Over 1 million tech questions and answers.

Error 132 in WoW - Combofix log included

Q: Error 132 in WoW - Combofix log included

So I've been getting an error 132 when I play WoW. I was told to run combofix, but I don't know how to read the log. I was wondering if there is anything that needs to be removed. Thanks in advance.

Here's the log that I received:

ComboFix 11-04-01.01 - jon 01/04/2011 20:24:33.1.4 - x64
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.2.1033.18.8190.6439 [GMT -7:00]
Running from: c:\users\jon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 03:30 . 2011-04-02 03:30 -------- d-----w- c:\users\jon\AppData\Local\temp
2011-04-02 03:30 . 2011-04-02 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 02:50 . 2011-04-02 02:50 -------- dc-h--w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-02 02:50 . 2011-04-02 02:50 -------- d-----w- c:\program files (x86)\Uniblue
2011-04-02 02:50 . 2011-04-02 02:50 -------- d-----w- c:\users\jon\AppData\Local\PackageAware
2011-04-02 00:38 . 2011-04-02 00:38 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-02 00:38 . 2011-04-02 00:38 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-04-02 00:38 . 2011-04-02 00:38 136192 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-02 00:38 . 2011-04-02 00:38 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-04-02 00:38 . 2011-04-02 00:38 -------- d-----w- c:\program files (x86)\Creative
2011-04-02 00:38 . 2007-07-03 20:14 1828352 ------w- c:\windows\system32\adi_oal.dll
2011-04-02 00:38 . 2007-07-03 20:11 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
2011-04-02 00:38 . 2003-11-11 01:10 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-04-02 00:38 . 2003-11-11 01:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-02 00:38 . 2003-11-11 01:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-02 00:37 . 2011-04-02 00:37 -------- d-----w- c:\programdata\SonicFocus
2011-04-02 00:13 . 2008-01-04 20:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-04-02 00:13 . 2008-01-04 20:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-04-01 23:55 . 2011-04-02 00:36 -------- d-----w- c:\users\jon\AppData\Roaming\Download Manager
2011-04-01 23:29 . 2011-04-01 23:29 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-04-01 23:28 . 2011-04-01 23:28 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-04-01 23:23 . 2011-04-01 23:23 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-01 22:16 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113EE3E7-DC7C-4E6D-B007-0A1262E81950}\mpengine.dll
2011-03-31 07:23 . 2011-02-23 15:28 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-03-31 07:23 . 2011-02-23 15:28 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-03-31 07:17 . 2011-04-01 23:45 -------- d-----w- c:\programdata\UAB
2011-03-31 07:17 . 2011-03-31 07:17 -------- d-----w- c:\users\jon\AppData\Local\PC_Drivers_Headquarters
2011-03-31 07:17 . 2011-03-31 07:17 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-03-31 07:16 . 2011-03-31 07:16 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
2011-03-31 07:04 . 2011-03-31 07:04 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-03-31 07:04 . 2011-04-02 01:18 -------- d-----w- c:\users\jon\AppData\Local\eSupport.com
2011-03-31 05:30 . 2011-03-31 05:30 -------- d-----w- c:\users\jon\AppData\Local\{9E17ED6A-3FED-41D3-BEF1-223F270C3981}
2011-03-31 02:43 . 2011-03-31 02:43 -------- d-----w- c:\users\jon\AppData\Roaming\ConsumerSoft
2011-03-31 02:43 . 2011-03-31 03:32 -------- d-----w- c:\program files (x86)\ConsumerSoft
2011-03-31 02:38 . 2011-03-31 02:38 -------- d-----w- c:\users\jon\AppData\Local\{0BE32671-DF56-4741-82A4-4A98A9BA66DA}
2011-03-30 05:07 . 2011-03-30 05:08 -------- d-----w- c:\users\jon\AppData\Local\{02458D32-6029-4D34-889B-CAA41C47F990}
2011-03-28 23:42 . 2011-03-28 23:42 -------- d-----w- c:\users\jon\AppData\Local\{40513F57-AE29-471D-A3E2-E9B9426932D8}
2011-03-26 16:44 . 2011-03-26 16:44 -------- d-----w- c:\users\jon\AppData\Local\{1A2C3EA7-9A9C-43AF-8EAA-74056B181131}
2011-03-26 01:14 . 2011-01-27 01:34 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-26 01:14 . 2011-01-27 01:34 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D40A298-9F21-41D3-97B5-C7E514C5C16A}\gapaengine.dll
2011-03-25 20:19 . 2011-03-25 20:19 -------- d-----w- c:\users\jon\AppData\Local\{D56D7777-13F5-4911-9708-62F1F7DA09C9}
2011-03-25 04:25 . 2011-03-25 04:25 -------- d-----w- c:\users\jon\AppData\Local\{1D8AC6D6-7C84-45A1-A5AE-3F3D3A209308}
2011-03-25 02:24 . 2011-03-25 02:24 -------- d-----w- c:\users\jon\AppData\Local\{7B4EE0BB-03E3-431C-AF77-F190272078A2}
2011-03-24 23:51 . 2011-03-24 23:51 -------- d-----w- c:\users\jon\AppData\Local\{CD41D9BB-445A-4636-B8B4-23F05D275DB2}
2011-03-23 23:39 . 2011-03-23 23:39 -------- d-----w- c:\users\jon\AppData\Local\{634C2AFF-B825-417E-9E5A-70D36D51975A}
2011-03-23 00:04 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 00:04 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-23 00:04 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 00:04 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 00:04 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-22 23:45 . 2011-03-22 23:45 -------- d-----w- c:\users\jon\AppData\Local\{302C931C-A31C-41C0-AC94-67F0E96675A8}
2011-03-22 06:51 . 2011-03-22 06:51 -------- d-----w- c:\users\jon\AppData\Local\{0A3F8F1C-77A1-4B98-B84F-39DE0995A29F}
2011-03-21 16:27 . 2011-03-21 16:27 -------- d-----w- c:\users\jon\AppData\Local\{1112316A-138E-4E40-965B-995978BC4CFE}
2011-03-21 03:43 . 2011-03-21 03:43 -------- d-----w- c:\users\jon\AppData\Local\{6546CCEE-F957-41F2-A07C-D180227E8E8D}
2011-03-19 23:14 . 2011-03-19 23:14 -------- d-----w- c:\users\jon\AppData\Local\{02A6FCAE-6597-4EB8-AC12-723779A302CC}
2011-03-18 21:40 . 2011-03-18 21:40 -------- d-----w- c:\users\jon\AppData\Local\{B8FD705C-6B3A-4847-AFEF-1492348459DC}
2011-03-18 21:04 . 2011-03-18 21:04 -------- d-----w- c:\users\jon\AppData\Local\{4F728BB3-6577-487B-955B-766B8C0C1605}
2011-03-18 02:50 . 2011-03-18 02:51 -------- d-----w- c:\users\jon\AppData\Local\{5C2E17F0-ED22-4876-B479-B4635AC8C243}
2011-03-15 23:54 . 2011-03-15 23:54 -------- d-----w- c:\users\jon\AppData\Local\{1078A135-8B6E-4E25-B56C-FEDC7D64521D}
2011-03-14 05:21 . 2011-03-14 05:21 -------- d-----w- c:\users\jon\AppData\Local\{A7642503-0AC6-41F2-B16D-61CBF752C79F}
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 18:30 . 2011-03-12 18:30 -------- d-----w- c:\users\jon\AppData\Local\{1795FEFC-5ED0-45BF-A06B-D483CF5DA514}
2011-03-11 23:56 . 2011-03-11 23:57 -------- d-----w- c:\users\jon\AppData\Local\{87774542-8710-40BA-8CD5-5BDD0421C8C8}
2011-03-11 06:23 . 2011-03-11 06:23 -------- d-----w- c:\users\jon\AppData\Local\{D51B193E-DCA6-4E94-A065-77D7522113BF}
2011-03-11 00:55 . 2011-03-11 00:55 -------- d-----w- c:\users\jon\AppData\Local\{A15BA43A-E145-46FE-8822-48366904D069}
2011-03-10 06:35 . 2011-03-10 06:35 -------- d-----w- c:\users\jon\AppData\Local\Activision
2011-03-10 04:41 . 2011-03-10 04:41 -------- d-----w- c:\program files (x86)\Activision
2011-03-10 03:01 . 2011-03-10 03:01 -------- d-----w- c:\program files\iPod
2011-03-10 03:01 . 2011-03-10 03:02 -------- d-----w- c:\program files\iTunes
2011-03-10 03:01 . 2011-03-10 03:02 -------- d-----w- c:\program files (x86)\iTunes
2011-03-10 00:53 . 2011-03-10 00:53 -------- d-----w- c:\users\jon\AppData\Local\{9058BDF1-A0FE-4F95-916A-7D734B4976CD}
2011-03-09 01:09 . 2011-03-09 01:09 -------- d-----w- c:\users\jon\AppData\Local\{C0FF35DD-447D-474E-BE61-39E128617DAB}
2011-03-09 00:45 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 00:45 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 00:45 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 00:45 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 00:45 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 00:45 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 00:45 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 00:45 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 00:45 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 00:45 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 00:45 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 00:45 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-08 05:11 . 2011-03-08 05:11 -------- d-----w- c:\users\jon\AppData\Local\{6EC36D24-BE19-4384-BBC8-AFC35D69BD8B}
2011-03-07 07:00 . 2011-03-07 07:00 -------- d-----w- c:\users\jon\AppData\Local\{5DF290AD-9D30-4F7E-A37A-48830519F711}
2011-03-06 07:01 . 2011-03-06 07:01 -------- d-----w- c:\users\jon\AppData\Local\{A285C586-ABE8-487A-A145-3AD641A95BA9}
2011-03-05 18:03 . 2011-03-05 18:04 -------- d-----w- c:\users\jon\AppData\Local\{13ECA711-780C-4309-9721-1DF8E67734B7}
2011-03-04 21:16 . 2011-03-04 21:17 -------- d-----w- c:\users\jon\AppData\Local\{AD3B9DA8-C6E8-4666-BD30-42AD47DA705B}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-12-21 02:53 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-09 04:57 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 15:28 . 2011-02-23 15:28 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-23 15:28 . 2011-02-23 15:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 15:28 . 2011-02-23 15:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 15:28 . 2011-02-23 15:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 15:28 . 2011-02-23 15:28 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 15:28 . 2011-02-23 15:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 15:28 . 2011-02-23 15:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 15:28 . 2011-02-23 15:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 15:28 . 2011-02-23 15:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 15:28 . 2011-02-23 15:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 15:28 . 2011-02-23 15:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
2011-02-23 15:28 . 2011-02-23 15:28 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 15:28 . 2011-02-23 15:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 15:28 . 2011-02-23 15:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 15:28 . 2011-02-23 15:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 15:28 . 2011-02-23 15:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 15:28 . 2011-02-23 15:28 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-02-23 15:28 . 2009-11-03 22:00 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-02-23 15:28 . 2009-11-03 22:00 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-02-03 05:40 . 2010-12-19 03:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-20 16:46 . 2011-02-09 04:46 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 04:46 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 04:46 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 04:46 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 04:46 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 04:46 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 04:46 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 04:46 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 04:46 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 04:46 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 04:46 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 04:46 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 04:46 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 04:46 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 04:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 04:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 04:46 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 04:46 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 04:46 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 04:46 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 04:46 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 04:46 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 04:46 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-09 04:46 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 04:46 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 04:46 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 04:46 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 04:46 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 04:46 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 04:46 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 04:46 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 04:46 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 04:46 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 04:46 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 04:46 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 04:46 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 04:46 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 04:46 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 04:46 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 04:46 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 04:46 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 04:46 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 04:46 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 04:46 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 04:46 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 04:46 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-09 04:46 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-13 10:20 . 2011-01-27 01:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-08 09:03 . 2011-02-09 04:40 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 04:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 04:40 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 04:40 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-08 03:49 . 2011-01-08 03:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 03:49 . 2011-01-08 03:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 03:49 . 2011-01-08 03:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 03:48 . 2011-01-08 03:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:48 . 2011-01-08 03:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"PowerSuite"="c:\users\jon\Desktop\Uniblue\DriverScanner\PowerSuite\launcher.exe" [2010-08-30 67448]
"Google Update"="c:\users\jon\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-22 136176]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Drive Xpert"="c:\program files (x86)\ASUS\Drive Xpert\DriveXpert.exe" [2009-02-02 10231808]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-02 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-02 601088]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1302528]
.
c:\users\jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-28 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files (x86)\ASUS\Drive Xpert\SteelVine.exe [2009-02-02 1286144]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-03-31 21712]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869329415-3424843425-4264633635-1000Core.job
- c:\users\jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 06:54]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-869329415-3424843425-4264633635-1000UA.job
- c:\users\jon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 06:54]
.
2011-04-02 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"UpdateUSB"="c:\windows\inf\UpdateUSB.exe" [2006-06-23 30720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-04-01 20:32:19
ComboFix-quarantined-files.txt 2011-04-02 03:32
.
Pre-Run: 189,764,935,680 bytes free
Post-Run: 189,200,089,088 bytes free
.
- - End Of File - - 8F8E7BACD238BC28FA3C744023D5536D

RELEVANCY SCORE 200
Preferred Solution: Error 132 in WoW - Combofix log included

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Error 132 in WoW - Combofix log included

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 49.6

I'm trying to help my grandparetns with their computer, and they are having some malware problems. I already ran combofix and that has allowed me administrative access again, but I'm still getting popups and there are still weird processes that are running. Also, the CD-Rom drive is still not working.

Here is the combofix log:
ComboFix 08-01-06.5 - Paul J. Wilson 2008-01-06 14:07:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.44 [GMT -5:00]
Running from: C:\Documents and Settings\Paul J. Wilson\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\dgpvkhsy.ini
C:\WINDOWS\system32\dwdaacea.exe
C:\WINDOWS\system32\ksxidvno.dll
C:\WINDOWS\SYSTEM32\npqss.bak1
C:\WINDOWS\SYSTEM32\npqss.ini
C:\WINDOWS\SYSTEM32\onvdixsk.ini
C:\WINDOWS\SYSTEM32\qslmochc.ini
C:\WINDOWS\SYSTEM32\yacqjqty.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 06:27 . 2008-01-06 06:27 75,840 --a------ C:\WINDOWS\SYSTEM32\vnwpuikj.dll
2008-01-05 16:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 08:39 . 2008-01-05 08:39 74,304 --a------ C:\WINDOWS\SYSTEM32\bexipyvs.exe._eac_qt_
2008-01-05 03:45 . 2008-01-05 03:45 1,043,... Read more

Read other answers
RELEVANCY SCORE 49.2

my sister informed me that she has a malignant piece of spyware that uses system sound to make a loud beeping noise with a message from "windows" saying that her computer is out of memory and that she should download a questionable antivirus program from a site with a russian domain name.

the non-trojan antivirus program shes GOT had been unable to run for at least 2 months because she hasnt bothered to reset the license key, i did so and ran combofix but the spyware is still present

the log is below, ive posted this at 10:50 on saturdday night so ill probably get a reply by november

cheers:

ComboFix 09-01-21.04 - Jessie Baxter 2009-01-31 22:28:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.407 [GMT 11:00]
Running from: c:\documents and settings\Jessie Baxter\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 090130-0] *On-access scanning enabled* (Updated)
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-26 00:45 . 2009-01-26 00:45 <DIR> d-------- c:\program files\aquaplay
2009-01-17 17:07 . 2009-01-17 17:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-12 12:42 . 2009-01-12 12:42 <DIR> d-------- c:\windows\BBSTORE
2009-01-12 12:41 . 2009-01-12 12:41 <DIR> d-------- c:\program files\The Learning Company
2009-01-12 12:41 . 2009-01-12 12:41 0 --a------ c:\wi... Read more

A:Combofix has failed me (log included)

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 49.2

Hi, about half of a month ago I clicked on a link and something started downloading onto my computer and had some kind of virus alert window that I tried to 'x' out of quick. I wasn't quick enough. Soon my task manager was missing, all my programs in my Start Menu were missing, and many of my files in my folders were missing (all had the 'hidden' options clicked). I still am unable to get the Accessories to show up in my program files and recently have had alot of trouble getting Acrobat to work online and I cannot open windows Excel files from folders unless routing through the program and then opening them. I downloaded and updated Adaware and spybot, and before getting to these forums used HiJackThis.

Here is the Combofix log as I have seen on other threads.

ComboFix 11-04-03.01 - mlindell06 04/03/2011 20:50:52.1.2 - x86
Microsoft? Windows Vista? Enterprise 6.0.6002.2.1252.1.1033.18.3066.1617 [GMT -5:00]
Running from: d:\desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ... Read more

A:Attacked! Please help! Combofix Log included.

My computer seems to be running better, and all of my files are no longer in their hidden states. HOWEVER, I am still unable to open Microsoft Excel files from their folders on the desktop; I still need to open Microsoft Excel and then open the files by searching for the desktop folder from within the program. If you could please just look over the 3 logs I have posted to see if anything abnormal may be remaining, I would HIGHLY appreciate it. This forum has been most helpful!
Thank you,
Matt

In Order:
1. DDS.txt from dds.scr
2. Ark.txt from gmer

1. DDS.txt from dds.scr

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mlindell06 at 0:05:44.63 on Mon 04/04/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Enterprise 6.0.6002.2.1252.1.1033.18.3066.1472 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsof... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

computer is running slow was wondering if i am infected

here is htj and combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:25 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\S... Read more

Read other answers
RELEVANCY SCORE 48.4

Hi there,I have the google redirect virus on my computer. A couple of days ago I ran combofix which seemed to improve things a little bit, but I am still getting the annoying redirect about 50% of the time. My system runs windows vista and I have AVG virsus scanner (free) which doesnt detect it. If anyone can help me with my problem it will be very much appreciated.Thanks heaps in advance,BrendanCombofix LogComboFix 10-03-07.04 - Don 08/03/2010 16:58:11.1.2 - x86Microsoft? Windows Vista? Ultimate 6.0.6000.0.1252.61.1033.18.2037.1296 [GMT 11:00]Running from: c:\users\Don\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500c:\program files\Mozilla Firefox\components\npclntax.xptc:\program files\Mozilla Firefox\Plugins\npclntax_HotbarSA.dllc:\program files\UVC Video Camera\RunEffect.exec:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65c:\programdata\HotbarSAc:\programdata\HotbarSA\HotbarSA.datc:\programdata\HotbarSA\HotbarSA_kyf.datc:\p... Read more

A:Google redirect combofix log included

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 48

Hi,
I belive I have been infected by a fake antivirus software. The software changed the desktop background with an alert message and kept prompting me to purchase a windows-simil antivirus. McAffe was not able to fix the issue.

I have run combofix and the problem seem to have disapeared.
Please help me identify if further action is required.
Please let me know if I should include combofix log.

Thanks in advance.
Peter.

Read other answers
RELEVANCY SCORE 48

I’m working a Win7 64 bit Ultimate Pc that I suspect has been hit with some type of spyware or virus. There are no popups or browser hijacks that appear, but the system is unbelievably slow. Below is a detailed description of the system and what I've done to clean it up.8 Gigs ramC drive –  720 GB, 340 Gb freeE-drive -  1 .1 Tb, 540 Gb free Processor AMD Athlon II 64 bit x 4 620 Ghz
 
It’s a standalone in its own workgroup. I ran the following utilities which helped:ComboFix The report is attached but I don’t have the background to evaluate what should be deleted.
 
Rogue Kill – Found some registry entries that I had it remove.-  I allowed it to remove the auto update tasks for Google and Adobe to lighten up the system overhead.SuperAntiSpyware – found a few minor items and now it runs cleanMalwarebytes -  – found a few minor items and now it runs cleanTDsKiller – found a few items with the following options selected-      Verify the file digital signatures-      Detect TDLFS file systemAttached are two reports 
 
Conflicker  Checker from Symantec – found nothingSymantec Endpoint protection  12.15.xx – Just found cookies which it deletedSymantec Endpoint Protection displays a message at boot up saying it’s found a process and want to know if I should block it… I respond yes. I don’t kno... Read more

A:Win7 Very Slow - ComboFix and other logs included below

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507229 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 10 answers
RELEVANCY SCORE 48

My mom and dad's laptop got infected recently and they asked me to try and help them out. If you guys could help me clean this up, that would be great. I've gone ahead and produced the HJT and ComboFix logs for you.

