Combofix log.
- Thread starter maize
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
I have moved your post to it`s own thread.
There are several entries in your Combofix log that are either nasty or suspicious.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I have moved your post to it`s own thread.
There are several entries in your Combofix log that are either nasty or suspicious.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thank you very very very much.
STEP11:
Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.
Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path" Do not fix anything yet. Let me know what is found in your reply and I`ll instruct you on how to proceed. Reconnect to the net.
First of all, i want to thank you very much.
After following your step1~step11, the AVG Anti-Rootkit scan result is:
No rootkits found.
BTW, the tool4 does not work. I mean that they can not star to scanning my computer.
STEP11:
Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.
Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path" Do not fix anything yet. Let me know what is found in your reply and I`ll instruct you on how to proceed. Reconnect to the net.
First of all, i want to thank you very much.
After following your step1~step11, the AVG Anti-Rootkit scan result is:
No rootkits found.
BTW, the tool4 does not work. I mean that they can not star to scanning my computer.
howard_hopkinso
Posts: 21,238 +17
That`s ok, no worries. Please post the requested log files.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thanks again!
First of all, i want to thank you very much.
After following your step1~step11, the AVG Anti-Rootkit scan result is:
"No rootkits found".
BTW, the tool4 does not work. I mean that they can not star to scanning my computer.
Howard, i have finished this step below.
My questions are,
How to "Reboot into normal mode and rehide your protected OS files?
and,
After saving the report to my desktop, did i need to remove all reports?
ps,
How can i do now?
Best Regards,
maize
Hello, Howard
First of all, i want to thank you very much.
After following your step1~step11, the AVG Anti-Rootkit scan result is:
"No rootkits found".
BTW, the tool4 does not work. I mean that they can not star to scanning my computer.
Howard, i have finished this step below.
My questions are,
How to "Reboot into normal mode and rehide your protected OS files?
and,
After saving the report to my desktop, did i need to remove all reports?
ps,
How can i do now?
Best Regards,
maize
howard_hopkinso
Posts: 21,238 +17
You reboot into normal mode, simply by rebooting your computer.
You rehide your protected OS files by doing the reverse of these instructions.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
You need to post the requested logfiles as attachments. See HERE for instructions.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You rehide your protected OS files by doing the reverse of these instructions.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
You need to post the requested logfiles as attachments. See HERE for instructions.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Howard,
Thanks again.
I see.
BTW, before rebooting into normal mode and rehide my protected os files, do i need to remove all reports first(After saving the report to my desktop)?
Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section.
Thanks again.
I see.
BTW, before rebooting into normal mode and rehide my protected os files, do i need to remove all reports first(After saving the report to my desktop)?
Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section.
howard_hopkinso
Posts: 21,238 +17
No, you don`t need to remove the reports, they`ll still be on your desktop after you have rebooted into normal mode. Then, you need to attach them into your next reply.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Which report says you have 618 virus files?
Regards Howard
Regards Howard
After running AVG Antispyware, the report said that there are more than 619
high risk txx.. files.
Did i misunderstand something?
Just like this,
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP113\A0008654.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008933.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP112\A0008624.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP113\A0008673.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008940.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008953.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0009167.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP120\A0009432.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP122\A0009517.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP122\A0009547.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP123\A0009631.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP125\A0013915.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP125\A0013925.DLL -> Backdoor.Hupigon.emb : No action taken.
high risk txx.. files.
Did i misunderstand something?
Just like this,
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP113\A0008654.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008933.dll -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP112\A0008624.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP113\A0008673.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008940.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0008953.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP116\A0009167.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP120\A0009432.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP122\A0009517.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP122\A0009547.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP123\A0009631.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP125\A0013915.DLL -> Backdoor.Hupigon.emb : No action taken.
C:\System Volume Information\_restore{B64D3591-7AD5-4427-AA63-AF739FCEC00A}\RP125\A0013925.DLL -> Backdoor.Hupigon.emb : No action taken.
howard_hopkinso
Posts: 21,238 +17
All you need to do, is attach the requested logfiles to your next reply. I`ll then tell you how to proceed.
The log files I need to see are as follows.
HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
You must post them as attachments.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The log files I need to see are as follows.
HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
You must post them as attachments.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Here is my HijackThis.log & combofix.txt attachment
Here is my HijackThis.log & combofix.txt attachment.
About the AVG Antispyware scan report txt can not be upload.
Because they said,
"Report-Scan-20070406-204154.txt:
Your file of 167.1 KB bytes exceeds the forum's limit of 100.0 KB for this filetype."
Here is my HijackThis.log & combofix.txt attachment.
About the AVG Antispyware scan report txt can not be upload.
Because they said,
"Report-Scan-20070406-204154.txt:
Your file of 167.1 KB bytes exceeds the forum's limit of 100.0 KB for this filetype."
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
A7F4835
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
A7F4835.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: A7F4835 - Unknown owner - C:\WINDOWS\system32\A7F4835.EXE (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\A7F4835.EXE
Reboot into normal mode and rehide your protected OS files.
Run the Ccleaner programme as per step9 of these instructions.
Then, run another AVG Antispyware scan and save the report.
Attach the AVG Antispyware report as well as a fresh HJT log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
A7F4835
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
A7F4835.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: A7F4835 - Unknown owner - C:\WINDOWS\system32\A7F4835.EXE (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\system32\A7F4835.EXE
Reboot into normal mode and rehide your protected OS files.
Run the Ccleaner programme as per step9 of these instructions.
Then, run another AVG Antispyware scan and save the report.
Attach the AVG Antispyware report as well as a fresh HJT log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
All items in your AVG Antispyware log say "No Action Taken". This is because you didn`t follow the instructions properly for AVG Antispyware. You need to tell AVG Antispyware to quarantine to results. See this guide HERE.
Follow the instructions in my post above, then post a fresh HJT log as well as a fresh AVG Antispyware log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Follow the instructions in my post above, then post a fresh HJT log as well as a fresh AVG Antispyware log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Howard,
You are so nice and friendly. Thanks again.
I do follow your instructions above.
Here is the result.
"When the window appears, maximise it. Double click on the following services(if there) "=>yes
"Click on the processes tab and end process for(if there)."=>no
"Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there)."=>no
Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section.
You are so nice and friendly. Thanks again.
I do follow your instructions above.
Here is the result.
"When the window appears, maximise it. Double click on the following services(if there) "=>yes
"Click on the processes tab and end process for(if there)."=>no
"Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there)."=>no
Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section.
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean.
However, your AVG Antispyware log still says all results have no action taken.
Please do the following.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
Then, follow the instructions below very carefully.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
This is taken from HERE.
Reboot your system and attach the AVG Antispyware log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
However, your AVG Antispyware log still says all results have no action taken.
Please do the following.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
Then, follow the instructions below very carefully.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
This is taken from HERE.
Reboot your system and attach the AVG Antispyware log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Howard,
About into safe mode, under my normal user name account.
Actually, i seprate my normal user name to two user account.
One is call "Matrix", another is call "Emily".
So, after using the F8 Method or using the running "msconfing",
no matter what method i using, in safe mode, i only just can use
"Emily" this normal user name account to operate. I mean i can not
find my Matrix normal user name account in safe mode.
Below logfile is under Emily account.
Here is under Matrix user name account.
About into safe mode, under my normal user name account.
Actually, i seprate my normal user name to two user account.
One is call "Matrix", another is call "Emily".
So, after using the F8 Method or using the running "msconfing",
no matter what method i using, in safe mode, i only just can use
"Emily" this normal user name account to operate. I mean i can not
find my Matrix normal user name account in safe mode.
Below logfile is under Emily account.
Here is under Matrix user name account.
howard_hopkinso
Posts: 21,238 +17
You just don`t get it do you?
I told you to turn system restore off and on, it appears you haven`t done this.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
I`ve also told you several times how to use AVG Antispyware. Yet it still appears you don`t know how to do this, as all the results in your AVG Antispyware log say No Action Taken.
So, let`s have one last try. Copy and paste these instructions into a notepad file, then you can have the file open so you can follow the instructions easier.
Make sure all windows are closed, except notepad.. Run AVG Antispyware from normal mode.
Click Scanner, then the Settings tab and under where it says How to Act, make sure you set it to QUARANTINE results. Then click the scan tab and click Complete System Scan to begin scanning.
Once finished, click the save scan report button, followed by the Save report as button and save it to your desktop.
Post the AVG Antispyware log and nothing else.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I told you to turn system restore off and on, it appears you haven`t done this.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
I`ve also told you several times how to use AVG Antispyware. Yet it still appears you don`t know how to do this, as all the results in your AVG Antispyware log say No Action Taken.
So, let`s have one last try. Copy and paste these instructions into a notepad file, then you can have the file open so you can follow the instructions easier.
Make sure all windows are closed, except notepad.. Run AVG Antispyware from normal mode.
Click Scanner, then the Settings tab and under where it says How to Act, make sure you set it to QUARANTINE results. Then click the scan tab and click Complete System Scan to begin scanning.
Once finished, click the save scan report button, followed by the Save report as button and save it to your desktop.
Post the AVG Antispyware log and nothing else.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your AVG Antispyware log still says "No Action Taken" for all items. I keep telling you, you need to tell AVG Antispyware to quarantine it`s results.
See this pictorial guide to AVG Antispyware.
Post a fresh AVG Antispyware log as well as a fresh HJT log, after you`ve run AVG Antispyware.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
See this pictorial guide to AVG Antispyware.
Post a fresh AVG Antispyware log as well as a fresh HJT log, after you`ve run AVG Antispyware.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That`s correct now lol.
Run AVG Antispyware and click on the infections tab. Click the select all button, followed by the remove finally button. This will delete all files in AVG Antispyware quarantine.
Reboot your system and post what hopefully should be a final HJT log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Run AVG Antispyware and click on the infections tab. Click the select all button, followed by the remove finally button. This will delete all files in AVG Antispyware quarantine.
Reboot your system and post what hopefully should be a final HJT log.
Regards Howard
This thread is for the use of maize only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
