Over 1 million tech questions and answers.

ComboFix Error Log

Q: ComboFix Error Log

After Running AVG Business edition and Malware-Bytes, was unable to remove a virus threat entitled "Tojan virus Agent_r.AHR". Have used and performed ComboFix several times at the advice on users on the forum and knew that after the failed attempts to remove the virus using previous scanners, ComboFix was the next step. Error Log follows below:ComboFix 11-07-05.02 - Register 6 07/05/2011 14:27:56.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1578 [GMT -5:00]Running from: c:\documents and settings\Register 6\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\kernel.dll..((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))..2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\Register 6\Application Data\Malwarebytes2011-07-05 17:37 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-05 17:37 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-04 14:25 . 2011-07-04 14:25 -------- d-----w- c:\program files\Common Files\Adobe2011-06-16 02:59 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-06-16 02:59 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-05 19:35 . 2010-06-14 19:27 0 ----a-w- c:\documents and settings\Register 6\Local Settings\Application Data\WavXMapDrive.bat2011-05-02 15:31 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 17:25 . 2008-04-25 16:16 151552 ----a-w- c:\windows\system32\schannel.dll2011-04-29 16:19 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 14:47 . 2008-04-25 16:16 667136 ----a-w- c:\windows\system32\wininet.dll2011-04-25 14:47 . 2008-04-25 16:16 61952 ----a-w- c:\windows\system32\tdc.ocx2011-04-25 14:47 . 2008-04-25 16:16 81920 ----a-w- c:\windows\system32\ieencode.dll2011-04-25 12:56 . 2008-04-25 16:16 369664 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37 . 2008-04-25 16:16 105472 ----a-w- c:\windows\system32\drivers\mup.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2009-11-24 19:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2009-11-24 19:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-28 141336]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-28 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-28 142872]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-24 149280]"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 158592]"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http:" [X].c:\documents and settings\Register 6\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]Set System Time.LNK - c:\ksv\settime.exe [2010-6-14 32751].c:\documents and settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\SIPS\\sips.exe"="c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"="c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "67:UDP"= 67:UDP:DHCP Server.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/24/2010 12:13 PM 24064]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [5/24/2010 8:39 AM 13336]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/24/2010 12:13 PM 166568]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM..------- Supplementary Scan -------.mStart Page = hxxp://www.dell.comIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254 192.168.1.254FF - ProfilePath - c:\documents and settings\Register 6\Application Data\Mozilla\Firefox\Profiles\ibpdj4qx.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6dc2f&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 61111FF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-07-05 14:35Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\docume~1\REGIST~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable.scan completed successfullyhidden files: 1.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(716)c:\windows\System32\TdmNetworkProvider.dllc:\windows\System32\WCR10.dll.- - - - - - - > 'explorer.exe'(2924)c:\windows\system32\igfxdo.dllc:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.------------------------ Other Running Processes ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exec:\windows\system32\SearchIndexer.exec:\windows\system32\wscntfy.exec:\windows\system32\wbem\unsecapp.exec:\windows\system32\igfxsrvc.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2011-07-05 14:38:25 - machine was rebootedComboFix-quarantined-files.txt 2011-07-05 19:38.Pre-Run: 143,269,847,040 bytes freePost-Run: 143,408,291,840 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 60830548120DA49E6EDD3EAA81255E08

RELEVANCY SCORE 200
Preferred Solution: ComboFix Error Log

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: ComboFix Error Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan again:Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logThanks and again sorry for the delay.

Read other 2 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran atf cleaner,ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-16 17:36:43 - ComboFix 07-07-16.4 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))2007-07-16 16:59 <DIR> d-------- C:\WINDOWS\LastGood2007-07-15 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe2007-07-15 22:00 <DIR> d-------- C:\WINDOWS\pss2007-07-15 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue((((((((... Read more

Read other answers
RELEVANCY SCORE 38

I recently was infected by a virus so I ran Malware Bytes which usually takes care of any viruses pretty well. After it scanned there was one that it said it could not be removed so I assumed it was one that would be cleaned upon reboot. I scanned again anyway after reboot several times but it comes back with nothing but my browsers keep redirecting to random sites. Previously to fix this, i've used ComboFix which has successfuly fixed that. I still had the Combofix file on my computer so I ran Rkill first (which only killed a Google Updater) then CombFix. My ZA firewall put up connection alerts several times for IE and Firefox, and either accepting or declining them, I get an error message from ComboFix that says "error - win32 only" in English and several other languages and it never starts. I have XP pro on my machine, i've downloaded the most recent one (combofix) available from here at BC and even tried to run it in safe mode. What is the problem? Can anyone help? Anyone experience this?

A:Combofix error

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computerYou shouldn't be running ComboFix without supervision by staff here at BC.

Read other 3 answers
RELEVANCY SCORE 38

Hi,

I ran combofix in my laptop (OS Win 7). After that I am getting error whenever trying to open files... Err!: "Illegal Operation attempted on a registry key that has been marked for deletion. Help me!!!

Urgent Please

A:error after combofix

Hi Team,

I would like to remove this as the issue is been resolved. I have reinstalled the IE and issue resolved completely... Hope you can recommend this for others also...

Read other 2 answers
RELEVANCY SCORE 38

hi guys,
 
every times i can try to start combofix i receive this error:
 
error writing c:\32788R22FWJFW\023.dat
 
how can i solve it??
 
thanks in advance

A:error of combofix.exe

Hello and welcome to BC,
 
Please read this topic about Combofix: ComboFix usage, Questions, Help? - Look here
 
You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide. 
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
 
 
Let me know if you need any help with that. 

Read other 4 answers
RELEVANCY SCORE 38

Hey guys:I ran combofix and got this error right after the log window:Could Not Find C:\WINDOWS\system32\drivers\Combo-Fix.sysI don't know if the program is finished running or not because that screen just sits there.I'm not sure if I should close the window or not? ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix error

This is why we have warnings posted and recommend that you do not run it on your own.
I will see if I can find an answer for you

Read other 6 answers
RELEVANCY SCORE 38

I was advised to run ComboFix as a possible solution to the problem that I'm having accessing some files (Access is Denied) and activating command lines such as chkdsk, where I am told that I do not have sufficient privileges.

I am the administrator on a private pc.

Unfortunately I did not read the instructions regarding preparation so I do not have a helper. The DDS does not download, but I have attached the log report.

Can anyone pls advise what I should do? There is no change in the problem of file access and privilege level.

A:ComboFix error

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461730 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 38

I downloaded the newest version of Combofix on 7/8/10. When it is run it detects a Rootkit. I say OK to reboot. XP hangs during shutdown. After 4 hours it still has not shut down and rebooted. If I do a cold boot Combofix then runs but finds no problems and deletes nothing upon completion. If I reboot and run ComboFix again the same thing happens (finds a Rootkit but hangs during reboot). I put a different hard drive with XP that I know if be malware free. When Combofix is run it has the same exact issue.

A:Combofix Error

Please note the message text in blue at the top of the Am I infected? What do I do? forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. With that said, there are circumstances ComboFix will hang or stall at various stages due to malware interference, failure to disable any other real-time protection tools and CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. While that is not normal behaviour, it is not unusual. In such cases, it is helpful to know at what stage CF stalled and to provide that information to the Helper who is assisting you so they can investigate.If you need assistance with your malware infection, please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT h... Read more

Read other 1 answers
RELEVANCY SCORE 38

Below is a log from my combofix scan - I have infections in .ddl files - how do I get them 'resolved'?

ComboFix 09-11-29.02 - Administrator 11/29/2009 18:08.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.255.154 [GMT -5:00]
Running from: c:\windows\TEMP\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ac3_0010.exe
C:\mte3ndi6odoxng.exe
c:\progra~1\COMMON~1\{28301~1

c:\progra~1\COMMON~1\{38301~1

c:\program files\deskbar

c:\program files\deskbar\inst.bat

c:\program files\internet optimizer

C:\rdfx4.exe

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\nem220.dll

c:\windows\smdat32a.sys

c:\windows\smdat32m.sys

c:\windows\start.exe

c:\windows\system32\clrviddc.dll

c:\windows\uninst2.htm

c:\windows\unist1.htm

c:\windows\Web\default.htt



c:\windows\system32\qmgr.dll . . . is infected!!



c:\windows\system32\comres.dll . . . is infected!!



.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.



2009-11-21 20:28 . 2009-11-21 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2009-11-08 23... Read more

Read other answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-15 19:57:40 - ComboFix 07-07-16 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue2007-07-15 13:08 51,200 --a------ C:\WINDOWS\nircmd.exe(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-11 21:51:13 -------- d-----w C:&#... Read more

A:Error Using Combofix.exe

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 3 answers
RELEVANCY SCORE 38

Okay, I'm just looking to pick up a couple ideas from the kind and wonderful people here.

I use combofix fairly regularly with my job, I'm lead tech for a small district of a large corp. and I was introduced to combofix a couple years ago and found that it simplifies the cleanup and removal of certain malware to where I can take care of them in mere moments.

And so I had a customer with sysguard on it, sysguard is not a new bug, nor is it exceptionly bad, just annoying. Program wise its actually very similar to smitfraud, and can be removed using some of the same tactics. But combofix can kill it in one fell swoop, unfortunately when I ran it this last time I received the error Not Admin when it started scanning. I went though everything I could think of to find where this permission error was coming from, but its WinXP MCE sp3, there are not a lot of choices inside the Administrator Account in SafeMode.

