Comfix Log

By jmolina
Aug 22, 2008
  1. I recently removed a spyware /virus from a Toshiba Satellite A75 S2112 running Windows XP Home edition with Combo fix. I wanted to post my combo fix log to see if anything else is still there that can be removed.

    Please advise!!.

    Thanks in advance!!
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    if you have not had training on how to run this tool you can damage your computer.

    Looks like you still have vundo. Run the tool below and attach the log

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Come back here to this thread and Attach the log in txt format your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  3. jmolina

    jmolina TS Rookie Topic Starter Posts: 21

    My HijackLog File

    Thanks for the Help. I actually did run a couple of programs before runnig ComboFIX . Aware Removal;VundoFIX;Spybot;Malwarebytes then finally I ran COMBOFIX .
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - C:\WINDOWS\system32\tuvULeBq.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A376BB77-A7F1-4E05-8ABC-9D4324A7D3C9}: NameServer =,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC95A01-5B7F-415C-A628-6421D01DA005}: NameServer =,
    O20 - Winlogon Notify: tuvULeBq - C:\WINDOWS\SYSTEM32\tuvULeBq.dll

    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis and*reboot


    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Please run an on-line virus scan at[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
  5. jmolina

    jmolina TS Rookie Topic Starter Posts: 21

    Log File

    Here what i got after reboot
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Run the online scan then post the information on the scan along with a hijackthis log
  7. jmolina

    jmolina TS Rookie Topic Starter Posts: 21

    Ok Will do .. Thanks for the help
  8. jmolina

    jmolina TS Rookie Topic Starter Posts: 21

    Here is my new HiJack lOG after scan removed some vudo viruses.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...