Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Analyse hijack log and combofix  (Read 11862 times)

0 Members and 1 Guest are viewing this topic.

alyoob

    Topic Starter


    Intermediate

    Thanked: 1
    • Experience: Experienced
    • OS: Windows 8
    Analyse hijack log and combofix
    « on: February 03, 2008, 09:09:19 PM »
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:41:48 PM, on 2/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --
    End of file - 7165 bytes

    [file cleanup - saving space - attachment deleted by admin]
    « Last Edit: February 04, 2008, 08:09:00 AM by alyoob »

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Analyse hijack log and combofix
    « Reply #1 on: February 04, 2008, 09:40:36 AM »
    Now download The Avenger By Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the Input script manually box.
    • Click on the Magnifying Glass Icon which will open a new window titled View/edit script
    • Copy everything in the Quote box below, and paste it in the box that opens:
    Drivers to unload:

    Code: [Select]
    Files to delete:
    C:\temp\tn3
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\wmilibb.sys

    Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
    • Now click the 'Done' button.
    • Click on the Green Light and OK the prompt.
    • You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    The Avenger will automatically do the following:
    • It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger's actions.
    • This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    • Please attach the C:\avenger.txt in your next post.
    ----------

    Next post please add
    Avenger log


    alyoob

      Topic Starter


      Intermediate

      Thanked: 1
      • Experience: Experienced
      • OS: Windows 8
      Avenger log
      « Reply #2 on: February 04, 2008, 09:00:58 PM »
      Logfile of The Avenger version 1, by Swandog46
      Running from registry key:
      \Registry\Machine\System\CurrentControlSet\Services\vjqdoblh

      *******************

      Script file located at: \??\C:\hxjndmfj.txt
      Script file opened successfully.

      Script file read successfully

      Backups directory opened successfully at C:\Avenger

      *******************

      Beginning to process script file:



      Registry key \Registry\Machine\System\CurrentControlSet\Services\wmilibb.sys not found!
      Unload of driver wmilibb.sys failed!

      Could not process line:
      wmilibb.sys
      Status: 0xc0000034

      Folder C:\Temp\tn3 deleted successfully.
      File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully.
      File C:\WINDOWS\system32\drivers\wmilibb.sys deleted successfully.

      Completed script processing.

      *******************

      Finished!  Terminate.

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Analyse hijack log and combofix
      « Reply #3 on: February 05, 2008, 08:08:31 AM »
      Download and install CleanUp!

      Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
      Set the program up as follows:
      • Click Options...
      • Make sure the arrow is set to Standard CleanUp!
      • Uncheck the following: (if checked)
        • Delete Newsgroup cache
        • Delete Newsgroup Subscriptions
      • Click OK
      Click the CleanUp! button to start the program. Reboot/logoff when prompted.

      Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

      ----------

      Use the Kaspersky Online Scanner
      • Click Accept.
      • Answer Yes, when prompted to install an ActiveX component.
      • The program will then begin downloading the latest definition files.
      • Once the files have been downloaded click on NEXT
      • Locate the Scan Settings button & configure to:
        • Scan using the following Anti-Virus database:

            • Extended[/COLOR]
            • Scan Options:

                • Scan Archives[/COLOR]
                  • Scan Mail Bases[/COLOR]
                • Click OK & have it scan My Computer
                When the scan is done, in the Scan is complete window (below), any infection is displayed.
                There is no option to clean/disinfect, however, we need to analyze the information on the report.



                To obtain the report:
                Click on: Save Report As... (shown above)
                Next, in the Save as prompt, Save in area, select: Desktop.
                In the File name area, use KScan, or something similar.
                In Save as type: click the drop arrow and select: Text file [*.txt]
                Then, click: Save
                Please add the Kaspersky Online Scanner Report in your next post.

                ---------------

                Next post
                Kscan log

          alyoob

            Topic Starter


            Intermediate

            Thanked: 1
            • Experience: Experienced
            • OS: Windows 8
            Windows cleanup
            « Reply #4 on: February 05, 2008, 09:38:44 AM »
            I ran the demo mode of windows cleanup and it found these files to delete do you think i should delete them or is there any files that should not be deleted. I believe there are files that should not be deleted.



            [file cleanup - saving space - attachment deleted by admin]

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Analyse hijack log and combofix
            « Reply #5 on: February 05, 2008, 10:06:51 AM »
            Thats what I was wanting to be deleted.

            Just waiting for the Kaspersky log now.

            alyoob

              Topic Starter


              Intermediate

              Thanked: 1
              • Experience: Experienced
              • OS: Windows 8
              Kaspersy online scanner
              « Reply #6 on: February 05, 2008, 12:47:44 PM »
              scanner results attached

              [file cleanup - saving space - attachment deleted by admin]

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Analyse hijack log and combofix
              « Reply #7 on: February 05, 2008, 01:28:38 PM »
              You are using a unlicensed version of AVG.

              Uninstall it!!!!

              Then go here http://free.grisoft.com/doc/downloads?prd=aff to download and install the free version.

              Run a full system scan and remove anything found.

              Then run the CleanUp! program and then run a new Kaspersky scan and post the log please.

              alyoob

                Topic Starter


                Intermediate

                Thanked: 1
                • Experience: Experienced
                • OS: Windows 8
                Re: Analyse hijack log and combofix
                « Reply #8 on: February 07, 2008, 05:05:06 PM »
                I scanned with avg free and it did not find anything rescanned with kaspery and it found the same thing that it had found any suggestions on what to do next. Here is the kaspersy log anyways

                [file cleanup - saving space - attachment deleted by admin]

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Analyse hijack log and combofix
                « Reply #9 on: February 07, 2008, 06:08:17 PM »
                • Run avenger.exe by double-clicking on it.
                • Check the Input script manually box.
                • Click on the Magnifying Glass Icon which will open a new window titled View/edit script
                • Copy everything in the Quote box below, and paste it in the box that opens:
                Drivers to unload:

                Code: [Select]
                Folders to delete:
                C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar

                Files to delete:
                C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe
                C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab
                C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe
                C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe
                C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab
                C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe
                C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar

                Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
                • Now click the 'Done' button.
                • Click on the Green Light and OK the prompt.
                • You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself.
                • A log file from Avenger will be produced at C:\avenger.txt
                The Avenger will automatically do the following:
                • It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
                • On reboot, it will briefly open a black command window on your desktop, this is normal.
                • After the restart, it creates a log file that should open with the results of Avenger's actions.
                • This log file will be located at C:\avenger.txt
                • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
                • Please attach the C:\avenger.txt in your next post.
                ----------

                Next post please add
                Avenger log


                alyoob

                  Topic Starter


                  Intermediate

                  Thanked: 1
                  • Experience: Experienced
                  • OS: Windows 8
                  Avenger log
                  « Reply #10 on: February 07, 2008, 08:07:04 PM »
                  Logfile of The Avenger version 1, by Swandog46
                  Running from registry key:
                  \Registry\Machine\System\CurrentControlSet\Services\kqnyg^xs

                  *******************

                  Script file located at: \??\C:\Program Files\gcexdcpa.txt
                  Script file opened successfully.

                  Script file read successfully

                  Backups directory opened successfully at C:\Avenger

                  *******************

                  Beginning to process script file:



                  Error: C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar is not a folder!  It may instead be a file.
                  Deletion of folder C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar failed!

                  Could not process line:
                  C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar
                  Status: 0xc0000103



                  Could not open file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe for deletion
                  Deletion of file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe failed!

                  Could not process line:
                  C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe
                  Status: 0xc0000033



                  Could not open file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab for deletion
                  Deletion of file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab failed!

                  Could not process line:
                  C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab
                  Status: 0xc0000033



                  Could not open file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe for deletion
                  Deletion of file C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe failed!

                  Could not process line:
                  C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe
                  Status: 0xc0000033



                  Could not open file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe for deletion
                  Deletion of file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe failed!

                  Could not process line:
                  C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe
                  Status: 0xc0000033



                  Could not open file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab for deletion
                  Deletion of file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab failed!

                  Could not process line:
                  C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab
                  Status: 0xc0000033



                  Could not open file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe for deletion
                  Deletion of file C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe failed!

                  Could not process line:
                  C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe
                  Status: 0xc0000033

                  File C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar deleted successfully.

                  Completed script processing.

                  *******************

                  Finished!  Terminate.

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Analyse hijack log and combofix
                  « Reply #11 on: February 07, 2008, 08:26:07 PM »
                  You are going to have to boot to safe mode and then delete the files manually.

                  First download ATF Cleaner by Atribune. ATF Cleaner.exe to the desktop. <<--Don't use it yet.

                  You may want to copy the rest of the instructions into Notepad and save it to the desktop so you will be able to view them in safe mode.

                  Boot into Safe Mode.

                  Starting your computer in safe mode
                  • If the computer is running, shut down Windows, and then turn off the power.
                  • Wait 30 seconds, and then turn the computer on.
                  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
                  • Ensure that the Safe Mode option is selected.
                  • Press Enter. The computer then begins to start in Safe mode.
                  • Login on your usual account.
                  .
                  Locate and delete these folders/files. (in bold)

                  C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar

                  C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe

                  While in Safe Mode run ATF Cleaner.

                  Make sure that all browser windows are closed.
                  • Under the Main tab, put a check next to Select All.
                    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
                  • If you use the Firefox browser:
                    Click on Firefox at the top and put a check next to Select All.
                    If you would like to keep your saved passwords, click No at the prompt.
                    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
                  • If you use the Opera browser:
                    Click on Opera at the top and put a check next to Select All.
                    If you would like to keep your saved passwords, click No at the prompt.
                    Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
                  .

                  Let me know how everything went.

                  alyoob

                    Topic Starter


                    Intermediate

                    Thanked: 1
                    • Experience: Experienced
                    • OS: Windows 8
                    Re: Analyse hijack log and combofix
                    « Reply #12 on: February 07, 2008, 09:23:18 PM »
                    Everthing went fine but i could not locate this file to delete

                    rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 493
                    • Experience: Experienced
                    • OS: Windows 11
                    Re: Analyse hijack log and combofix
                    « Reply #13 on: February 08, 2008, 12:12:13 AM »
                    Thats Ok I am sure that The Avenger got it. Just wanted to be sure.

                    How is the computer now?

                    alyoob

                      Topic Starter


                      Intermediate

                      Thanked: 1
                      • Experience: Experienced
                      • OS: Windows 8
                      Re: Analyse hijack log and combofix
                      « Reply #14 on: February 08, 2008, 10:48:55 AM »
                      everything is fine i will repost if kasepersy finds anything when i scan the computer once again.

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 493
                      • Experience: Experienced
                      • OS: Windows 11
                      Re: Analyse hijack log and combofix
                      « Reply #15 on: February 08, 2008, 11:00:48 AM »
                      I will go ahead and post this.


                      Time to cleanup and secure the work you have done
                      • Click START then RUN
                      • Now type Combofix /u in the runbox
                      • Make sure there's a space between Combofix and /u
                      • Then hit Enter.
                      • The above procedure will:
                      • Delete the following:
                      • ComboFix and its associated files and folders.
                      • Reset the clock settings.
                      • Hide file extensions, if required.
                      • Hide System/Hidden files, if required.
                      • Set a new, clean Restore Point.
                      Next
                      .
                      Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

                      1. Double click OTMoveIt2.exe to launch it.
                      2. Click on the CleanUp! button.
                      3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
                      4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
                      • When finished exit out of OTMoveIt2
                      .
                      Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?