Tech Problem Aggregator

Combofix completed - need help with log file

Q: Combofix completed - need help with log file

I've ran Combofix, but need someone to look at my log file. I'm still having boxes pop up like my symantic anti-virus can't work because it is on a network resource that is unavailable. The log file is below. I would really appreciate any help I could get.Thanks,DonComboFix 10-12-09.04 - Todd 12/10/2010 16:39:31.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -6:00]Running from: c:\documents and settings\Todd.PHILCON\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\FuhYQAtN.exec:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}c:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome.manifestc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\_cfg.jsc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\chrome\content\overlay.xulc:\documents and settings\Don\Local Settings\Application Data\{127EBD9A-1C22-44C3-8173-3067BB23059B}\install.rdfc:\documents and settings\Todd.PHILCON\Local Settings\Application Data\{878F384E-15E7-4A94-A085-A9A5B662AA81}c:\documents and settings\Todd.PHILCON\Local Settings\Application Data\{878F384E-15E7-4A94-A085-A9A5B662AA81}\chrome.manifestc:\documents and settings\Todd.PHILCON\Local Settings\Application Data\{878F384E-15E7-4A94-A085-A9A5B662AA81}\chrome\content\_cfg.jsc:\documents and settings\Todd.PHILCON\Local Settings\Application Data\{878F384E-15E7-4A94-A085-A9A5B662AA81}\chrome\content\overlay.xulc:\documents and settings\Todd.PHILCON\Local Settings\Application Data\{878F384E-15E7-4A94-A085-A9A5B662AA81}\install.rdfC:\driverswii.exec:\driverswii.exe\config.binc:\driverswii.exe\driverswii.exec:\windows\aduyivoqububukuk.dllc:\windows\Downloaded Program Files\RdxIE.dllc:\windows\Downloaded Program Files\Tempc:\windows\ilosaciwiqulo.dllc:\windows\inojacoy.dllc:\windows\itogadag.dllc:\windows\system32\6to4v32.dllc:\windows\system32\certstore.datc:\windows\system32\ReadMe.txtc:\windows\Tasks\At25.jobc:\windows\Tasks\At26.jobc:\windows\Tasks\At27.jobc:\windows\Tasks\At28.jobc:\windows\Tasks\At29.jobc:\windows\Tasks\At30.jobc:\windows\Tasks\At31.jobc:\windows\Tasks\At32.jobc:\windows\Tasks\At33.jobc:\windows\Tasks\At34.jobc:\windows\Tasks\At35.jobc:\windows\Tasks\At36.jobc:\windows\Tasks\At37.jobc:\windows\Tasks\At38.jobc:\windows\Tasks\At39.jobc:\windows\Tasks\At40.jobc:\windows\Tasks\At41.jobc:\windows\Tasks\At42.jobc:\windows\Tasks\At43.jobc:\windows\Tasks\At44.jobc:\windows\Tasks\At45.jobc:\windows\Tasks\At46.jobc:\windows\Tasks\At47.jobc:\windows\Tasks\At48.job.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_6TO4-------\Service_6to4((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 ))))))))))))))))))))))))))))))).2010-12-10 22:12 . 2010-12-10 22:12 -------- d-sh--w- c:\documents and settings\Todd.PHILCON\PrivacIE2010-12-10 22:11 . 2010-12-10 22:11 -------- d-sh--w- c:\documents and settings\Todd.PHILCON\IECompatCache2010-12-10 21:29 . 2010-12-10 21:29 -------- d-sh--w- c:\documents and settings\Todd.PHILCON\IETldCache2010-12-10 20:58 . 2010-12-10 20:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-12-10 18:56 . 2010-12-10 18:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer2010-12-10 18:00 . 2010-12-10 18:00 0 ----a-w- c:\windows\Ihupa.bin2010-12-10 18:00 . 2010-12-10 18:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\whitesmoketoolbar2010-12-10 17:58 . 2010-12-10 17:58 -------- d-----w- c:\windows\system32\%APPDATA%2010-12-10 17:57 . 2010-12-10 17:57 48640 ---ha-w- c:\windows\system32\csrspsrv.dll2010-12-10 11:35 . 2010-12-10 11:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2010-12-09 18:21 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll2010-12-09 18:14 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2010-12-09 18:14 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2010-12-09 18:14 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2010-12-09 18:10 . 2010-12-09 18:14 -------- dc-h--w- c:\windows\ie82010-12-08 15:43 . 2010-07-26 19:42 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll2010-12-08 15:43 . 2010-12-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CitrixLogs2010-12-08 15:43 . 2010-07-26 19:42 111472 ----a-w- c:\windows\system32\gotomon.dll2010-12-07 17:07 . 2010-12-07 17:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2010-12-07 17:02 . 2010-12-07 17:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2010-12-06 16:33 . 2010-12-09 18:38 -------- d-----w- c:\documents and settings\Don2010-12-01 23:29 . 2010-12-01 23:29 -------- d-----w- c:\documents and settings\Administrator.PHILCON\Local Settings\Application Data\Google.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-09-18 17:23 . 2002-08-29 01:00 974848 ----a-w- c:\windows\system32\mfc42u.dll2010-09-18 06:53 . 2002-08-29 01:00 974848 ----a-w- c:\windows\system32\mfc42.dll2010-09-18 06:53 . 2002-08-29 01:00 954368 ----a-w- c:\windows\system32\mfc40.dll2010-09-18 06:53 . 2002-08-29 01:00 953856 ----a-w- c:\windows\system32\mfc40u.dll.<pre>
c:\program files\Analog Devices\SoundMAX\Smtray .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\COMPAQ\Easy Access Button Support\StartEAK .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\Symantec AntiVirus\VPTray .exe
c:\windows\system32\PROMon .exe
c:\windows\system32\rundll32 .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]"driverswii.exe"="c:\driverswii.exe\driverswii.exe" [N/A][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="NvQTwk" [X]"nwiz"="nwiz.exe" [2002-07-30 372736]"CapShare IO Broker"="c:\program files\Hewlett-Packard\CapShare\hpkiob1.exe" [1999-07-12 245760]"Wvatilahacafofo"="c:\windows\aduyivoqububukuk.dll" [N/A][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"driverswii.exe"="c:\driverswii.exe\driverswii.exe" [N/A]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]2010-07-26 19:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R2 GGX List Service (v2);GGX List Service (v2);c:\program files\GeoGraphix\Tools\GeoSync.exe [1/10/2004 12:03 AM 323584]R2 GGX Network Access Service;GGX Network Access Service;c:\program files\GeoGraphix\Tools\GGXNASrv.exe [1/10/2004 12:02 AM 131072]R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]R2 SQLANYs_GGX;GGX Database Service;c:\program files\GeoGraphix\AdaptiveServer80\win32\dbsrv8.exe -hvSQLANYs_GGX --> c:\program files\GeoGraphix\AdaptiveServer80\win32\dbsrv8.exe -hvSQLANYs_GGX [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/31/2010 9:34 PM 102448]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/7/2010 11:02 AM 135664]--- Other Services/Drivers In Memory ---*NewlyCreated* - NMSCFG.Contents of the 'Scheduled Tasks' folder2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 17:02]2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 17:02]..------- Supplementary Scan -------.uStart Page = hxxp://msn.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} - hxxp://members.cox.net/georan/teechart.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-10 17:18Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 5.1.2600 Disk: WDC_WD800BB-60CJA1 rev.17.07W17 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3device: opened successfullyuser: MBR read successfullyDisk trace:called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82A8B555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82a917b0]; MOV EAX, [0x82a9182c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82B0FAB8]3 CLASSPNP[0xF85B7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005f[0x82B2AF18]5 ACPI[0xF852E620] -> nt!IofCallDriver[0x804E37D5] -> [0x82BAC940]\Driver\atapi[0x82B7B168] -> IRP_MJ_CREATE -> 0x82A8B555kernel: MBR read successfully_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; PUSH AX; POP ES; PUSH AX; POP DS; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x61d; }detected disk devices:\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-60CJA1______________________17.07W17#4457572d414d4341323131363132_039_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not founddetected hooks:\Driver\atapi DriverStartIo -> 0x82A8B39Buser & kernel MBR OK Warning: possible TDL3 rootkit infection !**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,64,b0,91,52,77,45,bc,21,81,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,84,64,b0,91,52,77,45,bc,21,81,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(692)c:\windows\system32\WININET.dllc:\program files\Citrix\GoToMyPC\G2WinLogon.dll- - - - - - - > 'lsass.exe'(752)c:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(3252)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Citrix\GoToMyPC\g2svc.exec:\program files\Citrix\GoToMyPC\g2comm.exec:\windows\System32\NMSSvc.exec:\windows\System32\nvsvc32.exec:\program files\Citrix\GoToMyPC\g2pre.exec:\program files\Citrix\GoToMyPC\g2tray.exec:\program files\GeoGraphix\AdaptiveServer80\win32\dbsrv8.exec:\program files\HP\Digital Imaging\bin\hpqgalry.exec:\windows\system32\msiexec.exe.**************************************************************************.Completion time: 2010-12-10 17:27:18 - machine was rebootedComboFix-quarantined-files.txt 2010-12-10 23:27Pre-Run: 49,725,464,576 bytes freePost-Run: 54,345,715,712 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn- - End Of File - - 1EB5DE76F9AFA156455D6680CDA7BB61

A: Combofix completed - need help with log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logCasey

2 more replies
Answer Match 64.26%

Good evening..i have just completed the combofix scan on my Openlabs Neko TSE. Which is my music workstation with a built in computer. Please can you review my log for further advice.? I really appreciate you for this. This workstation is the key to all my productions. I have been freaking out all night. Aloha!

A:completed combofix run

Hello,That request about NOT posting CF logs is primarily to keep people from running the program unsupervised.Please read this topic: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ which explains that reasoning further.Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

1 more replies
Answer Match 63.42%

hi there,
plese consider that who's writing (me) is a sw/hw total illiterate..
 
months ago i downloaded a .exe (then uninstalled) to upload videos on youtube and from that time:
 
- at every web connection (firefox), the start page is http://istart.webssearches.com + the last web page visited at previous connection (two windows). i set up new homepage but nothing changes.
- pop ups frequently open (then disabled via settings).
- mouse stops/blocks for a second while using it.
 
i downloaded combofix and let it run. everything seems worked correctly, but now i don't know how to proceed.
here below the log i got - integral copy&paste - now saved on desktop.
if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it..
 
i hope you can help me about how to proceed.
 
thanks++
iggy
 
 
 
ComboFix 14-05-19.01 - user 19/05/2014  19.13.03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1919.1432 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\kp_0loor.pad
c:\documents and settings\user\Dati applicazioni\cacaoweb
c:\documents and settings\user\Dati applicazion... Read more

A:ComboFix ran&completed - don't know how to proceed

..if i understood well, malware etc will be removed once combofix is uninstalled and i still have to uninstall it.. ...that is not true...  Hello iggy1427,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Download OTL to your desktop.Double click on the icon to run it.Vista / Windows 7/8 users right-click and select Run As Administrator.Make sure all other windows are closed and to let it ... Read more

3 more replies
Answer Match 62.58%

Hi All,

I am in the process of repairing a clients Win7 Home Premium SP1 PC, initial complaint "PC hangs on windows boot screen". After confirming not boot I was able to boot to safe mode and reviewed the error logs. With nothing jumping out immediately as a problem I began to suspect malware and began a run of malwarebytes which hung halfway through requiring a hard reboot.

Following hard reboot it would now not boot at all. Running a pre-startup drive scan found a faulty data HDD, removed and was able to boot only to "last known good config". Once booted I noticed three separate AV's installed and removed the free versions and rebooted. PC still was chugging along and look at running processes revealed Bit Defender AV pegging CPU at 100% with nothing apparent running. Uninstalled Bit Defender and several apps that were clearly adware that had been installed.

After another reboot began a sweep with CCleaner for good measure an app popped up an installer that force installed "Free Ride Games". After several attempts was able to uninstall using Revo, however malware not clearly suspected. Thus I downloaded Combofix and began run. It has not been stuck at "Completed step_50" for about 2 hours. I can hear (and see) continue drive activity and I am unclear if i should simply let it continue or stop Combofix and try an alternate route pending input and instructs from the talented BleepingComputer Community/Folks?!

A:Combofix Stuck At "Completed Stage_50"

I would wait as you know stopping combofix can damage the machine more. if the HDD indicator is flashing its probobly still working its majic. I had one machine that hung for over an hour but never as long as two hours so that is slightly concerning. With all the issues you mentioned in your post i would probobly consider rebuilding the machine if combofix fails.

1 more replies
Answer Match 62.16%

Due to innactivity - as I have been out of town - my last thread in the Hijackthis forum was closed. My previous thread is located at:

http://www.techsupportforum.com/secu...nctioning.html

Chemist told me that I should clear up unused programs, pictures, and music, and I am going to begin doing this as soon as I finish this post.The last thing that I was told to do was to download and run combofix. I followed all of the instructions and this the log that was displayed following the ComboFix scan:




ComboFix 08-12-23.01 - Owner 2008-12-23 13:53:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.959.619 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\ComboFix.exe c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\windows\TWF0dCBIdWJlcnR5\asappsrv.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Rabio
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\cftmon.exe
c:\documents and settings\Owner\App... Read more

A:Continuing my last thread. Completed Combofix scan...

Hello again, Tommy1073.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall HijackThis 1.99.1 in the Add or Remove Programs section of your Control Panel and delete your current version.

-------------------------------------------------... Read more

2 more replies
Answer Match 60.9%

Nice way to spend Xmas day at my Dad's place.

Registry Defender infection occurred. I ran updated MBAM which showed lots of Trojan.Vundo.H results. Removed all. I ran ComboFix and HJT. Please see logs below. One thing I am wondering about. For my Dad's computer (he's not even as tech savvy as me and I'm no programmer) is it worthwhile to buy RogueRemover Pro from malwarebytes.org?
--------------------------------------------------------------------------------------------------------------------------------

EDIT: I just realized that the ComboFix log is 313 pages in Word!! Should I post it here anyway? Should I post only a portion of it?

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:10 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\br... Read more

More replies
Answer Match 53.76%

I am really liking the expanded "notifications" section of Windows 10. Is there anything out there that allows for you to get OS operation notification E.G. File copy completed notification, and so on. It looks like right now it is only based on if the installed app supports it. I do a ton of file copying and moving and it would be nice to get it popping up and dinging saying it has completed.
 

More replies
Answer Match 53.76%

This is kind of driving me a bit bonkers now, as I am trying to organize the files on my system, and am consistently butting heads against this problem. It always seems to be the last file I highlight. In other words.. I have two directories open on the screen, and am simply looking to drag files/folders from one directory to another. To do this, you almost always have to highlight the folder you want to move, and doing this seems to put a lock on that folder. If I highlight more folders, it seems to be ok, except for the last one I highlight will always fail to copy.

Any way to prevent windows from locking files in this way?

A:Action cannot be completed because the Folder or File is..

Are you sure or is it a specific file?

Can't delete file. says that it is open in another program. Solved - Windows 7 Help Forums

12 more replies
Answer Match 53.76%

When I try to delete a few videos on my desktop it will not allow me by saying that they are use by another program. The other program has been uninstalled a little while back so I am not sure how to fix. I've checked several places and it's not on my computer any longer. How do I get this stuff deleted

A:The action can't be completed bec the folder/file is in use by another

Can you delete them after a reboot?

Can you delete them after a reboot into safe mode?

2 more replies
Answer Match 52.92%

...because the folder of file in it is open in another program'

I have closed down all files but still it wont move.

I am sure it's a simple solution...something to do with the file property perhaps?!

Thanks in advance.

K

A:Trying to move a file and receive 'this action cannot be completed...

Welcome to 7 Forums. Can you give us a bit more information such as what type of file you're trying to move, where from and where to?

5 more replies
Answer Match 52.92%

Hi, the computer came with a Users action User.  I am unable to delete the account.  I am told the file is open in another program even after I perform a safe boot. How come?
KC

More replies
Answer Match 52.5%

When trying to rename a new folder in Windows 7, the user gets the message "the action can't be completed because the folder or a file in it is open in another program." We have tried turning off indexing for the parent folder. We can delete the folder. We just can't rename it. It has 'Read-only' attribute. Any suggestions?

A:"The action can't be completed because the folder or a file in it is open in another program"

Try this: File Unlocker.

2 more replies
Answer Match 52.5%

First, a bit of background. I had just recently installed my Logitech Webcam software, and later on today I've deleted the installer to the recycle bin and am trying to empty the recycle bin. When I do this, I get this message:http://img64.imageshack.us/img64/7600/capturerhf.jpgFirstly, why is this happening in the first place? It's simply an installer? The application itself has installed fine and I should have no problem deleting the installer, right?What does it mean, "because file is open in Application Experience"? What on earth is this?Also, why is the file named "lws201_full.exe", yet in that image I have provided, it's called "$RX8JXFZ.exe"? Also worth noting that the file is 0 bytes in the image I provided, yet the original file itself is 114 MB . Say what?!The file deletes itself fine if I cancel or try again, but I still don't understand why this happens. Thanks so much for your assistance in clarifying this issue for me.

A:Action can't be completed because file is open in "Application Experience"

You can download TFC .This will help,it will dump all temp files.You will have to save this to your desktop.It has to be run from desktop cant be run from temp file.

6 more replies
Answer Match 52.5%

Hi,

I'm getting this message when I try to transfer folder to another location on my hard drive.
"The action cannot be completed because the folder or a file in it is open in another program."

The problem is I don't know what program has the folder open. How do I find out which program it is so I can close it and move the folder to another location?

TIA

A:This action cannot be completed b/c the folder or a file in it is open in another program

Try unlocker: http://www.filehippo.com/download_unlocker/

3 more replies
Answer Match 52.08%

Hello,

we have a Lotus Notes database where we embed Excel files into a Lotus Notes Document.

Some of our users are reporting an issue where they get the message :
"Object request has not completed because the file already exists" and the users cannot open the file.

This only occures if the user tries to open the Excel sheets from his Local Lous Notes replica. When the user works from the server the file can be openend without any problems.

Does anybody know what this could be?

Regards,

Atomic Wedgie
 

A:Lotus Notes: Object request has not completed because the file already exists

Hiya and welcome

I've moved this to Business Applications for more response

Are you still having this problem? If so, which version of Lotus Notes are you using? If you're not sure, open Lotus Notes, and click on Help | About.

Also, which version of Excel file are you embedding?

I've found this, if its outlining what you see:

Object Request Errors Occur When Opening OLE Object
Regards

eddie
 

1 more replies
Answer Match 47.04%

When I try to move a folder into another folder (sub-folders into the main "MY DOCS" folder, I get the error message: "The action can't be completed because the folder or a file in it is open. Close the file and try again."

NO, no other folders are open; went to task manager and made sure. No backup running. I've tried a web search others have had this issue. The suggestion was to empty the temp folder, but this didn't help.

Any advice? This happens for ANY folder I try to dump into the main one.
 

More replies
Answer Match 47.04%

Whenever I try to move or rename files (or anything else that would change something about it), I frequently get the message "The action can't be completed because the file is open in another program." The thing is, it's not open in any program.

It usually happens immediately after it was open, though. It also usually happens with movie files. So, I'll watch a movie file, close WMP and try to change the filename, and it'll give this message. I have to wait for about two or three minutes before I can change it. It's very frustrating to have to wait every time I need to change a file. Is there a way to fix this?
 

A:"The action can't be completed because the file is open in another program"

7 more replies
Answer Match 43.68%

Hi I'm new to here and am in need of help -
I ORIGINALLY POSTED IN THE ANTI-VIRUS AND ANTI-MALWARE FORUM, BUT WAS ASKED TO MOVE IT HERE...
 
Pasted below and attached are the files that I was asked to provide. Thank you for your help trying to sort this out. I have a MacBook Pro (2011) which I have partitioned with Boot Camp so that I now have Windows 7 64-bit running on one partition and Mac Snow Leopard 10.6.8 running on another. It appeared that someone had hacked into my computer and was creating files and extracting information, while quickly filling up the free space on my hard drive (Mac partition). I then decided to use my Windows partition instead so that I was able to get my work done and meet the deadlines I was up against. The same thing began happening on the Windows partition. So, I formatted the HD removing both operating systems and reinstalled them. Same problem began happening again. This all seemed to start around the time I was trying to move the content of by wife's iPhone to a different iPhone, using the Verizon / Apple iCloud. "iTunes Helper" was an application that I had a difficult time shutting down, and I'm guessing that it had something to do with kicking this off. Just speculation though.. I've also just received a new modem/router combo from TWC, that really came with no instructions on how to set it up. I may have failed to set the security up on it correctly. I did run the ComboFix as the TWC support tech asked me to do and I now... Read more

A:ComboFix - DDS File & Attached Log File

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520716 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 42.84%

Hi,

I think I have the correct forum for this thread. If not, I'm sorry about the misunderstanding. My computer got infected with Antivirus Suite. I keep getting the Antivirus Suite pop-up screen and another one in the lower left corner of the screen labeled Antivirus Alert and asks me if I want to buy protection or continue unprotected. Also, despite the fact that I use Mozilla Firefox as my browser, the infection also causes my Internet Explorer to open up to an unpleasant website. I tried removing the Antivirus Suite infection with ComboFix, but I'm stuck at the end of the process. I followed all of the prompts that were listed on bleepingcomputer.com's instruction list for running ComboFix. After everything was finished a log report was generated and I saved it. When I minimized the screen with the report I noticed that the icon on my desktop for ComboFix that was there after I saved it to my desktop early on in the process was no longer on my desktop. Is this a problem? At the end of the instructions is says "Post this log as a reply to the topic where you were asked to run combofix". The program never gave me a screen asking me run combofix where I could post the report as a reply. I don't know when to actually use the ComboFix log file. Did I miss something? I tried this last night, too, but the infection is still on my computer. Last night I had a separate log file created, but I can only find the one generated from today. I don't kno... Read more

A:When do I use ComboFix Log File?

Please follow the instructions given here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Answer Match 42.84%

Hi,

I run ComboFix on my computer and am posting here the Log for your help and assistance. Many thanks in advance.

ComboFix 11-09-05.03 - Administrator 05/09/2011 19:02:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1055.18.503.258 [GMT 2:00]
Running from: c:\documents and settings\Administrator.MALOK\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Power Search Tool
c:\program files\Power Search Tool\alert_plugin.dll
c:\program files\Power Search Tool\basis.xml
c:\program files\Power Search Tool\ebay.bmp
c:\program files\Power Search Tool\icons.bmp
c:\program files\Power Search Tool\logo-4.bmp
c:\program files\Power Search Tool\mbback.bmp
c:\program files\Power Search Tool\mbbigopen.bmp
c:\program files\Power Search Tool\mbclose.bmp
c:\program files\Power Search Tool\mbfwd.bmp
c:\program files\Power Search Tool\mbsep.bmp
c:\program files\Power Search Tool\nav1c.bmp
c:\program files\Power Search Tool\options.html
c:\program files\Power Search Tool... Read more

A:ComboFix Log File

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.Your ComboFix log is clean.Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please post the log and let me know what problem persists.

2 more replies
Answer Match 42.84%

Apparently someone can make sense of the log file that Combofix saved for me. Does anybody know where I should put it.
(Sensible suggestions only please!)

A:Combofix Log File

Combofix logs should not be posted unless asked for. If you feel you have a malware issue please follow the guidelines here: http://www.bleepingcomputer.com/forums/topic34773.html

Skip any steps you are not able to perform and make note of those when you post your reply.

2 more replies
Answer Match 42.84%

I am referring to this topic :
http://www.bleepingcomputer.com/forums/t/527541/programs-delay-act-independently-crash-and-now-whole-computer-freezes/
 
I dont have the original log saved, so I made a new. After program execute, I was unable to reach this site(other sites I could but not this for some time)
Also I notice that firefox misses some functions now. Download box is gone, as well my "paste" property in mouseclick..
 
EDIT:
I added here the symptoms for you to help diagnoze what is wrong
-Constant delays in programs(crashes, unresponsible, long delays, weird behaviour)games(minimize, fps drops and freezes) net(packet loss, cant find website randomly, slow dl)
-Memory usage jumps sometimes causing long delays, complete freezes, graphic errors and monitor switching on / off
-Weird random cursor icons appearing
-Also switching off USB ports sometimes(headsets, keyboard, mouse)
What I ran previously:
-Memory Diagnostics
-Benchmark
-CPU Monitor tools
-Harrdisk monitor tools
-Driver updates
All seem ok in hardware.
For software(separately run, and logical order)
-Mwbytes Antimalware
-Spybot S&D
-Avast!
-Avira
-OTL
-RogueKiller and Rkiller
-Combofix
-SecurityCheck
-MWbytes extra tools (rootkit  & exploit)
-Online scanners (eset, bitdefender, f-secure)
 
Problems persists
 
I would suspect I am under attack of something or someone, since the symptoms are not constant, but rather come randomly
Furthermore, I will find new instances of malware e... Read more

A:My log file for ComboFix

 ComboFix.txt   31.87KB
  2 downloads

29 more replies
Answer Match 42.84%

I am running Windows 7 64 bit and over the past few days my machine has not been booting up properly, running slowly, and clearly just bogged down with malware and / or virus concerns.My audio has also not been functioning. Today when I typed a search term in my Google Chrome bar it resulted in a Bing Search result. After some research, I discovered that this is due to a virus that has been causing some trouble as of late. I can only start my computer in Safe Mode, and it takes quite a few minutes to boot up. My IT guy downloaded and ran Microsoft Security Client and also Malwarebytes(sp?), neither of them turned up anything. He also than ran a Linux-based anti-virus software which again came up empty. He had to leave the office early and I am in a real jam. His last instruction was for me to download and run ComboFix and post my log on this site. I ran it and have pasted the log below. As an aside,after running the scan, my computer appeared to have booted up in standard mode, not safe mode. I was, however, unable to open any apps (e.g. Word, PPT) and received a message indicating that I couldn't open them because they were scheduled to be deleted. Anyway, if someone could PLEASE help me with next steps, it would be greatly appreciated. Thank you so much.

ComboFix 11-07-19.04 - vnorpel 07/19/2011 20:31:48.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.3073 [GMT -4:00]
Running from: c:\users\vnorpel\Downloa... Read more

A:ComboFix Log File

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 42.84%

ComboFix 11-07-24.03 - STEFCHO 07/25/2011 11:51:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1535.851 [GMT 3:00]
Running from: c:\documents and settings\STEFCHO\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\STEFCHO\Local Settings\Application Data\.#
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-20 10:41 . 2005-11-13 20:20 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-07-20 10:41 . 2005-11-13 20:22 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-07-20 10:41 . 2005-11-13 20:21 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-07-20 10:41 . 2005-11-13 20:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-07-20 10:41 . 2005-11-13 20:22 757760 ----a-w- c: ... Read more

A:combofix log file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411120 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

2 more replies
Answer Match 42.84%

Hi all
I ran combofix.exe and it created a log file. Did it actually do anything, fix my computer, etc?

Can I send my log file in?

The computer I ran this on had been reported as having 200 or more internet connections... like a torrent was running on my PC, but I can not find it.

Thanks in advance
Dean-O

A:ran combofix now what do I do with the log file

I have moved your post from the HJT this forum as it does not contain a HJT log. However you are asking about Combofix:Please note the message text in blue at the top of this forum.ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please wait for one of our 'First Responders' to reply to this thread to assist you with your issue.

1 more replies
Answer Match 42.84%

I would greatly appreciate any help/advice on resolving on the following.On 28Aug 2009 I used Combofix to add the Recovery Console to the Boot Menu of my Toshiba Satellite Pro M70 laptop, which is running on Win XP Pro SP3.(if necessary, refer to my previous post of 29Aug2009).After adding the Recovery Console to the Boot Menu, I then uninstalled Combofix, and deleted all the Combofix entries in the Registry, but left 3 folders that are associated with Combofix in the root directory (Combofix, cmdcons & Qoobox).Today I ran a full scan of the C: partition with SuperAntiSpyware, and it detected Trojan.Agent/Gen in 2 files:C:\Windows\PEV.EXEC:\System Volume Information\-Restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP220\A0032428.EXESo far I have not taken any action using SuperAntiSpyware to quarantine &/or remove the 2 files, because scans with MalawareBytes and my CA Antivirus V8.4 software did not detect the Trojan.Agent/Gen, and therefore I don't know whether the SAS detection is just a false positive.I did a google search for PEV.EXE, and some of the results suggested that PEV.EXE is associated with Combofix.I checked the properties of the PEV.EXE file, and in the General tab the info given is:Type of File: ApplicationSize: 224 KB (229,376 bytes)Size on Disk: 224 KB (229,376 bytes)Created: 28Aug2009, 10:50:22Modified: 23 Aug 2009, 03:09:13 ???The Time Created (28/08/09, 10:50:22) of the PEV.EX file is similar to the Times Created ... Read more

A:Is PEV.EXE a Combofix File ?

Unfortunately the author of the tool does not want information on how Combofix works on public forums. This is in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. That's the decision by the creator and we will abide by that decision.Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.The only public information that is available can be found at this guide:How to use ComboFix***************************************************That being said, PEV.exe is safe for you to delete.A0032428.EXE can be deleted by purging System Restore.Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to disable and enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore GuideRe-enable system restore with instructions from tutorial above.

1 more replies
Answer Match 42.84%

Hi there,

I have a computer that appears to be infected with KVMsecure because it often says to load their software to be secure. I ran hijackthis and cleaned what I could find. I ran Spybot and it cleaned some but not others like ZLOB. I ran Combofix and thought it would fix it but it also did not fix it.

When I surf, a window will appear to say the site is infected or unsecure and I should install KVMsecure. If I press the ignore button, a big warning appears.

Whenever I found a solution to clean KVMsecure, I wasn't able to locate any of the files they asked to clean so it appears not to be infected but something is.

Can anyone tell direct me on how to resolve tihs annoying problem.

Should I copy the Combofix log?

Thanks

A:Combofix Log File

Hi TSSNick, Welcome to Bleeping Computer.Should I copy the Combofix log?No.Combofix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Note the warning in bold blue type at top of the Am I Infected forum.

1 more replies
Answer Match 42.84%

ComboFix 10-02-03.08 - Eileen 04/02/2010 20:09:04.1.1 - x86
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.1012.356 [GMT 0:00]
Running from: c:\users\Eileen\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1614643970-589565283-2033844739-500
c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\users\Eileen\AppData\Local\{3AAED5F4-63BE-4BF7-8543-E38E79C959C4}
c:\users\Eileen\AppData\Local\{3AAED5F4-63BE-4BF7-8543-E38E79C959C4}\chrome.manifest
c:\users\Eileen\AppData\Local\{3AAED5F4-63BE-4BF7-8543-E38E79C959C4}\chrome\content\_cfg.js
c:\users\Eileen\AppData\Local\{3AAED5F4-63BE-4BF7-8543-E38E79C959C4}\chrome\content\overlay.xul
c:\users\Eileen\AppData\Local\{3AAED5F4-63BE-4BF7-8543-E38E79C959C4}\install.rdf
c:\users\Eileen\AppData\Local\acewavad.dll
c:\users\Eileen\AppData\Local\KBDINl32.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\jgaw400.dll
c:\windows\system32\twain_32.dll
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 20:24 . 2010-02-04 20:39 -------- d-----w- c:\users\Eileen\AppData\Local\temp
2010-02-04 20:24 . 2010-02-04 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-03 20:31 . 2010-02-03 20:32 ... Read more

More replies
Answer Match 42.84%

Wasn't able to access msn.com, symantec.com, or update avg. Ran comboFix.exe and received the following log file:ComboFix 10-02-17.01 - dellison 02/18/2010 9:33.1.1 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.152 [GMT -5:00]Running from: c:\documents and settings\dellison\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\EventSystem.logc:\windows\system\oeminfo.inic:\windows\system32\_000006_.tmp.dll.((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 ))))))))))))))))))))))))))))))).2010-02-18 14:17 . 2010-02-18 14:17 962496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll2010-02-18 14:17 . 2010-02-18 14:17 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe2010-02-18 14:17 . 2010-02-18 14:17 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe2010-02-18 14:17 . 2010-02-18 14:17 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe2010-02-18 14:17 . 2010-02-18 14:17 815184 ----a-w- c:\documents and settings\A... Read more

A:ComboFix.exe log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 42.84%

Hi friends i am new to these kind of malware removing. I have been using computer for many years & i dont install anything so i was not infected by threatening spyware or malware programs which would do major corruption though i would be having some spy ware & add ware. Recently i left my friend to use my computer & he downloaded bandoo when he was chatting, i found out from the history & from programs. What this one did is that it changed all my home page to searchqu. So i first disabled system restore & removed it & other things installed with it from the add/remove & some other toolbar s it came with & reseted all IE, Mozilla & chrome settings & was able to change my homepage. I dont install anything like this(advertisement) in my computer as i know it will corrupt system files, i am going to check whether that guy has the tool installed in his computer or else i will install this bandoo in his system as he too knows that & am very sure he will not install in his computer but i dont know why he did it to me, if i find he has done in purpose, i am sure i am going to install in his computer too, let him then remove it wasting some time like how i did. Still i think it has corrupted my registry files, so when i searched for this i found that i need to run combo fix & send the log to this site or some other geek site, i choose this one & i am going to run this tool to see what has happened & will post the log info once i... Read more

A:Hi help me with log file for combofix

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Answer Match 42.84%

Can You please analyze my log file, as I'm not an expert
Thanks in Advance!

Spoiler: Log File
ComboFix 16-02-05.01 - Keanu 02/07/2016 22:20:40.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1160 [GMT -8:00]
Running from: c:\users\Keanu\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1454310879.bdinstall.bin
c:\programdata\1454311183.bdinstall.bin
c:\programdata\1454311331.bdinstall.bin
c:\programdata\1454312710.bdinstall.bin
c:\programdata\1454312883.bdinstall.bin
c:\programdata\1454312922.bdinstall.bin
c:\programdata\1454313003.bdinstall.bin
c:\programdata\1454313690.bdinstall.bin
c:\programdata\1454350944.bdinstall.bin
c:\programdata\1454350952.bdinstall.bin
c:\programdata\1454351070.bdinstall.bin
c:\programdata\1454353864.3272.bin
c:\programdata\1454353864.bdinstall.bin
c:\programdata\1454353870.bdinstall.bin
c:\programdata\1454360864.bdinstall.bin
c:\programdata\1454470958.bdinstall.bin
c:\programdata\1454470960.bdinstall.bin
c:\programdata\1454565310.bdinstall.bin
c:\programdata\1454738721.bdinstall.bin
c:\programdat... Read more

More replies
Answer Match 42.84%

I have run the combofix and this is my log file I need this analyzed and please let me know what I need to do next.

A:combofix log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 42.84%

Found something over 10 viruses mostly trojan horses/backdoors found in the AbodeUpdater.exe, Windows Defender mpcclient.exe and few other files.

Below if the log file if anyone can help it is greaty appreciated and THANKS. My PC is Windows Vista

ComboFix 10-02-11.04 - Jamie 12/02/2010 13:40:27.1.1 - x86
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.446.174 [GMT 0:00]
Running from: c:\users\Jamie\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\users\Jamie\AppData\Roaming\updater.exe
c:\windows\system32\mscommon.inf
c:\windows\system32\msconfig32.sys
c:\windows\system32\zf32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 13:49 . 2010-02-12 13:49 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2010-02-12 13:49 . 2010-02-12 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-12 13:20 . 2010-02-12 13:20 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2010-02-11 15:44 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-11 15:44 . 2010-02-11 15:44 -------- d-----w- c:\programdata\Malwarebytes
2010-0... Read more

More replies
Answer Match 42.84%

Hi everyone,

recently I had some problems with my computer on the login desktop. Usually, when I choose my name from computer's users, the PC starts to not respond at commands and it freezes. I used combofix to repair the damage: here is the log file in attached files.

Can anyone help me?
Thanks in advance,

Edoardo

PS: sorry for my bad english

A:Help: Combofix log file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Open notepad and copy/paste the text in the quote box below into it:
Driver::
MpKsl041a6cd2
MpKsl0aef340c
MpKsl13eb04cb
MpKsl19f327bc
MpKsl287fc091
MpKsl32264185
MpKsl54299528
MpKsl5d17dd7b
MpKsl7b20f282
MpKsl8462ffbc
MpKsl854a74d2
MpKsla7f8509e
MpKsld202be59
MpKsld23c8546
MpKsld3624eaa
MpKsldc7a4770
MpKsle8c41ed4

ClearJavaCache::
Save this as CFScript.txt on your desktop.Referring to the picture above, drag CFScript into ComboFix.exeThen post the resultant log.===All the empty folders in this location in bold can be deleted.c:\users\Pap?\AppData\Local\{48FEE45A-819D-4F63-9381-0F9C8ACA27D4}The folders are all in this format {48FEE45A-819D-4F63-9381-0F9C8ACA27D4}Delete them all.These folder are created everyday. I know I clean them once a week.===A .jpeg files in this folder were deleted.c:\users\Mamma\20110511 Cena di CompleannoIf you know what they are and want them back please let me know we can restore them.===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automa... Read more

4 more replies
Answer Match 42.84%

Hi everyone,

My computer is not running properly. I can only run it on safe mode, and antivirus does not work.
I managed to run a portable one, and even though it identified over 600 threats it didnt fix the problem.
Then, I run combofix, and this was the result. Could someone read it for me, and tell me what to do next?

Thank you
 ComboFix.txt   23.09KB
  3 downloads

A:Combofix log file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459528 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 42.84%

I just ran combofix and need to know what i do next.ComboFix 10-08-09.02 - DAVID VILLALBA 08/09/2010 19:09:33.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.591 [GMT -7:00]Running from: c:\documents and settings\DAVID VILLALBA\Desktop\Combo.exe.((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 ))))))))))))))))))))))))))))))).2010-08-08 21:44 . 2010-08-09 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2010-08-08 21:44 . 2010-08-08 21:44 -------- d-----w- c:\program files\NOS2010-07-19 21:22 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe2010-07-16 17:44 . 2010-07-16 17:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2010-07-16 17:40 . 2010-07-16 17:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-10 00:34 . 2007-02-06 07:05 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-08-09 20:51 . 2007-02-06 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-08-08 23:02 . 2009-09-28 09:21 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-14 19:46 . 2008-09-15 05:44 -------- d-----w- c:\do... Read more

A:Combofix log file

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Answer Match 42.84%

This is my first time posting to this site so I apologize if I do it incorrectly, I'm just looking for help. My laptop had been infected with the Vista Security Tool malware program. I've had a few people in my family attempt to fix it but there was little improvement made. The main problem is that anytime I needed to open a program, it would ask what program I wanted to open it with. I could only access the internet by using Mozilla Firefox, and that was it. I googled, " When I open a program on my laptop it asks what program I should open it with" and found a forum where somebody had the same problem. Somebody posted a solution advising them to use ComboFix. I let it run and it seems to have helped, but I need to have the log file read I guess. It suggested this site and said to post my log file here for somebody to analyze and help me with the next steps. So, do I just post the log file here? I'm wary about posting it at first just in case I shouldn't be.

A:ComboFix Log File

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

2 more replies
Answer Match 42.84%

See attachment for log file

A:ComboFix Log File

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Answer Match 42.84%

Dear All!

My computer was attacked by troian viruses. By next of it I can not update my Windows through the Windows Updating process. I have found the information that the ComboFix make a system scan, than sombody can verify this log and send me sugestion to fix my problem. Who and where can help me? How ca I attached the file?

Regards

Sławek

A:ComboFix log file

The first thing you need to do is create a DDS log file. From there a trained tech will guide you through ComboFix. Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far. If you need any help with the guide, please let me know.

2 more replies
Answer Match 42.84%

first of all excuse me for my imperfect english. I run combofix to free my pc from virus that other anti virus programs (avast avir avg 8.5) did not recognize. the first time I Run combofix, it eliminated steup.exe but my pc continue to have very big big problems (after few minutes no action is possible and i have to restart the machine).this is combofix log file. please help me. my problems began on 29 or 30/09/2009ComboFix 09-10-07.02 - Administrator 08/10/2009 14.40.11.2.2 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.185 [GMT 2:00]Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))..---- Esecuzione precedente -------.c:\programmi\\setup.exeC:\setup.exe.((((((((((((((((((((((((( Files Creati Da 2009-09-08 al 2009-10-08 ))))))))))))))))))))))))))))))))))).2009-10-04 19:54 . 2009-10-04 19:54 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AVG Security Toolbar2009-10-04 15:50 . 2009-10-05 12:15 -------- d-----w- C:\$AVG8.VAULT$2009-10-04 14:30 . 2009-10-04 14:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-10-04 14:30 . 2009-10-04 14:30 108552 ----a-w- c:\windows... Read more

A:is there anyone who can help me with combofix log file?

Hello paolopucciPlease note the message text in blue at the top of the Am I infected? What do I do? forum. ComboFix logs should not to be posted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. That's the decision by the creator and we will abide by that decision.Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". When you have done that, post your combofix and DDS/HijackThis log in the HijackThis Logs and Malware Removal forum for assistance by the HJT Team Experts.Alternatively you can start a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results but do not repost your combofix log. Then if needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed... Read more

1 more replies
Answer Match 42.84%

Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator. The BC Staff

More replies
Answer Match 42.84%

ComboFix 09-11-08.03 - Samantha 06/11/2009 15:06.1.1 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.344 [GMT -7:00]Running from: c:\documents and settings\Samantha\Desktop\ComboFix.exeAV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users.WINDOWS\Application Data\93329632c:\documents and settings\All Users.WINDOWS\Application Data\93329632\93329632.batc:\documents and settings\All Users.WINDOWS\Application Data\93329632\93329632.exec:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Protect\svhost.exec:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Protect\track.sysc:\documents and settings\Samantha\Desktop\Security Tool.lnkc:\documents and settings\Samantha\Local Settings\Temporary Internet Files\CSC2.5U-EN-813-I.sbr.sgn.unsgnc:\documents and settings\Samantha\Start Menu\Programs\Security Tool.lnkc:\documents and settings\Tanner\Desktop\~.exec:\documents and settings\Tanner\Desktop\Security Tool.lnkc:\documents and settings\Tanner\Local Settings... Read more

A:My combofix log file

Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.The BC Staff

1 more replies
Answer Match 42.84%

Hello,I am trying to fix my parents pc.They had installed mcafee for a long time now but they had a virus/trojan installed for how long???I saw there was something wrong when I tried to go to the website of www.mcafee.com, this site was being redirected automatically to www.google.com!After that I tried to reach different anti-virus websites and they were blocked or redirected too (tried it in 4 browsers), so I knew there was something wrong because on my smartphone I could just reach all of these sites. First I deinstalled mcafee (after running a scan), because this one didnt saw the virus at all, too bad the uninstaller froze at the end of uninstalling but mcafee was uninstalled.After that I tried running these malwareprograms: TDSSkiller, malwarebytes and another simillar program from symantec (forgot its name).These didnt find anything eather and the anti-virus websites were still redirected.Then I saw combofix, run it in safe mode in winXP and after that everything was normal again!The startup time from IE8 is amazingly fast now (maybe this is because mcafee siteadvisor is properly removed now too?).I installed avira free antivirus afterwards and run the total system scan, this found:TR/PSW.Zbot.2525 C:qoobox/quaratine (combofix quarantine?)TR/PSW.Zbot.2525 C;system volume informationTR/PSW.Zbot.2495 C;system volume informationTR/Ransom.Gimemo.vhu C;system volume informationI am now running microsoft malware/malisious software tool june-2012Can anyon... Read more

A:Combofix help after log file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===We have no way of knowing how you got infected. The ComboFix log is clean.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please let me know of any issues with this computer.

7 more replies
Answer Match 42.84%

Can anyone let me know what to do after having run combofix.exe and gotten the attached log file?

Many many thanks.

Matteo

A:Help with combofix log file

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Answer Match 42.84%

ComboFix 07-11-08.3 - Passakorn.Pathumsut 2007-11-14 12:24:18.1 - NTFSx86Running from: C:\Documents and Settings\Passakorn.Pathumsut\Desktop\ComboFix.exe * Created a new restore point. Unable to gain System Privileges((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnkC:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnkC:\Documents and Settings\Passakorn.Pathumsut\Desktop\Live Safety Center.lnkC:\Documents and Settings\Passakorn.Pathumsut\Desktop\Online Security Guide.lnkC:\Documents and Settings\Passakorn.Pathumsut\Favorites\Online Security Guide.lnkC:\WINDOWS\cookies.iniC:\WINDOWS\system32\awtst.dllC:\WINDOWS\system32\ptiwvemm.dllboxC:\WINDOWS\system32\tstwa.bak1C:\WINDOWS\system32\tstwa.bak2C:\WINDOWS\system32\tstwa.iniC:\WINDOWS\system32\tstwa.ini2C:\WINDOWS\system32\tstwa.tmp.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_DOMAINSERVICE-------\DomainService((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))).2007-11-14 12:23 51,200 --a------ C:\WINDOWS&#... Read more

A:Log File From Combofix

Hi Noknoi, If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you. Follow the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Thanks for your patience! P.S. Please copy/paste the log into this thread using the Add Reply button.

1 more replies
Answer Match 42.84%

ComboFix 12-12-02.01 - Britters 12/03/2012 13:56:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2063 [GMT -8:00]
Running from: c:\users\Britters\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 22:04 . 2012-12-03 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 22:02 . 2012-12-03 22:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD4A1B28-786B-459A-B8FA-E470BFB0A194}\offreg.dll
2012-12-03 21:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD4A1B28-786B-459A-B8FA-E470BFB0A194}\mpengine.dll
2012-11-16 06:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 06:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 06:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 06:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 06:17 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-16 06:17 . 2012-10-08 11:13 2382848... Read more

A:ComboFix Log File

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe... Read more

2 more replies
Answer Match 42.84%

I plugged my flash drive into my school's network and as expected, i picked alot of malicious software....i brought it home, plugged it in and ran AVG. The viruses/worms etc. were detected and i deleted them but they kept reappearing and they're on my external hard drive too. Now everytime i insert this external Hard Drive, Windows asks me which kind of program which i normally shouldn't (and doesn't) do. Also, this new Internet Explorer icon appears on my desktop when theres already a shortcut for it.
I ran ComboFix and this problem was temporarily solved but it happens every time i plug in my hard drive....if someone has the time, could they take a look at my log file...anyone's help would REALLY be appreciated..
Cheers
Humza

A:Combofix Log File

Hello humza and welcome to BC It sounds as though you have a flash infection. Please tell us what your operating system is: Windows XP, Vista, etc. What security programs do you have installed? Please name them. I see that you have AVG. Is that the AntiVirus program or the AntiSpyware program?Orange Blossom

1 more replies
Answer Match 42.84%

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please explain what problems you are having with this computer.Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.Wait for further instructions.

A:I've Combofix log file, What should I do now ?

Thank you for the answer. FRST file here,  Addition in attach.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 01Ran by Ata Anıl (administrator) on GÜMÜŞ (13-07-2016 20:55:34)
Running from C:\Users\Ata Anıl\Desktop\frst
Loaded Profiles: Ata Anıl (Available Profiles: Ata Anıl)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(TeamViewer GmbH) ... Read more

0 more replies
Answer Match 42.84%

I need some help. Firstly i'm running Windows XP Home SP3. The other day i started with some virus. It came up in Trend micro as Cryp_Morphine. I was able to get rid of that all i'm prety sure. However at the same time i was having an issue with my Windows Auto Update was turned off and it will not let me start it. So after some research i came across the same issue with Windows update from other users and it was suggested to try combo fix. I ran this program last night and after it was complete i re-booted then i was able to get windows update to work again so i ran one more trend micro scan and a mention of a Vundo virus came up. It was quarentined and then i deleted it. well all was good and then today i woke up and checked my comp and the Windows update is disabled again and having the same issue. so i'm under the impression that the virus is still around. Please let me know if i should post the combofix log.

A:Combofix Log File Help !

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "... Read more

4 more replies
Answer Match 42.84%

hello. i use combo fix to scan my computer. i ran it fourth times. at first it show that delete autorun.int and amvo.dll and ... from my hard drive and stop and didn't work. i reset my computer. at the second time it deleted one autorun.inf from my harddrive and then stop.i reset my computer. at third time it run to stage 24 and then stop. i reset my computer. and finally at fourth time it complete and repoted a log file below. ComboFix 08-04-12.5 - payroll 04/14/2008 20:48:16.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.577 [GMT 4.5:30]Running from: C:\Documents and Settings\payroll\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.G:\Autorun.inf.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CCEVTMGR-------\Service_ccEvtMgr-------\Service_ccPwdSvc((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-04-14 16:20 --------- d-----w C:\Program Files\Symantec AntiVirus2008-04-12 20:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-04-12 19:46 --------- d-----w ... Read more

A:Log File Of Combofix

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum.. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Answer Match 42.84%

are there currupt files in these logs?thanks BorderComboFix 07-10-06.5 - Jeff Kummerfeldt 2007-10-06 12:08:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.225 [GMT -5:00]Running from: C:\Documents and Settings\Jeff Kummerfeldt\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data.\StarwareC:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafe.bmpC:\Documents and Settings\All Users\Application Data.\Starware\buttons\cursorcafeA.bmpC:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindIt.bmpC:\Documents and Settings\All Users\Application Data.\Starware\buttons\FindItHot.bmpC:\Documents and Settings\All Users\Application Data.\Starware\buttons\findithotxp.pngC:\Documents and Settings\All Users\Application Data.\Starware\buttons\finditxp.pngC:\Documents and Settings\All Users\Application Data.\Starware\buttons\games.bmpC:\Documents and Settings\All Users\Application Data.\Starware\buttons\gamesA.bmpC:\Documents and Settings\All Users\Application Data.\St... Read more

A:Log File For Hjt And Combofix

Hello bordercy, Please delete the version of Combofix you are using now and redownload it again, because Combofix is being updated everyday. If your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT attach the logs, as that makes it hard to read. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

11 more replies
Answer Match 42.84%

I have downloaded and ran ComboFix program and have a saved log file need to know what to do with it.

A:ComboFix log file What to do with it?

Hello and welcome to TSF.

First of all, ComboFix is not a tool which should be used in an unsupervised environment.


Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.




We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 42.84%

Hi,

This is my first time posting so I hope this is the correct procedure in asking for help. Attached is my ComboFix Log file. Any help would be greatly appreciated!

A:ComboFix Log File

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

57 more replies
Answer Match 42%

i have some viruses that i can't get rid off, i scaned my pc with Combofix, please help to analyze the log file ComboFix 10-10-10.02 - S?bastien 11/10/2010 17:02:22.1.2 - x86Microsoft Windows XP ?dition familiale 5.1.2600.3.1252.33.1036.18.1022.219 [GMT 2:00]Lanc? depuis: c:\documents and settings\S?bastien\Mes documents\T?l?chargements\ComboFix.exeAV: Securitoo AntiVirus Firewall 6.15 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}FW: Securitoo AntiVirus Firewall 6.15 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} * Un antivirus r?sident est actifAVERTISSEMENT - LA CONSOLE DE R?CUP?RATION N'EST PAS INSTALL?E SUR CETTE MACHINE !!.Les fichiers ci-dessous ont ?t? d?sactiv?s pendant l'ex?cution:c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll(((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Fast Browser Searchc:\program files\Fast Browser Search\IE\1.batc:\program files\Fast Browser Search\IE\about.htmlc:\program files\Fast Browser Search\IE\affid.datc:\program files\Fast Browser Search\IE\basis.xmlc:\program files\Fast Browser Search\IE\basis_br.xmlc:\program files\Fast Browser Search\IE\basis_de.xmlc:\program files\Fast Browser Search\IE\... Read more

A:please help to analyze Combofix log file

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 42%

Hello,
recently I have had a few problems with malware. Now I am experianceing this: whenever I start Mozilla, only after a few minutes of surfing it blocks and must be turned off. Something similar happens to my Yahoo messenger. When I try to start it i get a message that it has bug in the program and can't be run. I am using Windows xp profesional, sp2. Thanks.

A:Check Combofix Log File

Hello ivana7cWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.Right above where you posted it says not to run Combofix unless asked, if you run programs on your own you take the chance of borking your system. The error your getting for the missing dll file is related to the Vundo Trojan but its still has a run entry . If you have not resolved your issue and still need assistance I need you to post a Hijackthis log. Do it exactly this way.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.Ken

2 more replies
Answer Match 42%

Hello all,I ran ComboFix. Can someone please look at me combofix.txt file and let my know if all is well?Sincerely,nobleheightThe following is the combofix.txt file:ComboFix 08-07-09.2 - Owner 2008-07-10 0:57:37.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.584 [GMT -4:00]Running from: C:\Documents and Settings\Owner\Desktop\comboxfix 20080709\bleepingcomputer.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\comboxfix 20080709\WinXP_EN_HOM_BF.EXE * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\oeminfo.iniC:\WINDOWS\system32\x64.((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))).2008-07-09 23:23 . 2008-07-09 23:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg82008-07-09 18:01 . 2008-07-09 18:01 <DIR> d----c--- C:\Program Files\Lavasoft2008-07-09 18:01 . 2008-07-09 18:02 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-07-09 18:00 . 2008-07-09 18:00 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard2008-07-01 20:14 . 2008-07-01 20:14 <DIR> d----c--- C:\Program Files\NCH Software2008-07-01 20:10 . 2008-07-01 2... Read more

A:Nobleheight's Combofix.txt Log File

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Answer Match 42%

Hey can some one help me? this is my log file I scanned in safe mode if that makes a difference.ComboFix 11-04-30.06 - Home 01/05/2011 16:07:18.1.2 - x86 NETWORKMicrosoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1790.1128 [GMT -7:00]Running from: c:\users\Home\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))..2011-05-01 23:12 . 2011-05-01 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp2011-05-01 23:05 . 2011-05-01 23:05 -------- d-----w- C:\32788R22FWJFW2011-05-01 09:28 . 2011-05-01 09:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-05-01 02:19 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-05-01 01:50 . 2011-05-01 01:50 -------- d-----w- c:\program files\GreedyTorrent2011-05-01 00:42 . 2011-05-01 02:19 -------- dc----w- c:\windows\system32\DRVSTORE2011-05-01 00:34 . 2011-05-01 00:35 -------- d-----w- c:\program files\Google2011-05-01 00:34 . 2011-05-01 02:18 -------- d-----w- c:\programdata\Lavasoft2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\programdata\Malwarebytes2011-04-29 20:34 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-04-29 20:34 . 2011-04-... Read more

A:Combofix log file. Am I safe?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

30 more replies
Answer Match 42%

Mod edit: Moved to appropriate forum.~~boopmeUnfortunately I came by Combofix in a roundabout way and missed the disclaimer to not run the prog unless directed to.  I was trying it along with rkill and thought it was just another run of the mill scanner. Should I be concerned?  I've posted my log just in case.  Otherwise I'm not actively experiencing issues with Windows, I was just looking to run an additional scanner on top of malwarebytes before I read the disclaimer. It's a complex log (to me), but does it indicate that it found anything? Deleted anything? - - - ComboFix 13-07-31.02 - Galileo 07/31/2013  22:00:30.1.2 - x64Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.1797 [GMT -4:00]Running from: c:\users\Galileo\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.ADS - Windows: deleted 212 bytes in 2 streams. .(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Galileo\AppData\Local\Microsoft\Windows\Temporary Internet Files\{17A40C06-5822-4389-A9AA-58D64BA0CC3A}.xpsc:\users\Galileo\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C34F175-08A0-4904-A407-5B5AD36531D2}.xpsc:\windows\tmpc:\windows\tm... Read more

A:Should I not have run Combofix? Log file posted

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please run these tools and will take it from there.Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have ... Read more

2 more replies
Answer Match 42%

Hey everyone! I am new to the forum, I have just started using combofix and I have a log file but I don't know how to read it. Any help is greatly appreciated. My computer restarted so I know there must have been some infection.  Here is the log fileComboFix 14-09-05.01 - Administrator 09/08/2014  11:28:31.1.4 - x64Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6027.4494 [GMT -5:00]Running from: c:\users\Administrator\Downloads\ComboFix.exeAV: McAfeeÆ Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfeeÆ Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))...(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NETHFDRV-------\Service_nethfdrv-------\Service_NetHttpService-------\Service_ServiceUpdater..(((((((((((((((((((((((((   Files Created from 2014-08-08 to 2014-09-08  )))))))))))))))))))))))))))))))..2014-09-08 17:35 . 2014-09-08 17:35 -------- d-----w- c:\windows\Standalone System Sweeper2014-09-08 16:34 . 2010-11-16 20:01 8199504 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{837B0317-F545-499B-89E1-E3A78196BC6F}\mpengine.dll2014-09-08 16:33 . 20... Read more

A:Reading Combofix Log File

Hello webuser1001 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
 
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
 
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with o... Read more

3 more replies
Answer Match 42%

I ran ComboFix to my co-worker's computer since she's got the Antivirus Studio 2010 pop up all the time. I am attaching the log file here. I want to make sure her problem is resolved. Thanks.

A:Posting ComboFix log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Answer Match 42%

Hi All, I downloaded and ran ComboFix the other day and it quarantined a file from C:Windows/ERDNT and named it MoveEx_SysHive_Link.vir. I uninstalled ComboFix and went to delete the Qoobox folder but was denied, a popup box saying the file was in use by another person or program. Tried safe mode same result. Any ideas of what this file is or how to delete the Qoobox folder or if I should do anything. My computer is running fine nowEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix quarantined file

I uninstalled ComboFixHow?

15 more replies
Answer Match 42%

My friend Laura's Toshiba laptop (Win XP) received the WebServer virus among other things after opening a video sent to her on FaceBook. I ran ComboFix on her computer and I have a ComboFix Log File to post. Can someone who is an authority on these advise me on what to do next? Her computer is still very slow, though it wasn't before she got the virus from the FaceBook video 3 weeks ago. Thank you!

More replies
Answer Match 42%

I got a MSN trojan and ran combofix. Got the following log. Could you please review this log and see if the trojan is removed?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:47, on 09.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManag... Read more

A:Review of log file from ComboFix

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

----------------------------------------------------------------------------------------


If you still require help please post a fresh HJT log


At least one of the files showing in your log looks very nasty, it relates to an IRCBot infection

http://www.symantec.com/security_res...630-99&tabid=1

Quote:




This Trojan contains backdoor capabilities that allows a hacker to control your computer remotely using Internet Relay Chat (IRC). This Trojan also has the ability to down... Read more

1 more replies
Answer Match 42%

Many thanks in advance. My computer has been redirecting me left and right. Tried every virus scanner in the book. Nothing has helped.

A:Ran combofix, can somebody please analyze my log file?

Welcome to TSF :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:


Code:
File::
c:\windows\Bjafabafi.dat
c:\windows\Ntecafuzaca.bin
Folder::
c:\documents and settings\Matt\Application Data\krofxyltf
c:\documents and settings\Matt\Local Settings\Application Data\krofxyltf
c:\documents and settings\Matt\Local Settings\Application Data\uvvtrbqnr
Driver::
cpuz130
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

6 more replies
Answer Match 42%

 Log File.txt   14.21KB
  2 downloadsEdit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

A:Combofix log file - need assistance

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431054 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 42%

Sorry if posted in wrong section, anyway
 
Hi,
I have a problem and need help.
 
I have a file located in C:\Windows\System32\drivers  called "SPTD.sys"
I think it came from the daemon tools I'm using.
 
The problem is several days ago, my daemon tools shows an error message:
"This program needs at least Windows 2000 with SPTD 1.51 or higher Kernel debugger must be deactivated"
 
I did not install anything prior this error, so there shouldn't be any changes made voluntarily by me.
 
I cannot delete this file by uninstalling/manual delete.
Manual delete says I need a permission from me (I am the admin of this laptop and I am the only one using it). Kinda weird.. 
Deleting from registry (regedit) is no success. Registry deleted and no SPTD found but re-opening regedit will show it's back.
 
Tried File Assassin from malwarebyte, it says the file cannot be deleted or not visible by File Assassin.
 
So, can someone help me delete this file, like using a combofix perhaps?
 
Thanks in advance.
 

A:Can Combofix be used to delete a file?

Hello and Welcome -
I hope this is some of the information that you are looking for.
Do Not try to run ComboFix to remove this program / driver.
 
From BleepingComputer Data Base
 
This is a valid program that is required to run at startup.
This program is required to run on startup in order to benefit from its functionality or so that the program will work.
 
Description: Driver used by the CD Rom emulation program, Daemon Tools Version 4.
There have been some reports of problems with this driver.
 
Filename: sptd.sys
 
File Location: %System%\Drivers\sptd.sys
 
Note: %System% is a variable that refers to the Windows System folder.
By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.
 
Note - DeFogger is the name of a tool used to disable this program only while ComboFix is being run.
It is not designed to be fully removed, just disabled, during certain Malware removal operations.

11 more replies
Answer Match 42%

Hello,I recently ran ComboFix on a machine under my care and now I would like to understand what ComboFix found and the corrective action taken.Thank you,JimI have posted this question on another forum on this site more closely relating to my question. Thank you

A:need help analyzing ComboFix log file

Thank you Orange Blossom for editing my post and adding the log file. I was waiting until someone responded and requested it per the instructions. I am a new member and still learning how to use the forum correctly.Jim

8 more replies
Answer Match 42%

Hi! I am having that search engine issue where it redirects you to a different website when you search for something on google, yahoo, etc. I had AVG, and Malwarebites come back with no results. It was suggested that I install ComboFix. The program didnt finish installing, it said "please write this file down on paper as we are disabling it and may need it later" and then I started getting hundreds of errors saying that the file it disabled is needed for pretty much every application on my computer.

I looked up the file, C:/Windows/system32/msqhdhx.dll and it is apparently a VIR file, which I understand to be a virus file.

At this point I'll take the google virus if I can make this other issue go away. I get a pop up saying I need "msqhdhx.dll" for anything I open. The program will eventually open after clicking OK on the warning box for five or six rounds.

HELP, thanks!

Christi

A:ComboFix deleted a file, I think..

Hi,

I am sorry for the delay in posting to you. We have a large community, with hundreds of topics being created every day.

Do you still need help with your problem?

- If not, please tell me also.

- If so, please tell me what problems you have exactly at the moment.

-------

I see you have used ComboFix before you came to us. I want to inform you that the execution of ComboFix, without supervision from a trained helper, can have very harmful effects on your computer.
ComboFix is a powerful tool, that can, without supervision from one of us, make your system (partly) corrupt. So I advise you to don't use this tool, and our other tools, in the future anymore without supervision.

1 more replies
Answer Match 42%

Hello,

I know you?re going to yell at me ? but I ran the Combofix. I have been dealing with some kind of virus or spyware issue for at least a month (probably longer) and its just making me nuts. I have run several different types of malware identifiers and still no luck (SpyBot, MalwareBytes, Exterminator ? and others I can?t remember). I?ve also repaired the OS.

Symptoms are that about 3 or 4 months ago all but 1 of the USBs stopped responding. I can hook up one USB 4 port hub and that works OK. But the others that are in the computer don?t work. When I look at the registry it says ? BADDEVICE.Dev Then, over the past 3 ? 4 weeks the computer started to hang and now it hangs way too long. Many times it ?times out?. I kind of think that the USB issue and the hanging issue are somehow related ? but I?m not sure.

I?ve cleaned out a lot of my programs (in case that caused the hanging). I still need to disable useless programs in the system processes.

So, I was compelled to run Combofix in hopes that it would ID some covert Trojan. I?ve attached the Combofix log. Please let me know what else I need to send you and what I need to do to correct the problem. I promise I?ll wait for a response before I take a next step on this. Thanks!

A:Please read Combofix file.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

18 more replies
Answer Match 42%

I have a keylogger program installed on my computer to monitor activities on it . Unfortunately, during a Webroot Spy Sweeper scan of the computer, the program prompted my wife that there was a program logging keystrokes. She was suspicious and called Webroot who told her to install the combofix.exe program. She did and now the Keylogger has stopped working. It's still installed on the computer but somehow it has disabled the programs ability to send email reports to my office. How do I remove this program without affecting other programs on the computer?Moved from from the XP Forum. ~acklan~

A:Removing Combofix.exe File!

ComboFix is "stand alone" program. It does not get installed and it does not run all the time.
It scans, deletes any files that it "knows" are bad, creates a report and then closes.

If Spy Sweeper flagged the keylogging program, then it is likely that it has removed the files it flagged.
You may need to reinstall the program.

9 more replies
Answer Match 42%

My computer was recently infected and under recommendation, i used Combofix.
The infection was gone. But my computer got worse after using Combofix.
Many functions and files in my computer are now messed up badly.
I really regretted using Combofix, may i know how do i restore all my quarantine files?
I have uninstalled Combofix, but i still have a copy of Combofix log and the Qoobox Quarantine file.
I will be very grateful if i get my problems fixed.

A:How do i restore file from Combofix?

I suggest you go here: http://www.bleepingcomputer.com/forums/topic273628.htmland read number 5.I used ComboFix on my own and encountered problems. What should I do?With that said, the BC Staff will try to assist our members if they encounter a problem after using ComboFix on their own and ask for help. We understand that even under the supervision of an expert, something can go wrong to include false positives on critical system files resulting in unbootable machines or other issues. If such a scenario happened with you, here are some basic guidelines to follow: Start a new topic, give it a relevant title and provide a description of your problem, a summary of any anti-malware tools you have used and a summary of all steps that you have performed on your own. Please be specific and describe exactly what happened when you ran ComboFix. Include any error messages that you received. If your machine is bootable, providing a How to take and share a screen shot in Windows can be useful in helping to resolve your problem. After starting your topic, please be patient as it may take time to get an answer.If the reccomendation to use Combofix came from here then I suggest you ask the person that aided you for help and a link to the topic please.Then go to here Virus, Trojan, Spyware, and Malware Removal LogsInclude a link back to here. Read the notices at the top of the forum page and and put everything in one post so it doesn't look like someone is helping you.I am closi... Read more

1 more replies
Answer Match 42%

I have run the combofix.exe application but now need to have the expertise of this forum to review it and provide me additional instruction as to additional steps.

A:Help reviewing combofix log file

Please follow the instructions here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

1 more replies
Answer Match 42%

Just wanna be sure the Scour or Google Redirect Virus is removed from my computer.

ComboFix 12-05-25.03 - Dai 05/25/2012 18:06:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1661 [GMT -4:00]
Running from: c:\users\Dai\Desktop\pchelpforum.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 22:19 . 2012-05-25 22:19 -------- d-----w- c:\users\Wendy\AppData\Local\temp
2012-05-25 22:19 . 2012-05-25 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 22:06 . 2012-05-25 22:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD02E947-F347-4FC8-8A3F-2435C5E23097}\offreg.dll
2012-05-25 21:54 . 2012-05-25 22:02 -------- d-----w- C:\ComboFix
2012-05-25 13:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD02E947-F347-4FC8-8A3F-2435C5E23097}\mpengine.dll
2012-05-25 02:20 . 2012-05-25 02:56 -------- d-----w- c:\users&#... Read more

A:Help analyzing ComboFix File Log

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

2 more replies
Answer Match 42%

I'm attaching my ComboFix log file, please help me understand if I have (or had) a problem or not. Thanks for your help.

A:Please help reading Combofix LOG file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your ComboFix log.===Third party programs if not up to date can be an open door for an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.Please post the logs and let me know of any issues you are having with this computer.

2 more replies
Answer Match 42%

On the advice of an I.T. guy at work (a large daily newspaper), regarding Google redirects, he gave he a list of things to do to try to rectify the problem. First on the list was the run ComboFix ... which I did.During Stage_3, I got a prompt that started off " PEV.cfxxe has stopped working "I clicked the Close Program button and the program started running up through 50-some steps. It generated the log file below - but I dunno what to do with it now that I've got it or where to post it for some help or what.Thanks!+++++++++++++ComboFix 10-07-27.05 - Thomas 07/28/2010 19:11:01.1.2 - x86 NETWORKMicrosoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.1477 [GMT -4:00]Running from: c:\users\Thomas\Desktop\ComboFix.exeSP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documentsc:\users\Thomas\BitTorrent-5.0.7.exec:\users\Thomas\flac113b.exec:\users\Thomas\GoToAssistDownloadHelper.exe.((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))).2010-07-28 23:19 . 2010-07-28 23:19 -------- d-----w- c... Read more

A:What do I do with the log file after ComboFix runs?

Hello standback27Welcome to BleepingComputer Hi it is not a good idea to run Combofix unless specifically asked to by a trained helper.==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go a... Read more

1 more replies
Answer Match 42%

Hello -

I have been experiencing the vundo virus on my machine with .dll files located in my startup . I had spent several hours running my Avast antivirus to clean up however the computer has been really slow with no luck in cleaning it up. A friend of mine referred me to combofix and unfortunately didn't realize I'd be ignored if I ran the program before posting this. So anyway. I did run the combofix and many of the dll files were cleaned up but my anti virus software (Avast) pick up one - I think I'm still infected.

When I restarted my computer it had the following error - how do I insert the screenshot of the RUNDLL error?

"Error loading mokejudu.dll the specified module could not be found" then a "ok" button.

and also found this in my startup - (program name - binugeyafo Rundll32.exe "mokejudu.dll",s)

I was wondering if someone would be willing to help me out with cleaning my machine thoroughly - thanks

My apologies bleeping up the protocol.

Cory

More replies
Answer Match 42%

I have run combofix as described herehttp://www.bleepingcomputer.com/combofix/how-to-use-combofixI would like to have the logfile examined to see if the PC is still infected. also some recommendations on Antivirus and Presonal Firewall would be helpful. Wher can I get the file examined.Sorry I am a new user to the site and dont know where to post it.Thanksshn

A:ComboFix log file analysis

Combofix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Answer Match 42%

Just fixed a friends computer that was being taken over by "Security Tool" using "combofix". Attached is the log file from that proceedure.

More replies
Answer Match 42%

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

3 more replies
Answer Match 41.58%

Hi all,

So I was using Combofix and it prompted me to download an update. I did, figuring I could trust it, and when I did I lost all of my file extensions. I of course went back to a previous system restore point and everything is fine now. But I am afraid t use Combofix anymore. Has this ever occurred to anyone before? Is there some kind of virus attack that claims to be an update for Combofix? I am battling with the Vundo Trojan Horse. It is under control for now but I am keeping an eye on it. Anyways i just wanted to check and see if anyone has ever heard of this or if this should be looked into. Thanks to all for all you help!

A:Combofix causes loss of file extensions

Hi chadi and welcome to BC!ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.I think you have seen why we give this warning.As far as I know, there are no viruses posing as ComboFix updates. If you are having issues with ComboFix, I recommend one of two paths.1) View this guide: How to use ComboFix2) Follow this guide and post a DDS log in the HJT forum.That's about it. If you have any questions, please feel free to PM me. I will be happy to help you in any way I can.rigelBleepingComputer Forums ModeratorThis topic is now closed

1 more replies
Answer Match 41.58%

Where did it back it up to?

A:Combofix deleted hosts file

This is just another reason why you should only use ComboFix under supervision. HOSTS files for different versions of Windows is available for download at Bleeping computer. If using IE, you can right-click the download link, choose Save Link As..., hosts, Save as All Files and save to your desktop. If you click on the download link so it opens a web page with the hosts file information, click on File and select Save As..., then save the hosts file wiihout an extension to its default location.Windows XP HOSTS File Download LinkWindows Vista HOSTS File Download LinkWindows 2003 Server HOSTS File Download LinkWindows 2008 Server HOSTS File Download LinkWindows 7 HOSTS File Download LinkAfterwards, please do NOT run ComboFix again unless asked to do so by a member of the Malware Removal Team. Why? Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

3 more replies
Answer Match 41.58%

 ComboFix.txt   16.81KB
  4 downloads

A:who can read my combofix log file and advice me

Hello eblumor4u I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

3 more replies
Answer Match 41.58%

Combofix rewrote my host file in c:\windows\system32\drivers\etc to 127.0.0.1 local host and in so doing My Photoshop CS5 Extended is now acting like a trial version. Lucky for me I made a copy of the hosts file so I could restore it. So, prior to running Combofix check your hosts file in c:\windows\system32\drivers\etc (open with notepad) and if it has anything other that "127.0.0.1 local host" then make a copy of it and save it as hosts_original so in case Combofix overwrites your hosts file you'll be able to restore it.J.R.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Combofix rewrote my hosts file

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. What specific issues are you having that requires using ComboFix?Compliments of QuietMan7

1 more replies
Answer Match 41.58%

Hello,

I had a virus and I ran combofix because I was told to do so. Now I have to see that combofix deleted my hosts-file. And I think I even had a backup in the folder named hosts.txt but now its gone.

Now all my local website-urls dont work anymore and I have to put them in again.

Why didnt combofix make a backup? I mean it backed up everything but not the hosts-file? Or it could have rename the hosts-file.

I already searched my whole system including hidden directories and systemfiles but didnt find a backup of the hosts-file.

Is there a backup somewhere?

Thanks!
Sebastian

A:Combofix deleted hosts-file

unfortunately you didn't see the Blue text atop this forum .. What is your operating system??

7 more replies
Answer Match 41.58%

I've been having trouble with Google Chrome specifically and everyone application less specifically. My Chrome problem seems to be one that a lot of people get with the "Aw Snap, something went wrong screen." Apparently, there's not a real quick-fire fix for that. Later, after the "Aw Snap" problem, every application on my computer won't run. It will give me a message around the lines of "___.exe is a bad image." Then basically nothing will run, including Task Manager, and I have to manually restart my computer/hold down the power button.

Any help would be greatly appreciated. I uninstalled Google Chrome, ran ComboFix, will post the ComboFix log file. I've been using IE 8 since.

(The attachment button isn't working so I'm just going to post and then try to reply with an attachment.)
 

A:Bad image message, ComboFix log file

Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:10 PM, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe... Read more

2 more replies
Answer Match 41.58%

Following the advice I found on bleepingcomputer.com from a link in another forum , I have run Combofix to get rid of malware. The malware made my computer get redirected to go.google when I tried to use the internet and has eliminated several programs, including adaware, spybot, and microsoft office. At another time, the program explorer.exe was using almost all the CPU time. I am now posting the Combofix Log File, for a helper to analyze and provide advice to me for what to do next. I have previously run STOPzilla, Malwarebytes (which seemed to be effective, but only for a while and then the internet hijacking returned).Here is the Combofix log file: ComboFix 08-10-28.01 - Tom 2008-10-28 19:56:37.1 - NTFSx86Command switches used :: C:\Documents and Settings\Tom\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\autorun.infC:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\asopozugy.batC:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\ficumo.sysC:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\imyvogali.dlC:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\nezirute.regC:\Documents and Settings\Tom\Local Settings\Temporary Internet Files�... Read more

A:combofix log file review request

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Answer Match 41.58%

Hi,
I was having problems on my XPSP2 rig (lsass.exe crashed after every reboot shortly after logging in), I followed the advice on a forum post to download and run ComboFix.exe.
After the run, I now find that my hosts file has been cleaned out and now only contains the default 127.0.0.1 loopback entry...
Does combofix make a backup of my original file somewhere before screwing it up?
I am a developer and have - had! - several important entries that I'd dearly like to retrieve...

Please help!

A:Combofix Hosts File Backup?

Download and run spybot search and destroy. Google it. It will reinstall a host file of bad hosts it has designated as bad guys.

5 more replies
Answer Match 41.58%

Just a heads up... ComboFix downloads may give a file corruption error upon execution. The developer has been notified and should be addressing the problem soon. Stay tuned!

A:ComboFix File Corruption Errors

The links have been restored

1 more replies
Answer Match 41.58%

I have a combofix file but I'm not sure what it all means. But I know that something is causing my computer to run really slow and also on occasion maybe turning my ethernet port off and my wifi... Is this even possible? Or am I paranoid?

ComboFix 12-11-14.01 - CK 11/15/2012 11:29:56.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2807.1717 [GMT -5:00]
Running from: c:\users\CK\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 16:36 . 2012-11-15 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 08:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:16 . 2012-... Read more

A:Combofix file. Virus on computer.

Hello chele9, and welcome to the MRT forums! My name is bloopie and I'll be helping you with your problems as best I can! A few things to keep in mind while we are working together:If you have since resolved the original problem you were having, I would appreciate it if you let me know.If you are unsure about any of the steps just post what you can and I will guide you!Please tell me if you have your original Windows CD/DVD available.Please copy and paste all logs here unless otherwise instructed!Upon completing the steps below I will review your topic an do my best to resolve your issues.==========From your log, Combofix did not find three important files:c:\windows\SysWow64\sfcfiles.dll . . . is missing!!c:\windows\system32\drivers\ipsec.sys . . . is missing!!c:\windows\system32\drivers\psched.sys . . . is missing!!That doesn't necessarily mean that they aren't on the machine, so I'd like to get another log and then run a search to look for the missing files.Step Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:

Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.==========Step Please run Farbar ... Read more

23 more replies
Answer Match 41.58%

Hi, 
my computer is an audio workstation for music production I like to keep clean for speed purpose.
 
Like an idiot I ran combofix by mistake on my perfectly healthy system (Windows 7 x64) some days ago. The tool ran on my windows session (and not safe mode) and started running its different tests. At this time I thought I would be able to review the changes/fixes suggested by the tool before deciding to apply them or not. The thing is I wasn't able to do so and combofix put 2 dll files and 3 reg keys in quarantine among other things. I was very suspicious with this result and knew somehow these dll weren't viruses at all so I started investigating. I searched for softwares I installed the same days as these 2 files got created/modified and I've come to the conclusion that these 2 files were related to 2 of my music softwares, so I restored them.
 
Combofix also removed some windows registry keys I also restored:
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="C:\\Windows\\System32\\StikyNot.exe"
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
@="Internet Explorer"
"ComponentID"="ClearIconCache"
"IsInstalled"=dword:00000001
"Locale"="*"
"StubPath"="C:\\Windows\\system32\\cmd.exe /D /C start C:\\Windows\\system32\\ie4uinit.exe -ClearIconCache"
"Version"="11,0,9600,16428"
 
 

What really concerns me here is that I have ... Read more

A:Combofix problem, MBR_HardDisk0.mbr file

Still wondering about his! My computer is in stand by and in the meantime I cannot move forward in my work. Any help would be appreciated, thanks!

3 more replies
Answer Match 41.58%

hello there. please someone can help me with my combofix log file.
i dont know what to do with it. or maybe i dont need to send it to somewhere. some clear explanation.

A:where to send combofix log,file to anlyze

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.Since it appears you have run ComboFix please include that log as well.

1 more replies