Over 1 million tech questions and answers.

Malwarebytes crashing combofix access is denied

Q: Malwarebytes crashing combofix access is denied

Just a little background, I'm a network engineer and am pretty familair with virus/malware removal tools. I've ran malwarebytes and combofix countless amounts of times. I have not been stumped in over a year. I've got one that pretty much has me which is why I am here. I've recently ran into two PC's where combofix only gets access is denied errors. There is a dns hijack for the malwarebytes website. Once installed or even renamed before and after malwarebytes is installed it will not update, and it crashes after four seconds. There was initially a black screen with red letters saying the computer is infected.The PC is from a client, but I have it at my office to research. I am not familair with GMER etc so I just need someone to review the logs. Like I said this is the second one now at two different companies I have not been able to remove. Any help would be greatly appreciated. I have read a bit and tried a few different things suggested on these forums with similar topics. Nothing has been successful yet.Here are the logs from dds and gmer.EDIT: Posts merged ~BP

RELEVANCY SCORE 200
Preferred Solution: Malwarebytes crashing combofix access is denied

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Malwarebytes crashing combofix access is denied

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
winlogon.exe
wininit.exe
explorer.exe
hlp.dat
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

Read other 5 answers
RELEVANCY SCORE 68.8

Malwarebytes is no longer on my XP home computer, trying to install it and get "Access Denied"

A:malwarebytes Access Denied

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab a... Read more

Read other 1 answers
RELEVANCY SCORE 68.8

Hi, I've had tcrdmain.exe pop up and a number of other issues (redirecting from google) and malwarebytes seems to be recommended so I downloaded it and saved to my desktop. I had already downloaded rkill and ran it. (I'm in safe mode with networking). I also downloaded and ran the TDSS (kasperksy)but that came up with nothing. When I tried to install malwarebytes I recieved the error message "Access is Denied" Please help!!!!

A:Access is Denied -Malwarebytes

Hello.Please follow the instructions in This Guide starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.~Blade

Read other 1 answers
RELEVANCY SCORE 68.8

Malwarebytes access denied on loading program, -Redirect with firefox on google search

A:Malwarebytes access denied

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 26 answers
RELEVANCY SCORE 68.4

Running Windows 7 Home Premium.  Having lots of ads/dumb stuff popping up.  Tried several times to download Malwarebytes but unsuccessful.  Please help.  Have even tried in safe mode and no luck.
Thanks, Mary

A:Can't down malwarebytes. Error 5 - Access denied

Do you have a thumb drive (USB Memory Stick) handy?
Does your PC have two partitions, one for the operating system and another for your data?
Is there another computer in the house?
 
You don't need all of the above.
I'm feeling out what resources you have and will make the job as easy for you as possible.

Read other 3 answers
RELEVANCY SCORE 68.4

Hi, I've had tcrdmain.exe pop up and a number of other issues (redirecting from google) and malwarebytes seems to be recommended so I downloaded it and saved to my desktop. I had already downloaded rkill and ran it. (I'm in safe mode with networking). I also downloaded and ran the TDSS (kasperksy)but that came up with nothing. When I tried to install malwarebytes I recieved the error message "Access is Denied" Please help!!!!
I have attached the dds and attach logs.
 Attach.txt   13.26KB
  2 downloads
 DDS.txt   23.22KB
  4 downloads

A:Malwarebytes-Access is Denied/tcrdmain.exe

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 3 answers
RELEVANCY SCORE 68.4

I've removed volsnap rootkit. I've restored the missing start menu folders and shortcuts out of the smtmp folder in the temp directory. But now it appears that what ever version of this fraud virus that was on here is, it has changed the permissions on some of the folders so that i can't install Malwarebytes and/or update the version that is already on the computer. When I try to run Malwarebytes update, it says its already up to date which i know is incorrect, and the date is blank under the current database information section.When I try to reinstall mbam-setup.exe, the install makes it to the part where it says "Saving uninstall information...", and windows pops up a Setup window, "Access is denied". I hit ok and another window pops up, "Error", "Setup was not completed. Please correct the problem and run Setup again", I hit ok, and the computer roles back the installation.How can I fix the permissions? And I fear I probably need to fix the permissions on more than one folder....Here are the contents of the dds.txt file. .DDS (Ver_2011-06-12.02) - NTFSx86 NETWORKInternet Explorer: 8.0.7600.16385Run by ROB at 10:29:45 on 2011-06-18Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3061.2229 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.ex... Read more

A:Access Denied when installing Malwarebytes

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 8 answers
RELEVANCY SCORE 67.6

OK,

Windows XP sp3

heres the problem,
All search engine results take me to various other sites. Malwarebytes wont run. Sometimes regedit wont run. I downloaded spyware doctor, and superanti spyware the first one runs but doesnt fix the problem the second one will not run now. it did one scan and now does not work. I have mcafee on the system . it was not updated, but is now.

I have spyware doctor and mcafee both running. Spyware doctor will scan and find things like trojan-downloader agent, but the trojans com right back after it says they are removed. Mcafee cannot scan.

after reviewing your site i tried to download and install malwarebytes. it loaded but the scan gets a few seconds in and then shuts down.

Ill take any help u can offeer.

thanks,
Brad

A:trying to remove malware-malwarebytes access denied

Try disabling McAfee before running MBAM and SAS.1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent.Note: If using Free version, ignore the part about putting in your license key and activating.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your... Read more

Read other 14 answers
RELEVANCY SCORE 67.6

I installed Malwarebytes' about 6 weeks ago. I ran it today and it went through the updates download. Near the end I receive an error "PROGRAM ERROR UPDATING (5,0,CreateFile) Access is Denied" Has anyone else had this problem?

A:Malwarebytes' Update Error - Access Denied

Hi,

This isn't really the right place for MBAM questions. Are you still there?

Read other 5 answers
RELEVANCY SCORE 67.6

I'm using a Dell laptop running Windows XP Professional.
Both AVG (ver 8) anti-virus free and Malwarebytes found a "Trojan horse Downloader.Zlob_r.CR" called "a.exe" in the following directory: C:\Documents and Settings\"username"\Local Settings\Temp\a.exe. Only AVG found a "Trojan horse Generic8.ACDJ" at C:\Downloads\Deep Freeze Unfreezer\Win2k_XP\DeepUnfreezer1.6.exe. AVG could not "heal" the files and said "access denied". Malwarebytes also couldn't remove it.

When I went tried to open the "username" folder in Windows Explorer it will not open and says "Access denied". The same happens when I try to open the "Deep Freeze Unfreezer" folder. I have tried opening these folders in Safe Mode with command prompt and I get an "Access is denied" message again.

Also, neither AVG (version 9, now) nor Malwarebytes find any virus.

Here is the HighJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:24 PM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
... Read more

Read other answers
RELEVANCY SCORE 67.2

Ran Combofix recently and received several notifications that access was denied at several stages. Here are the details:
  /wow section - STAGE 8
Access is denied.
 /wow section - STAGE 25
Access is denied.
 /wow section - STAGE 50
Access is denied.
SED: can't read temp4601: No such file or directory
Access is denied.
 
Also Combofix told me that the Netlogon.dll was infected. here is the detail for that:
 Infected copy of c:\windows\system32\netlogon.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\netlogon.dll
 
I am NOT a Combofix expert and seek an experts opinion on what to do to correct the above denied entries. Help would be appreciated...
 
NumenorEdit: Moved topic from Am I infected? What do I do? to the more appropriate forum, due to the inclusion of ComboFix issues in the topic. ~ Animal
 
~ Animal, please tell me which forum you moved my question to? I can not seem to located it. It would have been helpful if you simply stated which forum it was moved to...Thanks very much - Numenor

A:Combofix indicates "ACCESS DENIED" to certain folders. Now what?

Here is the additional information the administrator needed: (DDS and Attach logs).
 
I have the original Windows CD/DVD

Read other 5 answers
RELEVANCY SCORE 67.2

i'm running vista home premium w/ svc pack 1 on a dell dxp061 1.8 ghz processor, 1g ram, 220g hard drive approx 20% full. I've activated the administrator account through the "c:\" prompt, logged in as the administrator, disabled macafee, downloaded combofix to the administrator desktop, ran it as an administrator and continue to receive the "must have administrator priviledge to run tool" message. Any suggestions?

Read other answers
RELEVANCY SCORE 66.8

hi,

Seem to be infected by windows xp repair as acting exactly as described in virus,spyware, & removal guides, including hiding all the files.

I am in safe mode and have tried to follow the automated removal instructions but both rkill and malwarebytes start but then say access denied. Have also run tdsskiller but says clean?

I have now followed the guide for requesting help and have pasted the dds text report but seem not to beable to attach the other two logs?.

Reading another post about XP security 2012 (same type of infection?) it says run fixexe.reg before rkill. I have not tried to run fixexe.reg...should I? and I have not disabled avg.

Thank you very much in advance for your help.

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:21:21 on 2011-06-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3037.2578 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService... Read more

Read other answers
RELEVANCY SCORE 66

This is the trojan that looks like it's trying to fix you computer - and it causes files to disappear and error messages etc.

Before I realized how deep this rabbit hole goes I ran a scan with MSE and it discovered a fakesysdef trojan which it removed but still I can't view my files.

After that I downloaded malwarebytes but it won't install - I am getting an "Access is denied" error.

Attached is the output from DDS.

A:Display Recovery + fakesysdef + malwarebytes install Access is denied

It turns out that I got it all put back together. MSE removed the virus that hid all the files and shortcuts so it didn't start up after a fresh boot. After that I ran mbam-clean.exe to resolve the malware bytes install access denied error. Then I installed malwarebytes, did a scan and removed one infection in the registry. Next I ran unhide.exe to restore visibility to all my files, desktop, etc. The only things missing were start menu items (All programs was fully restored) and the task bar items. Maybe MSE gobbled them up.

Anyway - all is well.

Read other 3 answers
RELEVANCY SCORE 63.6

To start, my problem appears very similar to another user's thread:
http://www.bleepingcomputer.com/forums/t/603428/computer-crashes-when-playing-games/
 
I am having problems with multiple programs either dropping to the desktop or completely locking up the computer. When logged, Windows event viewer and program logs will always have them exiting with 0xC0000005.
 
I have to date:
 
Monitored temperatures using HWMonitor. CPU / Motherboard / Memory look alright, the videocard (AMD R9 290X) will get up to about 85 degrees Celsius, but from what I'm reading the card normally runs hot under load and this is to be expected.
 
Booted x86MemTest on a USB stick, completed with no errors.
 
Used Prime95 and FurMark to stress test the CPU and video card, with no problems encountered.
 
Verified all drivers are up to date, played around with compatibility settings for some of the programs.
 
I had chalked the problem up to Windows 10, until I tried the same applications on another computer in the house also running windows 10 without problem.
 
Looking at other threads on this forum, I've pre-emptively attached the BSOD inspector report. Please let me know if there is other actions you wish me to take, and know that I am humbly grateful for any assistance that can be given.

Read other answers
RELEVANCY SCORE 54.8

I had the mystart malware, got malwarebytes and combofix, and dealt with the nasties.

However now my computer is sluggish, programs hang or stop running, and I can't watch videos on news.bbc.co.uk, or on yahoo. Takes a bit of time to login to mail, etc.

I used Norton Power Eraser the other day, and it showed Combofix as the problem, but when I try to uninstall using the instructions on bleeping I get a "not found" message. I'm running Windows 7.

HELP!

A:Ran Combofix, Malwarebytes, cannot uninstall combofix

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

I have a Dell Dimension 2400 Intel Pentium running Windows XP  sp3 and have been getting tons of junk mail. I ran Avast, malware bytes &spybot. Nothing found. So I started looking through the Dell help on my computer. I'm not as savvy as I'd like to be and while trying to fix the issue myself I did something that I shouldn't have. First, I tried system restore to go back to a later date but it wouldn't let me no mater which date I tried. Then,I followed a suggestion regarding the registries. HUGE mistake! Now my computer is stuck in a boot loop. I obviously need to repopulate my hives but have no idea how. When the computer starts the Windows XP logo pops up. Then a box pops up saying lsass.exe access denied a proccess has requested access to an object, but has not been granted those access rights. When I click ok It restarts. The Dell logo pops up then the Windows XP logo and then the access denied again. Ive tried to start in last known good configuration. Safe mode. System restore. But, i keep ending back in the loop. So, I tried ordering some disks that I thought may be able to help while I've been reading through threads for information. I don't have any of the original software for this cop, I purchased it used a few years ago. But, I purchased a Knoppix 7.6.1., and system rescue from same CO, & 2 CDs off eBay Windows XP 64 bit & 32 bit as I wasn't sure which was the one I might need. But the were being sold as disks for this... Read more

A:lsass.exe Access Denied a process has requested access to an object, but has not been granted those access rights

Windows XP has reached end of life 2 years ago... It is an insecure Operating System and should no longer be used especially online.
The Dimension 2400 is weak hardware (Pentium 4 Processor, IDE hard drive, DDR RAM) from 2003! so 13 years old! Its not worthwhile running a modern Operating System on it and below minimum system requirements.
If on a budget you are best to buy a second hand OptiPlex 780 with a Windows 7 OEM license (which can be used for a free Windows 10 upgrade).

Read other 1 answers
RELEVANCY SCORE 50.8

I have learned a fair amout here by doing some reading. What I have? I don't know. Combofix found these two rootkitswindows/sys32/drivers/msqpdxesiwwfr.syswindows/sys32/msqpdxqftpiemp.dllThe problem is whatever it is causes errors in AVG and it will not finish. I uninstalled AVG and went to download it again. The page was redirected several times to a page saying Google could not find the download. I tried several more times and finally I got to a download page but when the download box popped up all that was in it was INDEX.PHP. I went to another computer and made a CD with AVG on it and tried to install it. Each time I try I get errors and the install stops. Below is my HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:59:47 AM, on 1/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Seagate\Schedule2 ... Read more

A:Malwarebytes and combofix won't help this one

After reading a thread here that recommended running F-Secure online, below is the report from thatResult: 5 malware foundAdware:W32/AdRotator.GEQ (spyware) System Backdoor.Win32.Bifrose.agym (virus) C:\DOCUMENTS AND SETTINGS\J\MY DOCUMENTS\EVI-ELIM\EVIDENCE_ELIMINATOR_V6[1].01_BY_SHANU\EVIDENCE ELIMINATOR V6.01\INSTEELM2.EXE (Renamed & Submitted) Packed.Win32.Black (virus) System TrackingCookie.2o7 (spyware) System W32/Packed_FSG.D (virus) C:\DOCUMENTS AND SETTINGS\J\MY DOCUMENTS\MYEBOOKS\DVDFAB-GOLD-4[1].0.3.2-CRACKED_CIM\CIM.NFO.VIEWER.EXE (Submitted) --------------------------------------------------------------------------------StatisticsScanned:Files: 23762 System: 3351 Not scanned: 6 Actions:Disinfected: 0 Renamed: 1 Deleted: 0 None: 4 Submitted: 2 Files not scanned:C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM --------------------------------------------------------------------------------OptionsScanning engines:F-Secure USS: 2.40.0 F-Secure Hydra: 2.8.8110, 2009-01-02 F-Secure AVP: 7.0.171, 2009-01-02 F-Secure Pegasus: 1.20.0, 2008-11-17 F-Secure Blacklight: 0.0.0 Scanning options:Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF V... Read more

Read other 16 answers
RELEVANCY SCORE 50.8

thought i would post a thank you, as this forum and its security software has saved my pc so meny times
since the descovery of your site i have not need to reinstall windows
 
so Thanks so so much, keep up the grate work
nick

Read other answers
RELEVANCY SCORE 50.4

I'd like to put a .cmd file in my c:\Documents and Settings\All Users\Start Menu\Programs\Startup directory, but \Documents and Settings has a lock on it and tells me "Access denied" when I click on it. Is this a job for "Take Ownership" or is there another way? The instructions for "Take Ownership" say not to use it on the C drive, but it's not clear if that applies to the whole drive, or individual files/folders on it. Thanks.

A:"Access denied:" How to overcome denied access to a folder

That is the incorrect path. No need to mess with permissions, I'd advise leaving them alone.

The path you are looking for is C:\Users\<your user account>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Read other 7 answers
RELEVANCY SCORE 50.4

This computer has an infection that seems to recognize all detection/removal tools, and it is not tricked by renaming files like combofix.exe -> random.exeCraziest thing about it is that if I rename something like hijackthis, it will run for a moment, then the virus recognizes it, kills it, and won't let me open the file again. It learns to block the filenames - a windows error comes up with something like "cannot find the specified path or file" once the virus knows what I have renamed it to.Background story: I was handed a laptop that was getting to the welcome screen, playing the windows startup sound, and then just sitting there with a blue screen. I found that task manager worked, and i was able to run tasks using it. I can get to websites using the address bar in iexplore, but noticed google search result links were all being redirected. So I knew there was an infection.I have tried:combofix- when renamed to something like "abcd.exe" the little combofix loading box shows up, but when the command prompt window should appear, the program closes.hijackthis - when renamed, hjt starts, but as soon as I start a system scan, it closes. If I try to open the renamed file again, windows says it cannot find it.malwarebytes antimalware - i renamed the installer file, installed it to a renamed directory, renamed the executable, but it would not open. Instantly killed.mgtools - same general ideasuperantispyware - samesdfix, smitfraudfix - samerootrepe... Read more

A:Infected PC can't run combofix, malwarebytes, etc

I tangled with a new variant of the Braviax a couple weeks ago on a customer's Dell. I have been doing this for awhile and this was one of a few to beat me. I disabled the Braviax easily but couldn't fix all of the changes and disable/delete other malware that got downloaded. I removed the drive, hooked it to a USB adapter, hit it with every scanner I had, no luck. I finally got smart, backed up 14 gigs of user docs and pics, formatted and reinstalled XP. Sometimes it's the best way, but I still hate getting beat by that stuff.

EDIT: I tried every trick I knew to get ANY antivirus/malware scanner to run, and it was a no go. I could eventually install Malwarebytes but it would run for 10 seconds, stop, and spit out a clean log.

Read other 4 answers
RELEVANCY SCORE 50.4

For 2 days now i've been trying to fix this issue. Normally I can figure it out by looking up other people's issues online, but this one I am at a hault and need help. I've tried renaming malwarebytes and still haven't gotten it to run. I've ran Noadware CCleaner and Antivir already. Still Malwarebytes will not run or reinstall. Please help me, thank you.

attached is the hijackthis log.

A:Malwarebytes/Combofix will not run, Hijackthis log (please help!)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

Good afternoon,When i try to run malwarebytes, spybot or combo nothing happens... here is my newest hijackthis log... please helpLogfile of Trend Micro HijackThis v2.0.4Scan saved at 4:11:15 PM, on 08/15/10Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17080)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Intel\Wireles... Read more

A:Cant run Malwarebytes, spybot or combofix

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.4

Hi all,

My name is Leonie and would love some help. Thank you in advance to any one willing!

My sister has been having problems with her PC and I said I would take a look at it for her.

I have run:

CClean
Rkill: Which shows \\.\globalroot\Device\svchost.exe\svchost.exe
TDSS: Which keeps showing a file name vbmaf29c.sys I have done the skip like it says and then reboot, but it is still there and have also tried deleting it but its still there.

I have tried malwarebytes but everytime I go to do a scan it shuts down after a few secs in to the scan.
I have also tried combofix but it will not even open.

Everthing I have done so far I have tried in normal mode and safe mode but both end the same.

Again, thank you in advance!!!!

Regards Leonie

A:Malwarebytes & combofix not working

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

I have 2 problems but I think thea are connected somehow:
1. links at google.com are redirected to 2 porno sites (only 2, zumvideo.net and uniporn.ru)
2. combofix and malwarebytes failed to start without any error in event log and doesn't rise error level in command line

I am running Windows XP Professional SP3 x32 English with few updates. I am using Symantec Antivirus 10.0.0.359 which is up-to-date and Windows Firewall (but it was disabled till now).

How it started:
1. I noticed the presence of user with name pywl$ on my computer, I deleted it. After a while this user appeared again, I deleted it 1 more time. I didn't see that user since then.
2.Yesterday (04.06.2009) I searched something in google then Symantec Antivirus showed the pop-up meaning that he deleted 4 viruses: Hacktool.Rootkit, Backdoor.Trojan, Backdoor.Tidserv, W32.Tidserv.G (in Symantec terminology). Removal of one of these required reboot of my machine.
3. After reboot links at google.com and windowsupdate.microsoft.com were redirected to porno sites mentioned above (both in Firefox and Internet Explorer 7). Virus set incorrect DNS addres in properties of my network connection, I removed it and restore previous settings.
4. Then I ran full scan of my system drive. Symantec found SecurityRisk.ProxyDNS and cleand it successfully.
5. Windows System File Protection showed an message that %systemroot%\system32\drivers\beep.sys was replaced by file with incorrect version. I inserted disk and... Read more

A:combofix and Malwarebytes failed to run

Additional info: keys hidden from Windows API are visible in regedit now, I don't know how/why they turned to be visible. HKLM\System\ControlSet002\Services\gxvxcserv.sys key is empty but HKLM\Software\gxvxc contains interesting info:[HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc][HKEY_LOCAL_MACHINE\SOFTWARE\gxvxc\disallowed]"avp.exe"=hex(0):"klif.sys"=hex(0):"mrt.exe"=hex(0):"spybotsd.exe"=hex(0):"sasdifsv.sys"=hex(0):"saskutil.sys"=hex(0):"sasenum.sys"=hex(0):"superantispyware.exe"=hex(0):"szkg.sys"=hex(0):"szserver.exe"=hex(0):"mbam.exe"=hex(0):"mbamswissarmy.sys"=hex(0):"pctssvc.sys"=hex(0):"pctcore.sys"=hex(0):"mchinjdrv.sys"=hex(0):"avgfwdx.sys"=hex(0):"avgldx86.sys"=hex(0):"avgmfx86.sys"=hex(0):"avgrkx86.sys"=hex(0):"avgtdix.sys"=hex(0):"hijackthis.exe"=hex(0):"combofix.exe"=hex(0):I downloaded new version of RootkitRevealer by sysinternals and run it again. Among other files and keys it found %systemroot%\system32\drivers\gxvxccoirqrdbbmludjnkxymqlviubrpntsewq.sys, Symantec Antivirus recognized this as Backdoor.Tidserv and deleted this file right away.Now I have gxvxckbwukgbivdnkftvjvtiwhdudomyhbqhe.dll and gxvxcxmynqhkymyqpxjrwwasfuoqbhtkiwsdd.dll files with 04.06.2009 as last modification date... Read more

Read other 4 answers
RELEVANCY SCORE 50.4

My question may have been asked already but I cannot take the time to see if it has. My computer was assaulted with popups on top of popups interfering with my surfing. I wrote to Malwarebytes and received a reply from Arthur Wilkinson with instructions on how to download RSIT and attach the log to a reply. I did so and he further suggested I run ComboFix. My problem for which I'm requesting help is disabling Malwarebytes to comply with instructions on how to disable my Windows Firewall and BitDefender.

I cannot find Malwarebytes included in the list and there are no instructions on how to do it.

How do you disable Malwarebytes?

A:I need help with ComboFix: Disabling Malwarebytes

Please note the message text in blue at the top of this forum.ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.You should either Start a new topic in the Am I Infected forum or follow these instructions. Preparation Guide For Use Before Using Hijackthis This topic will now be closed.

Read other 1 answers
RELEVANCY SCORE 50.4

On Windows7 Pro,  trying to run IIS.  The way I am used to execute is  on the browser "localhost".  I used to have the code in the directory  C:\inetpub\wwwroot.   Even before I copy,  I am hoping to see
the image IIS welcome page.  Once it is successful, want to copy the code as that was the way I used to do in Window XP.    However I am getting the following message.  I have administrator access to the machine and gave full permissions
to the folder  'C:\inetpub\wwwroot'.  Still the same message. 
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to 'C:\inetpub\wwwroot'.

Can someone help me to address this issue.  Thanks a lot in advance. 

A:Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to 'C:\inetpub\wwwroot'.

Hi,


You can click the IIS hyperlink in my previous post or using this one

http://forums.iis.net/


Regards,

Vincent Wang
TechNet Community Support

Read other 19 answers
RELEVANCY SCORE 50

Since installing Windows 8, I have been having sporadic problems with access denied. Examples follow:

PIMEX is a Personal Information Manager that I have been using through several generations of Windows. When I first converted to Windows 8, this program worked with no problems. Now, however, when I try to open the program, I get the message "PIMEX database could not be opened. Error message: permission denied". If I use the Control Panel to uninstall the program, and then reinstall the program, I am able to open it normally and work with it and use all functions. Once I close the program, however, and try to open it again, I once again get permission denied.

PaperPort is a program that manages scanned images. The program can scan either photos or text documents. If text is selected, the program creates a PDF file that the user names. These scanned files are then stored in PaperPort folders. When I try to display one of these files, PaperPort invokes PDF Viewer Plus (included with the package), and I get the message access denied. If I try to use the Windows 8 Reader to display the file, I get a "Sorry, can't display this file message". Likewise, I cannot display the file using Adobe software.

I have a HP Photosmart Premium printer which also is a scanner. If I use the HP Solution Center to scan a text document, I am able to scan the file without problems, but when I try to Finish and write the file to my hard drive, I have the same permissions problem ... Read more

A:Access Denied ...Permission Denied

Try running the programs as administrator or try to change the compatibility settings and run it for a previous known working windows edition. Thanks.

Read other 1 answers
RELEVANCY SCORE 50

So, my friend's computer is loaded with a bunch of rootkits, trojans, and viruses. I tried accessing SuperAntiSpyware, Malwarebytes, and other spyware/malware problems, but none of them opened up. I tried ComboFix, but nothing was showing up within the command prompt. And at first, I wasn't able to install and access HJT, but I had able to find a loophole and here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:02 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
... Read more

A:Friend's HJT log... Unable to run ComboFix, Malwarebytes, etc.

Oh and also, I wasn't sure if I can download DSS due to that rootkit within DSS. I wasn't able to find a download link anyway. >_>

Read other 2 answers
RELEVANCY SCORE 50

Hi,

First please forgive the format in which this post is written. I'm typing as I'm talking to my dad 1000 miles away.
He had some type of rogue, he can't remember the name exactly (he thinks it was something like Windows XP Virus Scanner). It was the typical fake looking virus scanner.

He went into safemode, ran CCleaner first, then Malwarebytes, it updated then he ran the full scan. Found stuff and removed it. Then then ran combofix, it updated then installed MS Rec Cons, and deleted a bunch of stuff. He wasn't paying attention and doesn't know if combofix rebooted or not. The log popped up, while he was reading the log, the little message box that pops up when you first get into safemode popped up, and when he closed it all he had was a black screen with the safemode word in all 4 corners. He then rebooted into windows, where all that was visible was the wallpaper. The startup sound was a little delayed. And there was no task bar.

He was able to get the taskmanager to pop up. Tried new task, explorer with no results. Was able to locate notepad, pulled up the combofix and malwarebytes log and saved to thumb drive. Emailed me the logs if needed here.

Dell Inspiron 8200
Running Win XP SP3

Any help would be greatly appreciated
Robert

A:Combofix / Malwarebytes killed my dad's computer

Hi,

Sorry if I appear impatient, I just don't know what the avg turn around time is for assistance, just didn't want to accidently get missed.
Thanks

Read other 4 answers
RELEVANCY SCORE 50

I like to occasionally run Malwarebytes. This time however it seemed to be take much too long so I ran Combofix. Combofix found rootkit.zeroaccess. Combofix restared the computer once, ran and hopefully took care of the rootkit. Just to make sure I also ran Tdsskiller and Webroot's antizeroaccess.exe They both found nothing. A tried to run Malwarebytes and went to bed. Came back this morning to find that Malwarebytes was still running 7 and a half hours later. I tried combofix again but it doesn't seem to work at all. Has the rootkit corrupted these files? Any guidance would be greatly appreciated. Thanks for your help.

A:Rootkit killed Combofix & Malwarebytes?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 6 answers
RELEVANCY SCORE 50

hi,
 
i had a browser redirect virus on the machine running win 7 64 bit
 
after running combofix and malwarebytes , I now can only run in safe mode , when booting into normal mode I have got the following BSOD
 
120814-44819-01.dmp 08/12/2014 10:18:09 KMODE_EXCEPTION_NOT_HANDLED 0x0000001e 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 ntoskrnl.exe ntoskrnl.exe+75b90 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.18409 (win7sp1_gdr.140303-2144) x64 ntoskrnl.exe+75b90 C:\Windows\Minidump\120814-44819-01.dmp 2 15 7601 271,488 08/12/2014 10:38:18
 
 
 

120814-37721-01.dmp 08/12/2014 10:39:49 BAD_POOL_CALLER 0x000000c2 00000000`00000007 00000000`0000109b 00000000`e007000c fffffa80`04d5c480 fltmgr.sys fltmgr.sys+10d81 Microsoft Filesystem Filter Manager Microsoft® Windows® Operating System Microsoft Corporation 6.1.7600.16385 (win7_rtm.090713-1255) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\120814-37721-01.dmp 2 15 7601 274,672 08/12/2014 10:41:15
 
120814-34211-01.dmp 08/12/2014 11:01:10 BAD_POOL_CALLER 0x000000c2 00000000`00000007 00000000`0000109b 00000000`e0200020 fffffa80`048fd4e0 netbt.sys netbt.sys+33285 MBT Transport driver Microsoft® Windows® Operating System Microsoft Corporation 6.1.7601.17514 (win7sp1_rtm.101119-1850) x64 ntoskrnl.exe+75bc0 C:\Windows\Minidump\120814-34211-01.dmp 2 15 7601 274,616 08/12/2014 11:02:46
 
 
&... Read more

A:BSOD after running combofix and malwarebytes

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Read other 1 answers
RELEVANCY SCORE 50

Working on PC with XP Home. Norton internet security 2009 disabled to point where only element with any response was uninstall and this simply went through motions without doing anything for 2 hours. No internet access via any browser although could ping google!

I finally uninstalled Norton via safe mode - on reboot internet explorer takes me back onto net! Suspicious - yes. So loaded Malware anitmalwareytes, combofix and hijackthis from usb. Double click on item - nothing. Go onto internet and try to download combofix on infected PC - am redirected to ebay and youtube.

None of the usual artillery works - what is blocking - and how do i circumvent the clear defence to known antimalware? It also won't let me run Spybot.

Thanks "guys"
 

A:Norton wiped out and malwarebytes/combofix can't run

Can answer my own questions.....it is a rootkit. Have run "rootrepeal" and wiped out 3 drivers hidden from API plus a hidden dll. Can now access Combofix/Malware Antimalwarebytes........will kill the thing! Rootrepeal process is not for beginners....
 

Read other 1 answers
RELEVANCY SCORE 50

I have tried to use Malwarebytes, Combofix, Hijack This, and Symantec's VundoFix utility and cannot remove infected files, any help would be appreciated. Thank you. Here is my DDS.log file:DDS (Ver_09-03-16.01) - NTFSx86 Run by Jeff at 9:55:12.87 on Tue 04/07/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1511 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated)FW: *disabled*FW: Norton 360 *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\HP Wireless Adapter\HPWLAN.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXEC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Fi... Read more

A:Malwarebytes and Combofix will not remove Vundo.H

Hello.Combofix Warning:Combofix WarningComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.Please delete Combofix.exe you have, and follow the instructions below.Download and Run CombofixImportant: Before we start please disabe any anti-virus programs or any real-time protection that is enabled.Please refer to this page if your unsure how.Please follow the instructions for running Combofix from herePlease read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Download the appropriate Windows XP setup boot disk and drag it on Combofix like the image below:
Follow the prompts to start ComboFix and when prompted, agree to the E... Read more

Read other 3 answers
RELEVANCY SCORE 50

Started with Google results redirecting in firefox (which I assumed was a go.google virus), but since having tried to fix this the problems have escalated - Malwarebytes and Combofix both fail to run (Mb entirely, Cf 'encounters a problem' upon run). All folders are intermittently made 'read only'. Computer occasionally fails to start properly (a blue screen of some sort, which then reboots). Please help - I'm in exam season and need this computer to work properly!

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.372 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sams... Read more

A:Combofix and Malwarebytes fail to run, various other problems.

Did MBAM install/update but just will not launch? Has it ever run successfully?

Some malicious software will not let things run (appear as a task in Task Manager) just by their name alone.

The malware does not want you to run anything that might help you remove it. That would include the AV programs it knows about like (mbam.exe) and other things, like regedit, cmd, rstrui, etc. and will redirect you away from sites that might help you remove it.

It would be interesting to see if you can run regedit and cmd from Start, Run...

I have not yet encountered a case where ComboFix would not run, but it would not surprise me. I have even seen a case where test.exe would not run (cute malware).

If MBAM is installed, try renaming the executable mbam.exe something else - like redhand.exe and see if that will run.

Try the same approach for other detection/removal tools - especially those that used to work and now don't.

Read other 6 answers
RELEVANCY SCORE 50

A month ago I noticed I was getting a lot of browser redirects and popups in firefox and IE (winxp pro w/ sp2) so I downloaded malwarebytes and it seemed to fix the problem. Recently though, the redirects started again and I went to try and run malwarebytes and it wouldnt run. I've tried reinstalling and not even the installer will run. Now I'm blocked from going to any of the online help sites like atribune.org, bleepingcomputer (i'm on a different pc right now), any of the free online scanners, and any of the anti-spyware software sites. And I've tried downloading different browsers like chrome and opera and they seem to be infected too. I tried downloading hijack this and combofix on this computer and transferring them to the infected pc but the installers will not run. What can i do to fix this?

A:Hijackthis, malwarebytes, and combofix wont run!

Hello please try these steps.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run. ***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

Read other 1 answers
RELEVANCY SCORE 50

I am experiancing the dllhost.exe issue which is opening invisible instances of Internet Explorer and Google Chrome. I have run combo fix, Malwarebytes, and Rouge Killer to no avail. Any help would be appreciated.
 
 

A:DLLHOST.EXE Issuse Malwarebytes no help Combofix no help. Please!!

I re-ran combo fix in safe mode last night and nothing was found. Has anyone else had this issue? I really need to have this computer up an working really quickly. I am so frustrated that I am really close to F: Disking this thing and calling it a day. Help Please!

Read other 4 answers
RELEVANCY SCORE 49.2

Help... I seem to have picked up one humdinger of a trojan and I need to remove it manually, since it blocked all my scanning software. whenever I try to go to this or similar website, it redirects me to some viral site.whenever I try to boot up any of them, it is just silence and nothing. it started with a fake red x in a circle in the corner telling me I was infected. I removed any traces of that brastk.exe as best I can, but everything is still blocked.what the hell do I do?Here is my hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:37 AM, on 11/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\Program Files\Windows Defender\MsMpEng.exeF:\Program Files\Lavasoft\Ad-Aware\aawservice.exeF:\WINDOWS\Explorer.EXEF:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exeF:\WINDOWS\system32\kmw_run.exeF:\WINDOWS\system32\kkw_run.exeF:\WINDOWS\system32\RUNDLL32.EXEF:\Program Files\Java\jre1.6.0_04\bin\jusched.exeF:\Program Files\Windows Defender\MSASCui.exeF:\Program Files\Spybot - Search & Destroy\TeaTimer.exeF:\Program Files&#... Read more

A:spybot, combofix, malwarebytes, google blocked

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

jedi

Read other 1 answers
RELEVANCY SCORE 49.2

I apologize for not following the prefered route to a posting. I would like permission to submit a ComboFix report as well as any other help you may deem necessary.
Brief introduction to the problem:
My laptop has been getting sluggish for some time. My efforts to reverse that included:
*Replacing Norton anti virus and an old ZoneAlarm with the latest ZoneAlarm Extreme Security (ZAES)
*Almost daily scouring of my programs / files to remove unnecessary deadwood.
Last week I started noticing search redirection from Yahoo and Google to garbage search substitutes. Virus scanning proved helpless. I went the ZoneAlarm forum which recommended a deep scan in safemode with ZAES. Done, but nothing found. Then they recommended Malwarebytes. Scan found and removed 6 infected documents (log file available). I thought I was done. This weekend my search tools were hijacked with a vengeance (both Yahoo and Google). The issue accelerated: early yesterday I could still open Safari (which I thought was more resistant to bugs). By the end of the day I cold no longer open Safari at all. I chatted with ZoneAlarm tech support. They pointed me to the Combofix approach. This morning I tried to get to the BleepingComputer site but IE refused to take me there. I was getting pretty desperate. The last thing I tried was a private browsing session started from within ZAES which succeeded to take me there and allowed me to follow the recommended process.
Please let me know how to proceed.
Thanks

A:ZAES to Malwarebytes to ComboFix Search Hijacking

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 25 answers
RELEVANCY SCORE 49.2

Hi,

A few weeks ago, this windows xp pc started working slowly while playing facebook games and youtube videos. I have antivirus installed (Norton trial version). I tried uninstalling the Adobe Flash, installing older versions, clean uninstall, unistall&reinstall drivers, mozzilla firefox, but nothing seems to work. I downloaded Malwarebytes and doesn't work to run it, the error says: System cannot find the path specified. I tried to follow some instructions from malwarebytes website, like running rkill and some other things, but still doesn't work. I tried to install Combofix but I get an NSIS error: Error launching installer.

Here you have the FRST.txt log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Sabin (administrator) on MUCA (04-09-2015 11:55:19)
Running from C:\Documents and Settings\Sabin\My Documents\Desc?rc?ri
Loaded Profiles: Sabin (Available Profiles: Sabin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologi... Read more

A:Adobe Flash not working, Malwarebytes and Combofix can't run

2055-06-15 01:37 - 2001-08-23 15:00 - 00070656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\korwbrkr.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00059904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imkrinst.exe
2055-06-15 01:37 - 2001-08-23 15:00 - 00057398 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdadm.exe
2055-06-15 01:37 - 2001-08-23 15:00 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nextlink.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00048256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w32.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00047066 ____C C:\WINDOWS\system32\dllcache\ksc.nls
2055-06-15 01:37 - 2001-08-23 15:00 - 00045109 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpuex.exe
2055-06-15 01:37 - 2001-08-23 15:00 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmig.exe
2055-06-15 01:37 - 2001-08-23 15:00 - 00041600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm9aw.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00036927 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs411.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb6w.dll
2055-06-15 01:37 - 2001-08-23 15:00 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma3w.d... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

Even when I format my computer, the SOB returns to haunt me. I also tried installing Zone Alarm before even connecting to the internet after formatting, but I can't -- since Zone Alarm requires SP1.Below you will find the dds logs (DDS and ATTACH). In the next post you'll find my ComboFix logs.DDS (Ver_10-03-17.01) - NTFSx86 Run by s.bq at 12:19:53.95 on 27/03/2010Internet Explorer: 7.0.6000.16386Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.2.1033.18.3326.2733 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explor... Read more

A:Browser Hijacker Immune to ComboFix, Hitman Pro, Malwarebytes, and others

Here are the ComboFix logs:ComboFix 10-03-26.02 - s.bq 27/03/2010 13:15:55.2.4 - x86Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.2.1033.18.3326.2583 [GMT -4:00]Running from: c:\users\s.bq\Desktop\Combo-Fix.exeSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))).2010-03-27 17:18 . 2010-03-27 17:18 -------- d-----w- c:\users\s.bq\AppData\Local\temp2010-03-27 17:18 . 2010-03-27 17:18 -------- d-----w- c:\users\Public\AppData\Local\temp2010-03-27 17:18 . 2010-03-27 17:18 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp2010-03-27 17:18 . 2010-03-27 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp2010-03-27 16:48 . 2010-03-27 17:02 -------- d-----w- C:\Combo-Fix2010-03-27 16:16 . 2010-03-27 16:16 -------- d-----w- c:\users\s.bq\AppData\Roaming\Template2010-03-27 16:09 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll2010-03-27 16:09 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll2010-03-27 16:09 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll2010-03-27 16:09 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll2010-03-27 16:09 . 2002-03-06 04:... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

The topic says most everything.I ran Malwarebytes and it found what it called Trojan.FakeAlert and another bad registry key. I chose to fix the problems using malwarebyes, but after restarting the rogue popup software was still there.I ran a quick scan with MWB again and found another registry key which MWB fixed too.Upon restarting a second time the popups seem to have disappeared, but I decided to play it safe and someone told me to run combofix.After running ComboFix it instructed me to post the results here.I apologize in advance if this shows you that the computer was clean, but I would rather be safe than sorry.Any help you can offer or any time you can dedicate to reviewing this would be greatly appreciated!Thank you in advance.ComboFix 10-04-28.03 - Helen 04/28/2010 22:31:20.1.2 - x86Running from: E:\ComboFix.exeSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\$recycle.bin\S-1-5-21-2068866768-3888667489-438035881-500c:\$recycle.bin\S-1-5-21-386390668-2062263383-2522555131-500c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkc:\users\Helen\AppData\Local\ave.exec:\users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\F1dN2.jpgc:\users\Helen�... Read more

A:Trojan.FakeAlert found by Malwarebytes. Combofix report. Need someone to look at this.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Hi all,

My computer had been infected with Anti Spyware 2010 and braviax.exe which was causing fake alert of virus .

I already had Malwarebytes on machine, when i tried to run it , Malwarebyte would open once but than it would close by itself.

Next time i try to open Malwarebytes from start menu it gives error following error

"windows cannot access specified file,device or path.you may not have appropriate permission to access the file.".

I try uninstalling and fresh installation but no success.

There is same issue with RootRepeal and when i try to boot computer in safe mode it crashes.
Also, I tried collcting logs with Combo-fix but it is not able to run too.
By now i am able to remove Anti_spyware using spyware doctor. but above prob still exists.

Please someone help me.

My system has Windows XP Professional installed on it.

Thanks

A:Not able to run Malwarebytes,RootRepeal,Combofix -infected with Anti_spyware 2010

Hello lovenil and :welcome to BleepingComputer.Please delete the copy of RootRepeal that you have already downloaded then follow the below instructions exactly as given. Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.~BladeIn y... Read more

Read other 4 answers
RELEVANCY SCORE 48.8

I'm hoping someone here can help me, as I've tried just about everything I can think of to solve this problem.

I'm running XP MCE with SP2, athlon 64 x2 3800+ with 1gb of memory.

This machine has been infected with ThinkPoint. I finally got thru the thinkpoint startup screen and booted into a normal windows desktop. I disabled a bunch of startup items that looked suspicious.

I've tried malwarebytes, but it starts the scan and immediately stops after 2 seconds. I've tried renaming the mbam.exe file to anything else, same problem.

i've tried running combofix (also with a renamed file), but it doesn't run. Instead, it just times out and disappears.

hijackthis installs, but then when i try to to a scan and save a log file, it closes, and then hijackthis.exe will no longer run - i get an error message that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I cannot install chrome.

I installed firefox, but just about every page request is redirected to an ad page.

McAfee security suite was installed but I removed it. No changes in anything.

I'd be very appreciative if someone here could help me fix this problem. I can't understand how companies who do this aren't prosecuted.

Thanks!

Oops, forgot to post the details:(A scan with GMER was attempted, but just like malwarebytes and hijackthis, the system closes the window after about 2 seconds and then if I try ... Read more

A:Completely stuck! Thinkpoint infection, can't run malwarebytes or combofix!

bump.

Read other 19 answers
RELEVANCY SCORE 48.4

The viruses below are from the TDSSkiller log:

C:\WINDOWS\system32\drivers\ndproxy.sys a variant of Win32/Rootkit.Agent.NSF trojan unable to clean

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll probably a variant of Win32/Kryptik.YQ trojan unable to clean

Attached is the log from Combofix

After running both of these solutions and malwarebytes my browser(s) as in IE, firefox and chrome all have search results in an seach engine redirect to a spam site.

Does anyone have another solution or fix?

Is reformatting my only option?

Will reformatting my computer actually rid it of these viruses?

Thank you,

ETSI

A:Backdoor Trojans, have run malwarebytes, TDSSkiller and Combofix. Still infected. Suggestions?

I also ran ESET scanner.

Read other 4 answers
RELEVANCY SCORE 48.4

Hi,My computer is infected, and no matter what I did (Working on it 2 days already), the problem still occurs.Problem description:1. An error message is popping up after windows finish loading. This is the message - "RUNDLL | Error loading augry.vko. The specified module could not be found"Problem 2. When I open a folder for example "c:\my folder's\mymusic", the folder/window is getting closed and desktop disappears and appears again.Which means that I can't use the files in this folder.I tried to "Clean" this infection by doing many many things:1. Used Hiren's cd and run different tests like: Malwarebytes' Anti-Malware, Spybot - Search & Destroy. Also Microsoft Security Essentials, AVG scan, NOD32 online scan etc.2. I did the scans above also in SAFE MODE and in XP mini OS (Available in Hiren's CD).These scans did find many infections and I think that also cleaned all of them.. (Sort of..)3. I run also ComboFix but the problem still occurs.ComboFix showed me this 2 messages:System file is infected !! Attempting to restore "X:\i386\system32\lpk.dll"System file is infected !! Attempting to restore "X:\i386\system32\imm32.dll"But in the second Scan I did with ComboFix - It didn't show it anymore.4. I did restored the com via the Microsoft "Restore point" method.But the problem/VIRUS still occurs!This is the ComboFix logs:QUOTE**Lo... Read more

A:help| Infected an Cannot remove the virus (Used: ComboFix, Malwarebytes' Anti-Malware and more)

Anyone can help me please?EDIT: Please be patient. There are over 480 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Read other 2 answers