I went and manually removed the hoaxware, much more time consuming. I decided to try combofix again just to see if the bugger was what was stopping it from running, but I get the same error. Everything else I have runs fine, even the batch and com tools that I have.

So, anyone with information would be good. I unfortunately will not be able to post any logs as I do not have access to the computer anymore. I'm mostly looking for ideas that i can try in case I run into this again.

Read other answers
RELEVANCY SCORE 38

Ok so we are getting the following error on 20+ pc's on a domain based network. We get this error on basically every PC we log into and run combofix on. We have tried MANY rootkit removal utilities with no luck. (ie malwarebytes, combofix, sdfix, rootkit revealer, Trend rootkit, mcafee rootkit, superantispyware, etc...) The server has also been scanned... We've deleted the users profiles on the server and on the local PC's, we've even completely reloaded a PC and added it back to the domain and the message came back immediately after running combofix on a clean profile. After the error pops up it prompts us to reboot the computer and then it runs combofix again and finds nothing. If we wait a little while after that it comes back up again... If anyone has seen this or has any input it would be greatly appreciated!

A:Combofix error

Hello and welcome to BleepingComputer.I take it this is about a corporate network? If so, you really should consider a reformat or having the IT department taking this down. We cannot possibly work on 20 computers at a time in this forum. Besides, while cleaning one computer, malware would spread through the network and reinfected it, and so undo all our work.To have a chance to successfully clean all machines, you will need to isolate all of them, make sure all of them are completely clean as well as any removable storage and only after that reconnect the computers.

Read other 2 answers
RELEVANCY SCORE 38

trying to run combofix and it starts up fine but before it does any "Completed stages" it says "\Microlab\Searchengin\ was unexpected at this time." and just has a flashing cursor.

Any ideas!?
 

A:combofix error

Read other 16 answers
RELEVANCY SCORE 38

I've read a bunch of old topics and tried following the same instructions and I'm still having problems.  
 
Malwarebytes freezes half way through the run.  I tried in safemode I get the same thing.  I tried combofix and I keep getting run errors/extract errors.  I read a lot of topics where people were having similar problems.  The only addition to mine is my hard drive is constantly saying low disk space.  Its no where near low, If I delete one or two things totally a few gigs within 20 minutes my disk space is back to 0 kb again.  
 
Please help! Much appreciated! .
 
Moderator Edit: Moved from Windows 7 forum to a more appropriate forum since Combofix did not run
Roger

A:Combofix Error + Malwarebytes Error

Hello -
Only because this is program specific, please post it to the Malwarebytes General Forum area linked below
 
https://forums.malwarebytes.org/index.php?s=9e6d8926279a7354514504570a27a007&showforum=41
 
They would be the better people to deal with this at the moment -
 
Thank You -

Read other 5 answers
RELEVANCY SCORE 37.6

Greetings luca_buratti and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================Ground Rules:
First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you enc... Read more

A:ComboFix Syntax Error

Greetings,===================================================3 Day BumpIt has been more than 3 days since my last post.Do you still need help with this?If after 48hrs you have not replied to this thread then it will have to be closed.

Read other 3 answers
RELEVANCY SCORE 37.6

Recently just downloaded combofix and going to run it on a computer here but receive the error:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error
---------------------------
OK
---------------------------

Tried it on my workstations and it gets the same thing as well. Is there a workaround?

A:Combofix - NSIS Error

Nevermind, looks like the issue has been resolved!

Read other 18 answers
RELEVANCY SCORE 37.6

Mod Edit: Do nothing else until you get a reply.. I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum for proper assisstance ~~ boopmeOK, i was have problem with my computer "Window 7 internet security" Malware so i used "rkill" and then my computer was having redirect to scour.com site virus. so i just downloaded from a blog something called "ComboFix". so I just ran it without any of knowledge. now ComboFix is having error during process and i searched on google and it is stated dangerous program and now i am panicing.on ComboFix window it says-----------------------------------------------------------------------------Re booting Windows . . . Please waitPlease allow ComboFix to reboot the machine.WARNING !! Do not manually reboot the machine yourself driver loading error dis not found C:W(not W but the W with cross on middle)please note that you need administrator rights to perform deep scan-----------------------------------------------------------------------------now I am stuck not knowing what to do. please help me outI use windows 7 btw and there is nothing behind the screen window no folders no files just window of ComboFix

A:I used ComboFix and there is an error during process

Are you still having problems?

Read other 2 answers
RELEVANCY SCORE 37.6

Hi

I had a similar problem to the guy over here:
http://forums.techguy.org/malware-r...68-post-virtumonde-cryp_morphine-removal.html

I have Windows Vista Ultimate SP1 32bit if that helps.
I have 2 x 500Gb hard drives in RAID0 partitioned to a C and D drive, C being the primary Windows Drive and D being where I backup all my work etc...

Full hardware specs:
Intel Core 2 Quad Q6600 @ 3.41Ghz
2x2gb OCZ Reaper [email protected] 5-5-5-12
2x500Gb Western Digital GreenPower (More info above)
Gainward 8800GT 1Gb Golden Sample
Coolermaster Real Power Modular 800W

I followed the instructions, it all went well until I tried combofix.exe

It asked for a restart and as one of the posts said to expect this, I allowed it to happen, upon Windows restarting and the login screen appearing, I proceeded to enter my password and sat back waiting the spinning circle to do its work.

Then came the error, "Error: The handle is invalid." and a "OK" button underneath it.

So I simply tried again with same results. So then I went to hit the restart button on the bottom right hand corner, but the problem was that the button animated (glowing as I clicked it) but nothing happened.

Restarted computer and tried all the safe modes with same results.

What went wrong? How can I fix it? Oh and I can't really provide any logs as I can't log on, I am writing this thread on another computer.

I seriously need to access my work and everything on it. The best scenario is th... Read more

A:combofix.exe winlogin error

Ok, Hi everyone again.

Today I tried to fix this and I fixed it. Can someone tell me how to find 'Last Known Good Configuration' as the first few times I got the boot menu I didn't get that option, and how do I get the boot menu without hitting the physical reset switch when the computer is on? Thanks

Oh and I can't enter my Combofix log as it is too large...
 

Read other 1 answers
RELEVANCY SCORE 37.6

So I've been getting an error 132 when I play WoW. I was told to run combofix, but I don't know how to read the log. I was wondering if there is anything that needs to be removed. Thanks in advance.

Here's the log that I received:

ComboFix 11-04-01.01 - jon 01/04/2011 20:24:33.1.4 - x64
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.2.1033.18.8190.6439 [GMT -7:00]
Running from: c:\users\jon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 03:30 . 2011-04-02 03:30 -------- d-----w- c:\users\jon\AppData\Local\temp
2011-04-02 03:30 . 2011-04-02 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 02:50 . 2011-04-02 02:50 -------- dc-h--w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-02 02:50 . 2011-04-02 02:50 -------- d-----w- c:\program files (x86)\Uniblue
2011-04-02 02:50 . 2011-04-02 02:50 -------- d-----w- c:\users\jon\AppData\Local\PackageAware
2011-04-02 00:38 . 2011-04-02 00:38 431104 ----a-w- c:\windows\system32 ... Read more

A:Error 132 in WoW - Combofix log included

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 37.6

I've got a machine running Vista Home premium, SP1. When I try to run a cmd prompt with administrator mode, using anyone of the methods to get there, I get a few error messages with Combofix, saying that I need administrative rights to perform this action. It runs all the way thru the checks, with at least one more error during, and 4 or 5 at the end. Any ideas?

A:ComboFix Administrator error

Hi,

I'm sorry for the delay.
Why do you want to run ComboFix? Do you have malware?

I want to inform you that the execution of ComboFix, without supervision from a trained helper, can have very harmful effects on your computer.
ComboFix is a powerful tool, that can, without supervision from one of us, make your system (partly) corrupt. So I advise you to don't use this tool, and our other tools, in the future anymore without supervision.

Read other 1 answers
RELEVANCY SCORE 37.6

I work at an IT help center on a university campus. We offer virus cleanings and other general IT help to students, staff, and faculty. As part of our standard virus cleaning process, we run ComboFix. Starting yesterday, however, ComboFix will not run on any (6 or so machines) of the customers' machines we try to use it on. It stops with the error "Date Error: 2009-11-15, Check your settings."

The only way we have found to get it to run is by taking the customer's machine out from behind the firewall (done this on 3 machines so far). We have a machine running m0n0wall sitting between the switches that the customers' machines connect to and the internet. It has very stringent rules, allowing only ports 53 (DNS), 80 (HTTP), 443 (Secure HTTP), 21 (FTP), and 5722 (Jabber) outgoing.

We have also tried disconnecting the machines from the internet completely before running ComboFix, but that doesn't work either. This is odd, since ComboFix used to run just fine without an internet connection, usually in a reduced mode because the Windows Recovery Console isn't installed.

I found a version of ComboFix we downloaded 11/14/09 at 11:10am EST, and it runs OK right now (tested on 1 machine still behind the firewall).

Would anyone know if ComboFix was recently updated in a way that would cause this error if the computer has no or heavily firewalled internet connectivity?

A:ComboFix: Date Error

There was a recent fix and update for ComboFix. It was taken offline for a short time and brought back up... This topic mentions the issue.. http://www.bleepingcomputer.com/forums/t/270612/broken-link-for-combofix/

Read other 4 answers
RELEVANCY SCORE 37.6

Hi
I just tried ComboFix on Windows 8.1 in Safe Mode and it wouldn't run.
It says "windows 2000 is no longer supported".
Anybody else had this problem and is there a workaround or fix?
Thanks

A:ComboFix error on Windows 8.1

ComboFix is not compatible with Windows 8.1 yet so you cannot get it to run. If you attempt to use ComboFix on 8.1, it should provide a message alert: ComboFix is not meant to run in 'Compatibility Mode' and exit. This message is intentional by design when attempting to run ComboFix on Windows 8.1.sUBs has recently advised that he is holding off releasing any working version of his tools for Windows 8.1 which includes both ComboFix and DDS. Meaning he is fully aware of the compatibility issue but needs time for thorough testing to ensure it works safely on that OS.

Read other 17 answers
RELEVANCY SCORE 37.6

ComboFix downloaded from bleepingcomputer throws an NSIS error (v 11.10.1.3 and 11.9.30.5).

When downloaded from infospyware, it runs successfully, but is an older version (11.9.26.2).

OS: XP Professional
Browsers: IE8 and Firefox on a non-infected machine. Caches cleared.

The target machine has been infected with Open Cloud Security. The older version of ComboFix deleted a number of infected files including some rootkit stuff, but I am concerned that without the latest version, some components may have been missed. The Open Cloud authors have apparently been modifying their strategy, as much of the advice online refers to component names that were not present in my case.

ComboFix was downloaded on a non-infected machine and transferred via USB stick.

Error message:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error

A:ComboFix -- NSIS error

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

Read other 1 answers
RELEVANCY SCORE 37.6

My Laptop appears to have been infected with a Ransom/Highjack Virus. I cannot access the Internet with any of four browsers. I managed to rid the system of popups (using Stopzilla) but still cannot access the Web. When I try to download Combofix from a thumbdrive form another computer, I get an Error Message that my XP system is incompatible with the Combofix download, although I think I am using the correct Combofix XP link.

I'd appreciate receiving a Combofix link that is definitely compatible with XP....and a solution for downloading it to my machine. I suspect that the virus may be creating this obstacle to downloading in addition to the other problems, but I am not sure.

Thanks for your help!

A:Combofix Incompatible Error

Hi Stephen,Welcome to BleepingComputer. Do you have a 64-bit Operating System?Additionally please be aware of the following:IMPORTANT!: No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. With that said, please read the pinned topic ComboFix usage, Questions, Help? - Look here. ComboFix logs, where should I post them?ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Usi... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

When installing combofix I get the following popup :!! ALERT !! It is NOT SAFE to continue.The contents of the ComboFix package has been compromised.Please download a fresh copy from:http://www.bleepingcomputer.com/combofix/how-to-use-combofixNOTE: You may be infected with a patching virus 'Virut'I have tried redownloading combofix, no help. I have not found anything that will help me find 'Virut'and how to clean it. Any Suggestions ?

A:Error installing Combofix

As ComboFix is only intended for use under the guidance of a Helper Trained in its correct use, may one suggest you return to that Helper for guidance?

Read other 2 answers
RELEVANCY SCORE 37.6

hello guys, i have been using combofix for sometime now with great success. I recently downloaded the latest version, but any time i want to run it, it gives me - "Date error Thur 07/09/2008 , check your settings". I have changed my date back and forth without success.
Please, I need help. Combofix is all i've got.

Read other answers
RELEVANCY SCORE 37.6

I ran combofix after it was complete it said something like, let combofix reboot your PC. It stayed like that for a while so finally i just hit the power button.

Now I get an error at boot up:

STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\SystemRoot\System32\Config\Default or its log or alternate.
It is corrupt, absent, or not writable.

Beginning dump of physical memory.....................

I tried "last known good configuration" , same problem. Safe mode doesnt work either.

Any ideas?

A:Ran Combofix, Now Registry Error

I booted off the windows xp cd into recovery console and ran this command copy c:\windows\repair\default c:\windows\system32\config\default

It also seems like the virus is gone

Read other 2 answers
RELEVANCY SCORE 37.6

Mods: If this is better posted somewhere else then please feel free to move it.

I had a Dell notebook which I had worked on before and after running CCleaner, MalwareBytes, Spybot S&D, Windows Security Essentials (each of which found a lot of really nasty stuff) and updating SpywareBlaster it still had some problems which none of the previous programs would detect, and after they all gave it a clean bill of health I knew something was still wrong. I then used my trusty ComboFix program which for the first time ever refused to run and gave a variety of weird error messages about "can't run on a 64-bit system", "can't run with AVG installed" and other similar things.

Well, since the computer had the Vista Home Premium SP2 32-bit OS on it and didn't have AVG installed I knew something was Rotten in Denmark so I went back to the BC forums and found the TDSSKiller, which I downloaded and ran. See the log below for the results:

2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0961 3400 Scan finished
2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0977 4188 Detected object count: 1
2011/03/31 17:53:34.0646 4188 mouclass (0e6be2ddff3e98f92e465a4cdc886e5a) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 17:53:34.0646 4188 Suspicious file (Forged): C:�... Read more

A:ComboFix Gives Error Messages And Won't Run

This is not a ComboFix log and the small portion of it I posted is for illustrative purposes only; I am not asking for any help, just sharing my experience. I hope that is not a violation of the rules...

Read other 3 answers
RELEVANCY SCORE 37.6

Hi,
I ran combofix on my laptop and when it completed it gave me a error log report and I have no idea what it means. Can someone please help me with it? I have attached the report. I don't know what I need to do next, any help would be appreciated. Thank you

A:Combofix Error log report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

Hello: I am getting a error of Can not export RegRuns00: Error opening the file. There may be a disk or file system error. This occurs when I run the program Combofix on my Windows XP home system. Can anyone give me any help with this?
Thanks and have a great day!!

A:RegRunns00 combofix error

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

Read other 2 answers
RELEVANCY SCORE 37.6

My daughter has managed to acquire some type of malware which behaves much like Vundo... however, since I'm a bit rusty on my skillz, I can't be exactly sure.

Description of symptoms:

Will not connect to the home network any longer, either wireless or wired. When LiveMessenger fails to connect, troubleshooting shows an invalid IP address...when I run IPCONFIG, it states there's an internal error.

AVG Anti-Virus modules will not run.

Spybot S&D will not run

Downloaded Malware Antibytes but the program will not install. The process is in Task Manager, but is "hung" and will not initiate.

Downloaded Combofix from a link in this forum. When executed, it drops to the DOS box, then comes up with Date Error. The date presented is the current, correct date, yet it states to Check Your Settings.

Ran The Comedian which gave me a valid ERUNT, but would not set a restore point.

And, last but not least, HJT will not install.

Um.. help?

A:Combofix Date Error?

Ok.. found the rename trick for MBAM... had to even go ren the exe in Program Files/Malware Antibytes folder but its currently running... we'll see.. If it works, someone may want to make a sticky out of that lil trick..

Read other 52 answers
RELEVANCY SCORE 37.6

I ran ComboFix on a Toshiba laptop running Windows Vista. It now keeps rebooting itself. Can anyone help?

A:Combofix Error - PC Keeps rebooting

As you have found out, Combofix is a powerful tool. This is the reason for the disclaimer that tells you not to use it unless supervised by a HJT team member. Combofix is not to be used outside of the HJT forum. I would recommend posting there and see if one of the team members can help you

Read other 1 answers
RELEVANCY SCORE 37.6

Hi,

Could you please help me fix the Google redirect virus on my laptop?

Thanks in advance

A:ComboFix Log Error Report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

I just downloaded the new verison of Combofix this morning with Admin mode, Then it gave me an Syntex Error, then froze my computer.

Is there something wrong with the new Combofix download?

**Oh and the verison of the Combofix is 13.1.21.02

A:Combofix Syntax Error

ComboFix usage, Questions, Help? - Look hereHello -Please start with the above Instructions and Disclaimers that are listed with this delicate tool.It is not always available and can be removed or altered by the developer at any time, without notice -Thank You -

Read other 1 answers
RELEVANCY SCORE 37.2

Hi, my apologies as I don't think I'm following protocol exactly. Unfortunately I was doing some remote troubleshooting and won't get my hands on the computer till tomorrow. I was hoping to get a head start with any help someone may be willing to offer. The computer got some malware. I ran combofix and then after it completed, my ethernet card stopped working properly. I'm seeing internal error when I use ipconfig. Below are the logs for combofix. Thanks for your help

Run 1:
ComboFix 11-12-15.02 - nick 12/15/2011 17:34:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1981.1659 [GMT -5:00]
Running from: c:\documents and settings\nick\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\nick\System
c:\documents and settings\nick\System\win_qs8.jqx
c:\windows\$NtUninstallKB21922$\1978424383
c:\windows\$NtUninstallKB21922$\336282025\@
c:\windows\$NtUninstallKB21922$\336282025\bckfg.tmp
c:\windows\$NtUninstallKB21922$\336282025\cfg.ini
c:\windows\$NtUninstallKB21922$\336282025\Desktop.ini
c:\windows\$NtUninstallKB21922$\336282025&#... Read more

A:After combofix I get network internal error

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432676 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 37.2

a few days ago i used combofix (yeah i know it was a bad idea)and then everything seems to be falling apart.

I own a Asus laptop N53S series with Nvidia GT540M graphic card. I was able to play games on high settings like Shogun 2 and Gta IV other day. But after combofix something got really wrong and now I can't play games even as the ones as Gothic 3. I think combo deleted some of the essential files that I require and I did re-install all of graphic drivers over and over again. no luck yet. Here's the log. file. I can't restore my system cuz I don't have any date of it. So I'm looking forward to your solutions about this matter (I hope it doesn't come to a comlete system format) thanks a lot and sorry for my bad english.

A:Another Combofix graphic error on Windows 7

I would try a repair installation. Note: you must do this from inside windows. Here's the instructions- Repair Install - Windows 7 Forums

Read other 3 answers
RELEVANCY SCORE 37.2

I had this redirect virus "Google Virus" So I ran ComboFix and went all good, no more redirects but this error.. "illegal operation attempted on a registry key that has been marked for deletion" I can't use no apps, I have to run Opera as "Run as admin" So when I try to click something like Control Panel or an .Mp3 that error "illegal operation attempted on a registry key that has been marked for deletion" would show up..

So if anyone can help me, please! I be waiting..

Read other answers
RELEVANCY SCORE 37.2

I have tried to remove gxvxccounter with ComboFix, but it gives me an error and the infection remains. ComboFix never gets through all the processes listed in the directions at http://www.bleepingcomputer.com/combofix/h...se-combofix#use. Now when I reboot I get an error that says pev.exe can't run. I'm still getting "Malware Doctor" running and only stops when I delete it through HiJackThis. Taskmanager and Regedit are both disabled. (I can get regedit back through HJT, but not taskmanager) I've run MalwareBytes and it says it was found and removed, but it keeps coming back.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:28 AM, on 5/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\system32\spoolsv.exeD:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\WINDOWS\System32\AshEvtSvc.exeD:\Program Files\Bonjour\mDNSResponder.exeD:\WINDOWS\system32\inetsrv\inetinfo.exeD:\Program Files\Java\jre6\bi... Read more

A:ComboFix Error - gxvxccounter infection

Hello rbr451,Welcome to Bleeping Computer.Sorry for delayed response. Forums have been really busy. My name is fireman4it and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.I will be analyzing your log. I will get back to you with instructions after it is approved.Since it has been a little while since you posted originally lets get another look at your machine.1.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. * When done, DDS will open two (2) logs: 1. DDS.txt 2. Attach.txtSave both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

Read other 3 answers
RELEVANCY SCORE 37.2

Hi All,
 
Oh, my first post.  My Name is Todd. Been doing computer consulting for the past 18 years.  Am fluent in Windows, especially Linux (wish I had more Linux customers), and sometimes Apple.  I have a bachleors degree in electrical engineering.  If you have a broken computer and want to pay me to fix it, I figure it out in a hurry.  (I fixed probably the last DOS computer in the county in December.) 
 
Hi everyone!
 
Help!
 
I have a customer with XP Pro SP3.  When I went to install Kaspersky Endpoint Security (kes10win_10.1.0.867en.exe), I got three prompts telling me c:\windows\system32\grpconv.exe was locked.  So I uploaded grpconv to virustotal and got told nothing was wrong with it.  I was able to click past the prompts. 
 
Unlocker said grpconf was locked to explorer.exe
 
Suspecious, I ran GMER root kit revealer from http://www.gmer.net.  Found nothing.  Not satisfied, I ran combo fix.  Got to the "it takes 10 minutes..." message and then nothing.  So I left it run overnight.  ComboFix never started counting.  And, in the morning, the machine was frozen.
 
Her machine is running slow and weird too.  I am so suspecious.
 
I found this on the web: http://www.securitystronghold.com/gates/grpconv.html
But I smell a rat.
 
What would you do next?
 
Is there a way to run Combo Fix from a PE disk?  (Virus would be off.)
 
I wou... Read more

A:grpconv error installing AV and ComboFix won't run

Good morning .
 
This forum does not deal with malware issues...it focuses solely on problems which are possibly linked only to the O/S.  Since that is the focus here, I can only try to move this to the appropriate forum.
 
<<Her machine is running slow and weird too>>
 
Since the system appears to be bootable/accessible....I suggest that you follow the guidance reflected in Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and post the DDS log in that forum.  If you have a ComboFix log, you might also attach/insert that into the new topic you initiate in the Malware Removal Logs forum.
 
DO NOT run Combofix again unless instructed to do so by your Helper in the MRL forum.  Please be sure to include a description of your system issues and whatg you have attempted to resolve them.
 
If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.
 
Louis

Read other 1 answers
RELEVANCY SCORE 37.2

Hi,
I also used CombiFix at a friends recommendation. I uninstalled it. I keep getting "Cannot find Combofix/HIDEC.exe" error msg at startup and also about once every 2hrs. Followed your instructions on anther thread to manually uninstall. It was not there. Used "Autoruns" prog as suggested but couldn't find any related entries.
Whats next to remove this annoyance?
Thanks
mannshands

A:Cannot find Combofix/HIDEC.exe error msg

Did you try Grinler's advice on killing the service associated with this-http://www.bleepingcomputer.com/forums/t/230204/cannot-find-ccombofixhidecexe-on-startup/

Read other 3 answers
RELEVANCY SCORE 37.2

I've tried to download combofix several times but it gives me an error message each time; therefore, I downloaded AdWcleaner, the first time it scanned and removed items but I've tried to scan again with ADW but it keep giving me an error message. My computer was fine until my daughter tried to update to Windows 8 and added adware, malware, etc. What do I do, my computer is at risk?

A:Combofix download gives error message

g'day sbeckham , and Welcome to BC
 
Do not run Combofix without supervision.
 
You are obviously infected.....please describe the problems you are having with your computer.

Read other 4 answers
RELEVANCY SCORE 37.2

Has combofix gone out of production or unavailable? My copy os out of date and everywhere I go to get it is empty.

tyvm
Chuck

A:Combofix Download "error 403 Forbidden"

Hello ChuckGeeWelcome to BleepingComputer ========================Combofix is temporarily down for now if you need assistance please do the following:Click here to download HJTInstall.exeSave HJTInstall.exe to your desktop.Doubleclick on the HJTInstall.exe icon on your desktop.By default it will install to C:\Program Files\Trend Micro\HijackThis .Click on Install.It will create a HijackThis icon on the desktop.Once installed, it will launch Hijackthis.Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Read other 4 answers
RELEVANCY SCORE 37.2

hi guys,
 
every times i can try to start combofix i receive this error:
 
error writing c:\32788R22FWJFW\023.dat
 
how can i solve it?? in attach you can find files of FRST run
 
thanks in advance

A:Combofix error writing c:\32788R22FWJFW\023.dat

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset

IFEO\OSPPSVC.EXE: [Debugger] [email protected]
IFEO\SppSvc.exe: [Debugger] [email protected]
GroupPolicyScripts\User: Restriction <======= ATTENTION
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-659278387-4063673583-625817836-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL No Fil... Read more

Read other 6 answers
RELEVANCY SCORE 37.2

Hi everyone!
Help!
I have a customer with XP Pro SP3.  When I went to upgrade Kaspersky Endpoint Security (kes10win_10.1.0.867en.exe), I got three prompts telling me c:\windows\system32\grpconv.exe was locked.  So I uploaded grpconv to virustotal and got told nothing was wrong with it.  I was able to click past the prompts.   The symptoms reproduce with the prior version of KESS (kes8.1.0.831_wksfswin_en.exe)
Unlocker said grpconf was locked to explorer.exe
Suspicious, I ran GMER root kit revealer from http://www.gmer.net.  Found nothing.  Not satisfied, I ran combo fix.  Got to the "it takes 10 minutes..." message and then nothing.  So I left it run overnight.  ComboFix never started counting.  And, in the morning, the machine was frozen.
Her machine is running slow and weird too.  I am so suspicious.
I found this on the web: http://www.securitystronghold.com/gates/grpconv.html
But I smell a rat.
Kaspersky tech support drew a blank.
I downloaded and ran DDS.com to get a report.  I get the scanning screen with the "please wait" and the blocks going across.  The blocks get to about 80% and then nothing for 20 minutes (would have left it longer, but the customer had to power off due to thunder storms).  It is suppose to take three minutes.  CPU was ~6% and dds.com was 0%.
What to do next?
Is there a way to run Combo Fix from a PE disk?  (Virus would be off.)
I would run Kaspersky's Rescue Disk,... Read more

A:grpconv error installing AV and ComboFix won't run

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+
===
Read carefully and follow these steps.
Download TDSSKiller and save it to your Desktop.Double-click on TDSSKiller.exe to run the application.
Click Change parameters
Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Click on the Start Scan button to begin the scan and wait for it to finish.
NOTE: Do not use the computer during the scan!During the scan it will look similar to the image below:
When it finishes, you will either see a report that no threats were found like below:

If no threats are found at this point, just click the Report ... Read more

Read other 5 answers