First up, the ComboFix log:

ComboFix 09-07-12.03 - Personal 07/12/2009 23:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.803 [GMT -4:00]
Running from: c:\documents and settings\Personal\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090712-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3716171673-943909704-1007950095-1004
c:\recycler\S-1-5-21-396721170-1286414316-1525628887-1005
c:\recycler\S-1-5-21-396721170-1286414316-1525628887-500
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Install.txt
c:\windows\syssvc.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\msncache.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\wiawow32.sys
c:\windows\TEMP\mpj88922.dll
c:\windows\TEMP\mta13187.dll
c:\windows\TEMP\mta33376.dll
c:\windows\TEMP\tmp0_2804712639.bk.old
c:\windows\TEMP\x1c75652.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePack... Read more

A:Please help me clean up this laptop - HJT & ComboFix logs included

And now the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:22 PM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Linksys\WPC100\WLService.exe
C:\Program Files\Linksys\WPC100\WPC100.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ThinkPad\PkgMg... Read more

Read other 3 answers
RELEVANCY SCORE 48

Hello! As many others, I have Vundo and no idea what to do. Any help would be greatly appreciated! From other threads I read I gathered I'm supposed to start by posting HijackThis and ComboFix logs, so here they are:

ComboFix 08-03-03.6 - Administrator 2008-03-02 21:38:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.147 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Administrator\g2mdlhlpx.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini2
C:\WINDOWS\system32\akigaxbj.ini
C:\WINDOWS\system32\akrmyxtm.ini
C:\WINDOWS\system32\aljmvrti.ini
C:\WINDOWS\system32\biivutfg.ini
C:\WINDOWS\system32\cpnckwxm.dll
C:\WINDOWS\system32\dotfgtbj.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eelfryej.dll
C:\WINDOWS\system32\efkxuile.dll
C:\WINDOWS\system32\emgophir.ini
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\hcawfqjl.ini
C:\WINDOWS\system32\jbtgftod.dll
C:\WINDOWS\system32\kslstdpc.ini
C:\WINDOWS\system32\kxjtnkhw.dll
C:\WINDOW... Read more

A:Vundo.gen.b (Hijack & ComboFix logs included)

bump
 

Read other 2 answers
RELEVANCY SCORE 48

Hi all. I discovered your great site while looking for a cure for Smitfraud. I have followed your instructions; installing Recovery Console, running Combofix, and HiJackThis. Combofix ran successfully and now I can access the internet. I am including the logs from these to see how well I did.I originally ran Ad-Aware & Spybot and ran across something I had not seen before, Smitfraud. Since this computer belongs to my boss, and I'm being very careful with it, I'd appreciate any help you can give me.ThanxWes____________________________ComboFix LogComboFix 08-05-08.1 - ALBry 2008-05-10 11:07:10.1 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.776 [GMT -7:00]Command switches used :: C:\Documents and Settings\ALBry\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point.The following files were disabled during the run:C:\WINDOWS\system32\datmps.dll((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\ALBry\Application Data\install.datC:\Documents and Settings\ALBry\cftmon.exeC:\Documents and Settings\LocalService\cftmon.exeC:\WINDOWS\cookies.iniC:\WINDOWS\start.exeC:\WINDOWS\system32\__c006C400.exeC:\WINDOWS\system32\__c006D871.datC:\WINDOWS\system32\__c006E089.datC:\WINDOWS\system32&#... Read more

A:Smitfraud Removal? Combofix & Hjt Logs Included

Hi,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO20 - Winlogon Notify: byvvwts - byvvwts.dll (file missing)O20 - Winlogon Notify: datmps - datmps.dll (file missing)O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll (file missing)O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll (file missing)O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)O20 - Winlogon Notify: __c006D871 - C:\WINDOWS\system32\__c006D871.dat (file missing)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Then, * Go to start > run and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Let me know in your next reply how things are now... Read more

Read other 4 answers
RELEVANCY SCORE 48

I am getting Security Alerts:SPyware Found and System performance warnings. Prompts to download spware software, etc.. The names are [email protected], [email protected], etc..
I did some of my own research and located SmitFraudFix and ComboFix. I followed the instructions and all seemed to go just fine, but the malware remains. Even in safe mode I was getting the pop-ups and spyware warnings. SmitFraudFix did remove my desktop background which seems to indicate that the threat wasn't found. I had several kids over 'playing' with the computer over the weekend. Any help is appreciated. Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:33 AM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
... Read more

Read other answers
RELEVANCY SCORE 48

Hi all--

My normally nice and fast Yahoo! high speed DSL has slowed to a crawl much worse than cheap dial-up. I don't know exactly what I did to the pc--I was downloading some stuff earlier this week, but there were no ill effects at the time--but I do know I need to download some program called Live Text for a class at school, and I don't have the time to wait all year to get there. Firefox won't seem to work at all, so I'm stuck with lousy IE. Let me also clarify that I'm not getting any error messages or popups...that's what's so perplexing.

I'm running an HP a1310n desktop with Windows XP. Here is my Combofix log:

ComboFix 08-02-25.3 - Mary 2008-02-26 18:27:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.424 [GMT -5:00]
Running from: C:\Documents and Settings\Mary\Desktop\temp downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-26 00:56 . 2008-02-26 00:56 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-16 14:09 . 2008-02-16 14:09 <DIR> d-------- C:\Program Files\Audacity
2008-02-16 12:45 . 2008-02-16 12:45 <DIR> d-------- C:\Program Files\Uniblue
2008-02-16 12:45 . 2008-02-16 12:45 <DIR> d-------- C:\Documents and Settings\Mary\Application Data\Uniblue
2008-02-14 11:58 . 2008-02-14 11:58 <DIR> d-------- C:\Documents and Settings\Anthony\Application Data\Logitech... Read more

Read other answers
RELEVANCY SCORE 48

Hey my girlfriends computer gets random popups from WinAntivirus ads and various other ads. I tried to delete these adware by using CCleaner and Hijackthis and going through her program files and individually deleting suspicious files. However it is still happening and I am scared she might be getting her information stolen. Here are the logs:

--------------------------------------------------------------------------------------------------

ComboFix 07-09-14.2 - "Owner" 2007-09-23 14:21:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.129 [GMT -7:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\SYSCHECK.LOG
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A1\MID2DLL.EXE
C:\WINDOWS\system32\avxmceng.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\H2
C:\WINDOWS\system32\htudeasj.exe
C:\WINDOWS\system32\iiffedd.dll
C:\WINDOWS\system32\mljkiij.dll
C:\WINDOWS\system32\oxdyjmoh.dll
C:\WINDOWS\system32\Q2
C:\WINDOWS\system32\Q2\MON33DLL.EXE
C:\WINDOWS\system32\tkedrkh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 01:54 85,568... Read more

A:Girlfriend's computer needs help - combofix and hijackthis log included

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
In the Processes group click Non-Microsoft
In the Win32 Services group click Non-Microsoft
In the Driver Services group click Non-Microsoft
In the Registry group click ALL
In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
In the File String Search group select ALL
in the Additional scans sections please press select all and then unselect event viewer. uncheck non-microsoft only
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Use the Reply button and attach the notepad file here . I will review it when it comes in.
 

Read other 2 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

My net is very slow since yesterday and its not in the server... My net used to be very fast because im paying around like 100 dollars for my net... here is my combofix report: I guess there are no viruses ...

"user" - 2008-03-03 20:56:39 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\user\My Documents\My Pictures\"
((((((((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))
2008-02-14 13:59 <DIR> d--hs---- C:\FOUND.039
2008-02-09 15:22 <DIR> d--hs---- C:\FOUND.038
2008-02-07 15:45 <DIR> d--hs---- C:\FOUND.037
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-01-19 15:07:46 -------- d-----w C:\Program Files\Ofb1
2007-12-04 18:38:14 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="C:\Program Files\FlashGet\jccatch.dll"
"{3E1500AC-87A5-416b-A211-82E848649DA9}"="C:\PROGRA~1\Ofb1\Ofb1.dll"
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"="C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}&... Read more

Read other answers
RELEVANCY SCORE 47.6

Hi all.

I am currently performing a fix on a computer which, when you log in to the user account, pops up with a window redirecting to a Japanese adult site. Closing the window just causes it to pop up again within a minute. Running through normal antivirus (AVG) and antispyware (Malwarebytes, Spybot S&D, Ad-Aware and SUPERAntiSpyware) yields no results.

I ran HijackThis, and found two suspect entries in the log:
Code:
O4 - HKCU\..\Run: [VqrusSholtcut] "C:\Documents and Settings\Tony\Application Data\Malwarebytes\Sholtcut"
O4 - HKCU\..\Run: [eGUC40132_6197508] "C:\WINDOWS\system32\mshta" http://034e.serveradmin.me/scsyl6/VxjSmyCZDwLE7Y7~fR9-5g.htm
and since running virus and spyware scans on the individual files and folders still yielded no results, I downloaded and ran Combofix. This seems to have helped, but I need further assistance to ensure that the system is clean. The logs are attached below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:13 PM, on 10/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:... Read more

A:Website appears at startup (HJT and Combofix logs included)

ComboFix 11-10-11.05 - Tony 12/10/2011 12:14:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1247.631 [GMT 11:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tony\Application Data\inst.exe
c:\windows\system32\CddbCdda.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-11 14:43 . 2008-04-13 18:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-11 14:43 . 2001-08-17 11:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-11 14:43 . 2008-04-13 18:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-11 14:43 . 2001-08-17 11:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-11 14:43 . 2001-08-17 11:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-11 14:42 . 2001-08-17 11:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-11 14:41 . 2001-08-17 01:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-11 14:41 . 2008-04-13 11:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-11 14:41 . 2008-04-13 11:04 120... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

I'm having problems opening some webpages and I often experience slow download speeds and lag. Thank you for your help.

hijackthis log file....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:55 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Inter... Read more

Read other answers
RELEVANCY SCORE 47.6

Hello,

I can't get rid of the trojandownloader.xs problems that I've been having using trendmicro PCillin or xoftspySE. I've been running around this forum looking for some help so I have come to the conclusion that I needed a combofix log and a Highjackthis log.

If anyone can help me out I would greatly appreciate it

Here are the two logs first is ComboFix Then HighJackthis:

ComboFix 08-04-03.5 - Adam 2008-04-04 14:56:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1323 [GMT -5:00]
Running from: C:\Documents and Settings\Adam.VERTACY\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Adam.VERTACY\Desktopblackbird.jpg
C:\Documents and Settings\Adam.VERTACY\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Adam.VERTACY\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Adam.VERTACY\Desktopfilemanagerclient.exe
C:\Documents and Settings\Adam.VERTACY\Desktopfkwp1.5.exe
C:\Documents and Settings\Adam.VERTACY\Desktopfkwp2.0.exe
C:\Documents and Settings\Adam.VERTACY\Desktopfwebd.exe
C:\Documents and Settings\Adam.VERTACY\DesktopFWebdEditor.exe
C:\Documents and Settings\Adam.VERTACY\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Adam.VERTACY\Desktopvirii
C:\Documents and Settings\Adam\Application Data\tmp128.tmp.exe
... Read more

Read other answers
RELEVANCY SCORE 47.6

In case this might help with the identification of my redirect problem submitted a few minutes ago under combofix. Here is my hjackthis log. Thank you again.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:11:39 PM, on 4/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\MSOffice\Office\MSOFFICE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Rai\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\I... Read more

Read other answers
RELEVANCY SCORE 47.6

I have major problem here: XP, IE ver. 6.0.29 I am connected to my broadband: ipconfig, etc work fine. When attempting to load any page using a browser, IE or Firefox, I get an error (Page cannot be displayed, could not open search page, etc). In the footer of the window I can see the actions and it is going through some sort of sequence. When trying to open google.com, the browser will try google.com.com, google.com.org, google.com.net, google.com.edu...etc. Some sort of malware it looks like. I ran combofix and here are the results, please let me know if Hijack this is preferred in this instance: any and all help is very much appreciated - Thanks in advance: <P>
<P>
ComboFix 08-11-10.01 - Jim 2008-11-11 22:30:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.225 [GMT -5:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 21:05 . 2008-11-11 21:05 <DIR> d-------- c:\program files\Lavasoft
2008-11-11 21:05 . 2008-11-1... Read more

A:IE & Firefox will not load, Broadband connected, ComboFix log included

Maybe I am going about this the wrong way but I could really use some help...I'm at a loss here. The HiJackThis log is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:36 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

Hi,

Recently i downloaded a torrent file and installed kaspersky, i then donwloaded another torrent for a serial because the first torrents serials were not working.

After i installed the serials all seemed fine but after the reboot when i clicked on internet explorer my home page didnt appear but instead google did i also got another pop up window with a spam website.

I deleted everything i downloaded, did a spyware scan with spysweeper also a virus scan, i rebooted and same problem. The pop-up only appear when i click to go online i a gettn same probles wih firefox as well.

I tried downloading the latest windows update but th update seems to be disabled.

At the moment i am using wndows xp i have also included my HJT & Combofix logs, hope this helps.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:51, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\W... Read more

Read other answers
RELEVANCY SCORE 47.6

Hello all, I'm new but I've already gone through the ComboFix report to pin-point the issue. Still, its a little mysterious to me...this computer has been getting module/dll errors left and right, pop-ups have been randomly tying up the processor and eventually shuts down the system. I've run Spybot prior to using ComboFix, but unfortunately have received the same issues as stated.I did some research and found that there are these steps to permanently remove the virtumonde trojan hxxp://www.fixvirtumondedll.com/, without it replicating itself back into the registry...but I'd like a second option. Here is the log report from ComboFix..thanks to anyone who can assist!((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:recycledNPROTECT00000000.DATc:recycledNPROTECT00000001.DATc:recycledNPROTECT00000002c:recycledNPROTECT00000003c:recycledNPROTECT00000004c:recycledNPROTECT00000005c:recycledNPROTECT00000006c:recycledNPROTECT00000007c:recycledNPROTECT00000008c:recycledNPROTECT00000009.RDBc:recycledNPROTECT00000010.DATc:recycledNPROTECT00000011c:recycledNPROTECT00000012c:recycledNPROTECT00000013c:recycledNPROTECT00000014c:recycledNPROTECT00000015c:recycledNPROTECT00000016.DATc:recycledNPROTECT00000017c:recycledNPROTECT00000018c:recycledNPROTECT00000019c:recycledNPROTECT00000020c:recycledNPROTECT00000021c:recycledNPROTECT00000022c:recycledNPROTECT00000023c:recycledNPROTECT00000024c:recycledNPROTECT00000025c:recycledNPROT... Read more

A:Virtumonde/Vundo Trojan? ComboFix Report Included

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Firstly, the link to the Vundo repair is out of date. It uses a tool called Vundofix which is no longer updated and so has become obsolete.Secondly,You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.Finally, please run DDS and RootRepeal so I can take a look at the PCDownload DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about ... Read more

Read other 2 answers
RELEVANCY SCORE 47.6

Hi,

I have been struggling with a very persistent Virtumonde (?) infection which I think is finally beaten, but im not very sure. I read through some of the other threads on this forum and tried the following steps after downloading the necessary tools-

1. Ran a full spyware scan using SUPERAntiSpyware (Free Edition) and found infections which i quarantined and deleted.
2. Ran the ComboFix tool and cleaned the infections. (Attaching the log below)
3. Ran another scan using SUPERAntiSpyware and this time it showed no infections.
4. Ran HJT and am attaching the log below.

I have previously tried 'VundoFix' , 'VirumondeBegone' , and 'ATF Cleaner'
Can someone please check this log for me and tell me if i am clean now, or what do i have to do next?

Thank you!
-------------------------------------------------------------------------------------------------------
2007-07-24 17:08:38 [GMT 5.5:30] - ComboFix 07-07-24 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\domfhexm.dll
C:\WINDOWS\system32\hwwarnbe.dll
C:\WINDOWS\system32\jxqrislm.dll
C:\WINDOWS\system32\mxehfmod.ini
C:\WINDOWS\system32\ebnrawwh.ini
C:\WINDOWS\system32\mlsirqxj.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))... Read more

A:Solved: Virtumonde Infection cleaned? HJT log and ComboFix log included

Read other 11 answers
RELEVANCY SCORE 47.6

Hi

I have a Vundo and Downloader virus on my computer. I've download and ran ComboFix and ran hijack this after. I've included both my logs and would really need some help with getting rid of these viruses for good.

ComboFix 07-10-11.1 - Jasmin 2007-10-11 10:50:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.176 [GMT -7:00]
Running from: C:\Documents and Settings\Jasmin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mantec~1\??mantec\
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Prog... Read more

A:Solved: Vundo Help Needed, Combofix & HJT logs included

Read other 13 answers
RELEVANCY SCORE 47.6

Computer was shutdown incorrectly and no longer have start menu! Please assist.ComboFix 08-06-20.4 - Administrator 2008-06-29 21:38:06.1 - NTFSx86Running from: C:\Documents and Settings\Administrator.LINDA-CB1E96E1B\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Shannon\Application Data\Sskknwrd.dllC:\Program Files\casC:\Program Files\Common Files\downloadC:\Program Files\Common Files\download\freeprodtb.exeC:\Program Files\Common Files\uninstall informationC:\Program Files\Common Files\windowsC:\Program Files\Common Files\windows\AutoIt3.exeC:\Program Files\mailskinnerC:\Program Files\mailskinner\update.epkC:\Program Files\SecCenterC:\WINDOWS\PerfInfoC:\WINDOWS\system32\CacheC:\WINDOWS\system32\curity~1C:\WINDOWS\system32\mbols~1C:\WINDOWS\system32\njprckhaC:\WINDOWS\system32\stem~1.((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))).2008-06-29 21:26 . 2008-06-29 21:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Searc... Read more

A:No Start Menu Or Desktop Icons. Combofix Log Included!

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed.

Read other 1 answers
RELEVANCY SCORE 47.6

Dear Tech Guys,

Yesterday my McAfee started detecting a Downloader.gen.a trojan (File Path: C:\windows\inf\dvdromdrvs.inf) that it cannot remove.

I can't even see this file in the suggested folder! I tried to restore to a clean point, but my OS couldn't do it after multiple attempts.

So I have just run ComboFix. It deleted some other bugs but not this one. McAfee still detects it. What should I do?

The ComboFix log is attached here. BTW, after ComboFix run, it reseted the clock a year behind?! Just look at the end of its log file. Is this a well known bug in ComboFix itself?

Due to the length limit, the latest HJT log is listed in a separate post following this one. Please help!!

ComboFix 08-03-08.2 - YJ 2008-03-08 20:57:07.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1522 [GMT -7:00]
Running from: C:\Documents and Settings\YJ\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\t
C:\Documents and Settings\All Users\Application Data\t\a2001.dat
C:\Documents and Settings\All Users\Application Data\t\b2001.dat
C:\Documents and Settings\All Users\Application Data\t\k2001.dat
C:\Documents and Settings\All Users\Application Data\t\p2001.dat
C:\Documents and Settings\All Users\Application Data\t\r2001.dat
C:\WINDOWS\Downloaded Program Files.\entxkdc.dll
C:\WINDOWS\Downloaded Program Files.\zgr.dll
C:\WINDOWS\... Read more

A:Downloader.gen.a trojan cannot be removed by combofix? logs included.

Read other 7 answers
RELEVANCY SCORE 47.2

I consider myself pretty adept at computers (I'm posting from work where I'm a computer tech for crying out loud!) but this is by far the most heinous virus I've ever encountered! I have run spybot S&D, Norton, ad-aware, and they say they they clean it and it pops up again. They certainly made it much better than before, now I'm just getting annoying popups and my bandwidth is being hogged, but before that I couldn't do jack in safe mode, I couldn't access the internet, I was getting incessant errors that were attempts to quit explorer, it even removed my system restore points! I was originally running nod32 and it didn't even see it when it compromised my system, I also ran the virtumonde remover program and it detected no infections. So as stubborn as I am, I'm at the end of my rope, please help me!Here are my logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:49:56 AM, on 6/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common... Read more

A:Infected With Very Stubborn Virtumonde, Hijackthis! And Combofix.exe Logs Included

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Combofix is updates quite regularly, so please download the latest version from here to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log (using fluffybunny).Thanks,Charles

Read other 11 answers
RELEVANCY SCORE 47.2

I'm running Windows XP, service pack 2, and it seems that I've got Trojan Vundo and Downloader.
I ran ComboFix and HijackThis... here are the logs.

ComboFix 07-10-27.4 - Name 2007-10-27 1:34:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.559 [GMT -4:00]
Running from: C:\Documents and Settings\Name\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cnqagbyk.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\pmnnn.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-27 01:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 23:20 82,249,930 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-10-11 13:13 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-10-11 13:13 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-10-11 13:12 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-11 13:12 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-09 18:24 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-01 12:01 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 21:19 ------... Read more

A:Solved: Trojan Vundo problem, HJT and ComboFix logs included

Read other 9 answers
RELEVANCY SCORE 46.4

Hi everyone,
My AVG caught a Trojan a couple days ago that I've been working on getting rid of but it's fighting back. So far I haven't really seen any symptoms except for my computer running a little slower than normal.

I looked at some of the other posts here and noticed it was usually recommended that people run ComboFix and post that log along with the Hijackthis log. So I followed those instructions and here you go.

Any help would be greatly appreciated,
Thanks so much in advance!
-Jessa
Hijackthis log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:03 PM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\P... Read more

A:Trojan in my system32 folder WinXP ComboFix and Hijackthis logs included

ComboFix log if needed-

ComboFix 09-01-20.05 - Alien 2009-01-21 12:16:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1982.1558 [GMT -6:00]
Running from: c:\documents and settings\Alien\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\clear.bat
c:\windows\IE4 Error Log.txt
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 09:52 . 2009-01-21 09:52 <DIR> d-------- c:\program files\Trend Micro
2009-01-20 21:25 . 2009-01-20 21:25 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-20 21:25 . 2009-01-20 21:25 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-20 21:25 . 2009-01-20 21:25 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-20 21:25 . 2009-01-20 21:25 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-20 12:32 . 2009-01-20 12:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 12:32 . 2009-01-20 12:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 12:32 . 2009-01-20 12:32 <DIR> d-------- c:\documents and sett... Read more

Read other 1 answers
RELEVANCY SCORE 45.2

for some reason my laptop keeps showing the blue screen over and over... i formatted the comp numerous times but it still keeps showing up ... i would be listening to music or be online and all of a sudden the screen would go all blue and then i have to restart the computer......this is getting annoying

A:Blue Screen Keeps Coming Up And Makes Me Restart Comp.., Decided To Do A Log, Combofix And Uninstall List Included

I do not see a log attached. Have you followed the steps here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 1 answers
RELEVANCY SCORE 42.8

Hello, I have tried everything I know to remove this problem myself, your help would be greatly appreciated.

Computer
Compaq Evo1020v
Windows XP Professional SP2
Windows firewall
AVG Free Anti-virus 8 (current and up to date)

Background
-downloaded freeware program from web
-scanned with AVG and no problems returned
-ran program
-AVG instantly picks up multiple threats then computer crashes to blue screen of death.

-computer restarted in safe mode
-"anitvirusxp08" logo appeared on desktop
- target folder deleted manually

-computer restarted under normal mode
-windows starts then crashes to blue screen saying "your computer has experienced a problem and will be shut down to prevent further damage" (or something like this) citing the problem BOGUS_DRIVER. Subsequent restarts have returned problems like "EMBEDDED_WAIT_OBJECTS_EXCEDED" and "PANIC_STACK_SWITCH"...etc
- but computer recovers and windows continues to load.
- then AVG picks up multiple threats which were moved to vault.

Attempted fixes
- Ran "Hijack This" and saved log (not included here)
- Ran ComboFix and saved log (included below)
- Ran AVG full computer scan: Picked up two spyware problems: WinFixer.ATY WinFixer.ATW in C:\Program Files\rhcem2j0et9pSkin (Incidently a new version of the same folder deleted while in Safe mode as it was the target of the desktop "anitvirusxp08" icon).
- Restarted computer, with same crash, recover and detection of prob... Read more

Read other answers
RELEVANCY SCORE 42.4

Hi,

First I would like to thank you for your time.
Recently, I've experienced a lot of popups on sites where there should've been none like BBC news and Google. I decided to run a spybot check and it listed a few trojans, all of which were removed except for one named "Virtumonde.prx"

I've googled looking for a removal tool, but it seems like there isn't any.

Here are both my Combofix and HJT logs:

ComboFix 08-11-24.03 - Valued Customer 2008-11-25 9:58:18.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.454 [GMT -5:00]
Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\amurihuj.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\awujanur.ini
c:\windows\system32\gevimoji.dll
c:\windows\system32\hatakuvu.dll
c:\windows\system32\ijomiveg.ini
c:\windows\system32\juhiruma.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\naruhogo.dll
c:\windows\system32\nominenu.dll
c:\windows\system32\runajuwa.dll
c:\windows\system32\sawulero.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\sugemage.dll
c:\windows\system32\totezahe.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 00:07 . 2008-11-24 00:07 153 --a------ c:\windows\wininit.ini
2008-10-27 15:06 . 20... Read more

A:Infected with "Virtumonde.prx" (Combofix and HJT log included)

Heres a recent scan with Malwarebytes:

Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 2

11/26/2008 10:01:12 PM
mbam-log-2008-11-26 (22-01-12).txt

Scan type: Quick Scan
Objects scanned: 51477
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------

It says i'm clean, did combofix do the trick?
 

Read other 1 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers
RELEVANCY SCORE 38

Hi,

I ran combofix in my laptop (OS Win 7). After that I am getting error whenever trying to open files... Err!: "Illegal Operation attempted on a registry key that has been marked for deletion. Help me!!!

Urgent Please

A:error after combofix

Hi Team,

I would like to remove this as the issue is been resolved. I have reinstalled the IE and issue resolved completely... Hope you can recommend this for others also...

Read other 2 answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran atf cleaner,ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-16 17:36:43 - ComboFix 07-07-16.4 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))2007-07-16 16:59 <DIR> d-------- C:\WINDOWS\LastGood2007-07-15 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe2007-07-15 22:00 <DIR> d-------- C:\WINDOWS\pss2007-07-15 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue((((((((... Read more

Read other answers
RELEVANCY SCORE 38

After Running AVG Business edition and Malware-Bytes, was unable to remove a virus threat entitled "Tojan virus Agent_r.AHR". Have used and performed ComboFix several times at the advice on users on the forum and knew that after the failed attempts to remove the virus using previous scanners, ComboFix was the next step. Error Log follows below:ComboFix 11-07-05.02 - Register 6 07/05/2011 14:27:56.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1578 [GMT -5:00]Running from: c:\documents and settings\Register 6\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\kernel.dll..((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))..2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\Register 6\Application Data\Malwarebytes2011-07-05 17:37 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-05 17:37 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-... Read more

A:ComboFix Error Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 38

trying to run combofix and it starts up fine but before it does any "Completed stages" it says "\Microlab\Searchengin\ was unexpected at this time." and just has a flashing cursor.

Any ideas!?
 

A:combofix error

Read other 16 answers
RELEVANCY SCORE 38

hi guys,
 
every times i can try to start combofix i receive this error:
 
error writing c:\32788R22FWJFW\023.dat
 
how can i solve it??
 
thanks in advance

A:error of combofix.exe

Hello and welcome to BC,
 
Please read this topic about Combofix: ComboFix usage, Questions, Help? - Look here
 
You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide. 
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
 
 
Let me know if you need any help with that. 

Read other 4 answers
RELEVANCY SCORE 38

Ok so we are getting the following error on 20+ pc's on a domain based network. We get this error on basically every PC we log into and run combofix on. We have tried MANY rootkit removal utilities with no luck. (ie malwarebytes, combofix, sdfix, rootkit revealer, Trend rootkit, mcafee rootkit, superantispyware, etc...) The server has also been scanned... We've deleted the users profiles on the server and on the local PC's, we've even completely reloaded a PC and added it back to the domain and the message came back immediately after running combofix on a clean profile. After the error pops up it prompts us to reboot the computer and then it runs combofix again and finds nothing. If we wait a little while after that it comes back up again... If anyone has seen this or has any input it would be greatly appreciated!

A:Combofix error

Hello and welcome to BleepingComputer.I take it this is about a corporate network? If so, you really should consider a reformat or having the IT department taking this down. We cannot possibly work on 20 computers at a time in this forum. Besides, while cleaning one computer, malware would spread through the network and reinfected it, and so undo all our work.To have a chance to successfully clean all machines, you will need to isolate all of them, make sure all of them are completely clean as well as any removable storage and only after that reconnect the computers.

Read other 2 answers
RELEVANCY SCORE 38

I downloaded the newest version of Combofix on 7/8/10. When it is run it detects a Rootkit. I say OK to reboot. XP hangs during shutdown. After 4 hours it still has not shut down and rebooted. If I do a cold boot Combofix then runs but finds no problems and deletes nothing upon completion. If I reboot and run ComboFix again the same thing happens (finds a Rootkit but hangs during reboot). I put a different hard drive with XP that I know if be malware free. When Combofix is run it has the same exact issue.

A:Combofix Error

Please note the message text in blue at the top of the Am I infected? What do I do? forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. With that said, there are circumstances ComboFix will hang or stall at various stages due to malware interference, failure to disable any other real-time protection tools and CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. While that is not normal behaviour, it is not unusual. In such cases, it is helpful to know at what stage CF stalled and to provide that information to the Helper who is assisting you so they can investigate.If you need assistance with your malware infection, please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT h... Read more

Read other 1 answers
RELEVANCY SCORE 38

Okay, I'm just looking to pick up a couple ideas from the kind and wonderful people here.

I use combofix fairly regularly with my job, I'm lead tech for a small district of a large corp. and I was introduced to combofix a couple years ago and found that it simplifies the cleanup and removal of certain malware to where I can take care of them in mere moments.

And so I had a customer with sysguard on it, sysguard is not a new bug, nor is it exceptionly bad, just annoying. Program wise its actually very similar to smitfraud, and can be removed using some of the same tactics. But combofix can kill it in one fell swoop, unfortunately when I ran it this last time I received the error Not Admin when it started scanning. I went though everything I could think of to find where this permission error was coming from, but its WinXP MCE sp3, there are not a lot of choices inside the Administrator Account in SafeMode.

I went and manually removed the hoaxware, much more time consuming. I decided to try combofix again just to see if the bugger was what was stopping it from running, but I get the same error. Everything else I have runs fine, even the batch and com tools that I have.

So, anyone with information would be good. I unfortunately will not be able to post any logs as I do not have access to the computer anymore. I'm mostly looking for ideas that i can try in case I run into this again.

Read other answers
RELEVANCY SCORE 38

I recently was infected by a virus so I ran Malware Bytes which usually takes care of any viruses pretty well. After it scanned there was one that it said it could not be removed so I assumed it was one that would be cleaned upon reboot. I scanned again anyway after reboot several times but it comes back with nothing but my browsers keep redirecting to random sites. Previously to fix this, i've used ComboFix which has successfuly fixed that. I still had the Combofix file on my computer so I ran Rkill first (which only killed a Google Updater) then CombFix. My ZA firewall put up connection alerts several times for IE and Firefox, and either accepting or declining them, I get an error message from ComboFix that says "error - win32 only" in English and several other languages and it never starts. I have XP pro on my machine, i've downloaded the most recent one (combofix) available from here at BC and even tried to run it in safe mode. What is the problem? Can anyone help? Anyone experience this?

A:Combofix error

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computerYou shouldn't be running ComboFix without supervision by staff here at BC.

Read other 3 answers
RELEVANCY SCORE 38

Below is a log from my combofix scan - I have infections in .ddl files - how do I get them 'resolved'?

ComboFix 09-11-29.02 - Administrator 11/29/2009 18:08.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.255.154 [GMT -5:00]
Running from: c:\windows\TEMP\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ac3_0010.exe
C:\mte3ndi6odoxng.exe
c:\progra~1\COMMON~1\{28301~1

c:\progra~1\COMMON~1\{38301~1

c:\program files\deskbar

c:\program files\deskbar\inst.bat

c:\program files\internet optimizer

C:\rdfx4.exe

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\nem220.dll

c:\windows\smdat32a.sys

c:\windows\smdat32m.sys

c:\windows\start.exe

c:\windows\system32\clrviddc.dll

c:\windows\uninst2.htm

c:\windows\unist1.htm

c:\windows\Web\default.htt



c:\windows\system32\qmgr.dll . . . is infected!!



c:\windows\system32\comres.dll . . . is infected!!



.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.



2009-11-21 20:28 . 2009-11-21 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2009-11-08 23... Read more

Read other answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-15 19:57:40 - ComboFix 07-07-16 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue2007-07-15 13:08 51,200 --a------ C:\WINDOWS\nircmd.exe(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-11 21:51:13 -------- d-----w C:&#... Read more

A:Error Using Combofix.exe

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 3 answers
RELEVANCY SCORE 38

I was advised to run ComboFix as a possible solution to the problem that I'm having accessing some files (Access is Denied) and activating command lines such as chkdsk, where I am told that I do not have sufficient privileges.

I am the administrator on a private pc.

Unfortunately I did not read the instructions regarding preparation so I do not have a helper. The DDS does not download, but I have attached the log report.

Can anyone pls advise what I should do? There is no change in the problem of file access and privilege level.

A:ComboFix error

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461730 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers