1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Interpret Combofix

Discussion in 'Virus & Other Malware Removal' started by jberd99usa, Feb 25, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    Could someone interpret these results for me? Also ran Combofix and clock is now in military time. How to change back?
    Thanks,
    jberd99usa
     

    Attached Files:

  2. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    I fixed the clock so I just need to see if anyone can interpret these two logs.
    Thanks,
    jberd99usa
     
  3. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    I figured I would also include Hijackthis log in case someone needs it.
    Thanks,
    jberd99usa
     

    Attached Files:

  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
     
  5. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    Thanks and here they are....
    jberd99usa
     

    Attached Files:

  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {296CCBA8-981D-4417-9BA9-BEC2794FC7D0} - C:\WINDOWS\system32\adsmsex.dll
    O2 - BHO: (no name) - {61915555-A348-4F6C-882D-91601B9A2249} - C:\WINDOWS\system32\adsmsex.dll
    O2 - BHO: (no name) - {63D7729A-120D-48E9-ACF9-BE5F133BA9E7} - C:\WINDOWS\system32\adsmsex.dll
    O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  7. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    Cybertech;
    Followed your instructions and nothing on SuperantiSpyware Log. Find enclosed Hijack this log after SAS ran.
    Thanks,
    jberd99usa
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  9. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    Cybertech;
    Here it is.
    Thanks,
    jberd99usa
     

    Attached Files:

  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Please perform a scan with Kaspersky Webscan Online Virus Scanner

    1. Read the Requirements and Privacy statement, then select "Accept".
    2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    4. When the download is complete it will say ready, click "Next".
    5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    7. Click "OK".
    8. Under "Select a target to scan", click on "My Computer".
    9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  11. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    As you wish!
    Thanks,
    jberd99usa
     

    Attached Files:

  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  13. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    Cybertech;
    here they are.
    Thanks,
    jberd99usa
     

    Attached Files:

  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,116
    Do you know what this does? C:\run.bat
     
  15. jberd99usa

    jberd99usa Thread Starter

    Joined:
    Dec 2, 2006
    Messages:
    129
    No I do not. Sorry.
    jberd99usa
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/687200

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice