successfully.

    I've tried GMER in safemode. It won't fit on the screen! I can't even see the scan button when the GMER window is maximized. Is it possible to run this tool via commandline? I'd be happy to try that in safemode.

    Here's the log from RootRepeal:
    ----
    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/04/17 10:38
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB97AF000 Size: 49152 File Visible: No Signed: -
    Status: -

    ==EOF==

  4. #44
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Well, it looks like with what you can and cannot run on this system that this is about as far as we can go. How are things running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #45
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Well, as the saying goes, where there's a will, there's a way. And I found the way around the resolution problem in safe mode with GMER. The scan has been running for the last 3 and a half hours, so clearly it wasn't finished all those times when it rebooted. I hope to have a GMER log for you by this evening. Once it's done and I've posted it, I'll report back on the current state of the system.

  6. #46
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #47
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Well, it ran to completion in safe mode, and I'm a little disappointed with what I'm seeing in the log that it saved. Is this all I should have expected to see? I had to step out for a while this evening, so I wasn't here when it completed. Hopefully no news is good news. (See below.)

    One thing I have noticed when I boot up in normal mode is I see a couple of RUN DLL Error Messages at start up:

    "Error loading c:\windows\system32\gobiheyi.dll"
    "Error loading c:\windows\system32\fimuwaho.dll"
    and another error about ctmbha.dll, something about a dll initialization routine failing. Is this related to the vundo stuff I had SUPERAntiSpyware remove? Perhaps it forgot to remove those entries from the registry some place?

    Surprisingly short GMER Log:
    ----

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-18 00:10:22
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\ufddaaog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \FileSystem\Fastfat \Fat B9C83D20

    ---- EOF - GMER 1.0.15 ----

  8. #48
    Member
    Join Date
    Apr 2010
    Posts
    45

    Default

    Another thing. I just noticed a log file called hs_err_pid318784.log on my desktop (my desktop is cluttered, it was easy to overlook), with a modification date from around the time of my PC's infection. Looking at it in notepad, the header information says "An unexpected error has been detected by Java Runtime Environment: EXCEPTION_ACCESS_VIOLATION (0Xc0000005) ..." Would you be interested in looking at this?

    Testing SpyBot to see if it was working, it reported a couple of registry entries under Virtumonde.prx, and another under Virtumonde.sdn. I selected some reported tracking cookies to fix, and Spybot crashed again, as it did before.

  9. #49
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Morning,

    hs_err_pid318784.log <--I have no idea what this is, it wont even Google, you can post it if you wish.

    GMER looks ok.

    Run RSIT and lets see if we can find the reg entries that need to be removed to stop those errors

    Random System Information Tool
    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #50
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    ctmbha.dll <--This is related to your soundcard drivers and looks like other people are fixing it by reinstalling the software for this
    Creative/SoundBlaster Software and Drivers


    In lew of RSIT, run this quick scan

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :reg
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •