Over 1 million tech questions and answers.

I used ComboFix and there is an error during process

Q: I used ComboFix and there is an error during process

Mod Edit: Do nothing else until you get a reply.. I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum for proper assisstance ~~ boopmeOK, i was have problem with my computer "Window 7 internet security" Malware so i used "rkill" and then my computer was having redirect to scour.com site virus. so i just downloaded from a blog something called "ComboFix". so I just ran it without any of knowledge. now ComboFix is having error during process and i searched on google and it is stated dangerous program and now i am panicing.on ComboFix window it says-----------------------------------------------------------------------------Re booting Windows . . . Please waitPlease allow ComboFix to reboot the machine.WARNING !! Do not manually reboot the machine yourself driver loading error dis not found C:W(not W but the W with cross on middle)please note that you need administrator rights to perform deep scan-----------------------------------------------------------------------------now I am stuck not knowing what to do. please help me outI use windows 7 btw and there is nothing behind the screen window no folders no files just window of ComboFix

RELEVANCY SCORE 200
Preferred Solution: I used ComboFix and there is an error during process

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: I used ComboFix and there is an error during process

Are you still having problems?

Read other 2 answers
RELEVANCY SCORE 49.2

Combofix freezes at the screen just after it says scanning for infected files but before Completed Stage 1 should appear. If I look at the running processes, the combofix process (in this case rmbr.cfxxe) is using about 50% of the CPU and System Idle the other 50%. I cannot end the process and only a hard shutdown will stop it. Running it from safemode has the same result. I tried stopping every other process before running combofix and also after combofix was already frozen (or busy a better word?). I have disabled the antivirus beforehand.I ran gmer while in safe mode and here are those results (below). Running the most recent version of GMER froze just like combofix. I ran it from the Live CD and it found nothing. I suspect combofix is fighting whatever is infecting my computer. Actually I should say I suspect I'm infected because someone gets my login name to one of my servers soon after I change it, and causes that account to be locked from too many failed login attempts. So I'm assuming I'm infected but no program has found anything and have nothing else suspicious going on. I have scanned with both malwarebytes and superantispyware. I booted from a live CD and scanned with superantispyware but nothing found.ThanksGMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-12-24 19:06:17Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\ERICB~1.BIO\LOCALS~1\Temp\kwtiyuob.sys---- System - GMER 1.0.15 ----SSDT ... Read more

A:Combofix freezes with Process at 50%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

My IT vendor recommended that I run combofix because he identified some virus from his remote connection to our network. He placed it to our shared drive. I ran it from there. Guess that was a bad thing to do because to problems cropped up:

1. All of my date and time settings switched to a year-month-date style which is not standard American issue. We isse month-date-year. Time changed to a European setting as well, unfamiliar to the American use of two sets of 12 to capture the day with AM and PM. I cannot change anything in the bios and have it stick.

2. After I read how ComboFix should work, I realized it never rebooted my computer and perhaps mine is the 1 of a 100 that will be damaged by the product. I don't know what virus had been identified in the first place, but now when I restart computer, it flashes a message from ComboFix too quickly for me to make out the problem.

A:Combofix Won't Reboot And Complete Process

I'm going to move you to Am I Infected? and see if they can help you out. As you discovered. you should not use Combofix without supervisionhttp://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Read other 1 answers
RELEVANCY SCORE 48.8

Hey everyone.. I'm new here, so I apologize if I posted this in the wrong place.

I am an IT Professional and have been using Combofix for over a year and love it. It kills most any problem infection I have run up against - except for a couple of occasions where the nasty virus was preventing combofix from running..

Anyhow.. I use a product to remotely administer my machines. The problem is, when I run ComboFix it always terminates the executable that I use for remote admin, so I usually end up telling the customer to watch and reconnect me when ComboFix has finished running.

Is there a way to launch ComboFix and tell it to leave a certain process or executable image name alone?

Help is much appreciated!!

- Tim

A:ComboFix - possible to exclude a process from termination?

Unfortunately the author of the tool does not want information on how Combofix works on public forums. This is in order to safeguard and protect the integrity of the tool from malware writers. As such, the developer does not want his tool discussed outside of private forums and therefore we cannot answer specific questions. That's the decision by the creator and we will abide by that decision.Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.The only public information that is available can be found at this guide:How to use ComboFixThis link may help answer questions you may have. ComboFix usage, Questions, Help? - Look here~Blade

Read other 2 answers
RELEVANCY SCORE 48

I installed ComboFix to try and figure out why SVCHOST was calling to llnw.net during bootup. I never discovered why but it seems others have this problem. I switched off BITS as I update XP manually.

After installing ComboFix and allowing it to install the XP SP2 Windows Recovery Console I have noticed some issues

1. MSCONFIG has disappeared and cannot be accessed

2. Process Explorer is no longer the default for Task Manager

3. Firefox has to ask if it could be my default browser (it never had to before because it has always been so)

Windows Recovery Console did not work when selected at boot up and gave an error. I have now uninstalled as it could be a security risk.

Anyone know about these issues? What would be the best way to restore the system?

Thanks

A:MSCONFIG & Process Explorer Disappear after ComboFix

Also I discovered that my hosts file, which had been large, was no longer there.

This either happened when using ComboFix or not long before

Read other 2 answers
RELEVANCY SCORE 47.6

At the end of combofix, it tries to reboot itself but freezes there unable to finish the shutdown process. I can manually pop up task manager with ctrl+alt+del and restart the computer, but disrupt combofix process(As a result, combofix will repeatedly find the same issues again and again). Except for the freeze, everything else seems normal. I am using win xp professional with sp2/3 and most windows updates installed. I did google a bit on line, somebody else also complained same thing, but obviously the moderators there didn't realize existence of this issue (most of them thought this to be very serious and directed questioner to make a bootcd). I would really hope the developers will take a look into this issue. Combofix is the last means I rely on when something really mysterious happens in my computer. Now it cannot finish its work, I feel very frustrated. Meanwhile, I really appreciate/admire your work by developing such a nice, quick little powerful thing.Edit: Moved topic from Windows XP to the more appropriate forum.~ Animal

A:combofix is able to find errors, but freezes at the reboot process

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. Per the developer, people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, OTL, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.With that said, there are circumstances ComboFix will hang, crash or stall at various stages du... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}


See this screenshot i made:
http://www.freebits.nl/images/190error_pe.jpg

I did some Google search on came on this website:
process explorer shows "error opening process" - BleepingComputer.com

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

A:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

Read other 5 answers
RELEVANCY SCORE 46.8

New dell n7110/win7sp1x64.At startup on new machine from dell, process explorer (procexp64.exe) lists 81 processes running (seems like way too many - compared to xp with maybe 25 at startup). But which processes I can turn off is a question for another day. OK, read carefully, at least 15 processes in PE show " Path: error opening process". PID, CPU, Private Bytes, and working set columns are shown for these "problem" processes, but nothing after that, ie, description, company name etc. For all other listed running processes (with known paths), all info is shown in all columns. The problem processes include some important ones, services, crss, ism, wininit, winlogon, that must to be working for the computer to work, and everything seems to be working properly, and no cpu spikes or other weird stuff is happening. Right clicking properties on these problem processes, properties window pops up as normal, but shows "version: n/a, build: n/a, path: error opening process, no command line, no current directory, autostart location: n/a, Parent: non existent process (708), user: access denied. Again, this info can not be correct since the computer is working. And then, after a few minutes, another window pops up and says PE has stopped working, and closes the program. Now, if this was the whole story, I would go to sysinternals with this, but read on... Task manager running simultaneously with PE lists 83 processes running, more processes than PE, and al... Read more

A:process explorer shows "error opening process"

Its not a glitch.

Right click on process explorer and select run as administrator

Read other 3 answers
RELEVANCY SCORE 46

Hello forum moderators,My laptop was infected with AntiSpy Safeguard malware. After browsing through various Google results, I ran Malwarebyte and Super Anti Spyware after killing the process using eXplorer.exe. However, I felt that the malware was not completely removed even though the AntiSpy Safeguard did not start on starting my laptop. This was followed by problems where after about 10 minutes of starting my laptop I would receive the message "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." which would make work impossible. Hence, I downloaded and ran ComboFix that generated the following report.Please help me with the next steps.Thank you,Vinay ----------------------------------ComboFix 10-09-30.05 - Vinay 10/06/2010 21:25:15.1.2 - x86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.688 [GMT -4:00]Running from: c:\documents and settings\TEMP\Desktop\Malware\AntiMalware\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\TEMP\Application Data\hotfix.exec:\windows&#... Read more

A:Request for help with ComboFix log for AntiSpy Safeguard and Generic Host Process for Win32 Services

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 22 answers
RELEVANCY SCORE 46

Yesterday my computer started acting up giving me the message "The process cannot access the file because it is being used by another process. ". This happens when I try and install a program or copy a file over itself. I have tried the following measures:1: System Restore (multiple dates)2. avast! full system anti-virus scan3. Windows Defender full system spyware scan4. Webroot Spy Sweeper full system scan5. Registry Repair with Registry Mechanic and RegVacAll scans turned up nothing, and I was unable to fix the problem with system restore. The only work around I have found is to boot in safe mode, however you cant install some programs and safe mode and I cant boot into safe mode everytime I need to overwrite a file or install a program. Does anyone have any clue what could be going on? Thanks in advance for your help! -ClayLogfile of HijackThis v1.99.1Scan saved at 12:21:39 PM, on 7/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

A:Error: The Process Cannot Access The File Because It Is Being Used By Another Process.

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 1 answers
RELEVANCY SCORE 44.4

Logfile of HijackThis v1.99.1Scan saved at 8:31:39 PM, on 23/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\CyberLink\Power... Read more

A:Ad-aware Crashes Into A Blue Screen With Message: Stop:c000021a (fatal System Error) The Window Logon Process System Process Te...

Hi george_527,

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience.

Read other 4 answers
RELEVANCY SCORE 44.4

:( I dont know how to fix this blue screen error. The last thing i did was install outpost firewall. Then i rebooted and it went to the welcome screen. And something detected Winspy2.0 and i removed it. Then i got the BLUE screen message and i cant go into safe mode or "last known good config"
Please! help. Thanks.

A:stop c000021a {fatal system error} the windows logon process system process terminate

does this help your issue with the system.

http://support.microsoft.com/?kbid=316503&sd=RMVP

Read other 1 answers
RELEVANCY SCORE 44

Hi! I got this message of malware (I clicked to remove) during some surfing on firefox and after a while the explorer.exe closes with an error. I try to open it on task manager and it says that explorer can't be found!
I rebooted and then I got this message "c000021A {Fatal System Error}, The initial session process or system process terminated unexpectedly with the status of 0x00000000 (0xc0000034 0x001008ac) The system has been shut down" and can't get anywhere.
I can't even go in safe mode, the same error messages appears!
 

Read other answers
RELEVANCY SCORE 42.8

Hi Everyone
I recently did a System Restore on a Windows 7 Pro 64 bit system to correct a strange problem I was having with IE. It seems to have solved the problem, but now Process Explorer is displaying the messages in the screen shot below, and I'm not sure why. The computer is functioning fine, in fact, since the System Restore it is running like new. Is this something I need to worry about? The computer is a pretty old Dell Optiplex 760 with a 3.0GHz CoreII Duo CPU, a 140GB harddrive, with integrated graphics. I'm not sure what other info might be pertinent

A:"Error opening process" message in Process Explorer

Sorry everyone, I found the answer in another post. Ran Process Explorer as Admin, and the messages disappeared. Thanks for being here

Read other 1 answers
RELEVANCY SCORE 40.8

I posted this earlier but reposted this and erased the old thread because I have more information now and have narrowed down the problem (I hope).

This problem just happened yesterday after I had to manually shut down (used power button) my computer after it froze. Now when I try to load up IE, it "halfway" opens up (you can see parts of the interface) and just freezes. I thought maybe it was an IE problem, but if I try to load up Firefox (even without loading up IE first), nothing happens -- it won't load. I load up the Task Manager and firefox.exe is there as a process even though it hasn't loaded. The only way I did figure out to surf the net is to load up "My Computer" and enter a web address from there manually. But even when I do that, if I click on any link that opens up a new window, IE will try loading that new window up which freezes. Right after this happened, I get a "Generic Host Process for Win32 Services Error" (still do every now and then. I also d/l'd the "patch" for this from Microsoft's website to no avail) which says something about svchost.exe and some other exe's. I think it has something to do with networking because I loaded up "Event Viewer" from the Control Panel and I managed to track down the error I get *each* time my computer starts up These errors I get are *all* dated right after I had to manually shutdown the computer and when the problems began. Here it is:

Source: D... Read more

Read other answers
RELEVANCY SCORE 40.8

I posted this earlier but reposted this and erased the old thread because I have more information now and have narrowed down the problem (I hope).This problem just happened yesterday after I had to manually shut down (used power button) my computer after it froze. Now when I try to load up IE, it "halfway" opens up (you can see parts of the interface) and just freezes. I thought maybe it was an IE problem, but if I try to load up Firefox (even without loading up IE first), nothing happens -- it won't load. I load up the Task Manager and firefox.exe is there as a process even though it hasn't loaded. The only way I did figure out to surf the net is to load up "My Computer" and enter a web address from there manually. But even when I do that, if I click on any link that opens up a new window, IE will try loading that new window up which freezes. Right after this happened, I get a "Generic Host Process for Win32 Services Error" (still do every now and then. I also d/l'd the "patch" for this from Microsoft's website to no avail) which says something about svchost.exe and some other exe's. I think it has something to do with networking because I loaded up "Event Viewer" from the Control Panel and I managed to track down the error I get *each* time my computer starts up These errors I get are *all* dated right after I had to manually shutdown the computer and when the problems began. Here it is:Source: DCOMEvent ID: 10005DCOM got e... Read more

A:Generic Host Process For Win32 Services Error / Dcom Networking Error -- Help!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 12 answers
RELEVANCY SCORE 40.8

My dad recently got me a new hard drive which unfortunately crashed. I put my old hard drive back in and immediately received the AXWIN Frame Window: svchost.exe - Application Error. Under the title it says: the instruction at "0x02baf7a0" referenced memory at "0x02baf7a0". The memory could not be "written". It then gives you the option to terminate or debug, both result in the computer rebooting after a countdown. Upon the restart the computer shows the generic host process win32 message that says this process was closed. After having the computer back up for about 5 minutes the AXWIN error comes back and the process will repeat itself if you respond to the error. If you leave the window up you can continue using the computer with no visible problem.When using google or yahoo searches: clicking a search result's link will redirect me back to google.com after momentarily skipping over another random website. Sometimes opening the link in a new tab will allow me to get to the desired website.Here are my logs. Thanks for any help that you can give.DDS (Ver_09-12-01.01) - NTFSx86 Run by JPC at 16:23:10.68 on Thu 02/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.101 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C... Read more

A:AXWIN svchost.exe error, generic host process win32 error, google redirect

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 5 answers
RELEVANCY SCORE 40.4

I'm having a problem with my sister in law's computer. Originally, she had that annoying XP 2008 virus/spyware, which I think I managed to get rid of with Malwarebytes' Anti Malware and System Mechanic 7. Now I have a new problem. After receiving a recent download from microsoft, upon restarting, I get the blue screen of death with this message;

STOP: C000021a (Fatal System Error) The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000)

I can't get anywhere into Windows, I've done F2, F8, F12, everything I could think of without risking more damage since I'm not trained for this. I've booted from the system mechanic CD with the Hard Drive recovery, and while it said it found and fixed a problem, it didn't fix this one. I have no windows CD. The computer is a Dell, and it's running Windows XP service pack 2 with Explorer 6. Heeeeeelp! Other than the F keys, I can't get anywhere with this computer.
 

A:Error Message blue screen of death C000021a Fatal System Error Windows Logon Process

Read other 9 answers
RELEVANCY SCORE 40

Hi,I am wondering whether combofix.net and combofix.org are GENUINE sites to download ComboFix.There's no Impressum and the whois-info is private registered.Just wanted to know.Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

A:Is combofix.net and combofix.org GENUINE Site to download ComboFix?

Please Take a look here: ComboFix usage, Questions, Help? - Look hereSpecifically the link to the combofix disclaimer image. AlsoThere are only two sites that are authorized for combofix, which are shown in red in the last quote box.

Read other 3 answers
RELEVANCY SCORE 40

While browsing the Internet, I came across a website while searching
for
something. A message came up from IE warning me this could be a
phising
site. I quickly left the site. I cleared cookies and ran Ad-Aware. PC
seemed
fine. Recently, I could not get onto the Internet with either IE or
Firefox.
I ran WinsockXPFix and was able to get onto the Internet. This error
message
comes up right away when the PC gets to the desktop: Generic Host
Process for
Win32 Services has encountered a problem and needs to close. For
Windows
Firewall, the message is could not start the Windows Firewall/Internet
Connection Sharing service on Local Computer. Error 5: Access is
denied. I
ran Ad-Aware again and used Trend Micro's Online program. They both
just
found cookies. I have followed the steps from these websites:
http://windowsxp.mvps.org/sharedaccess.htm ,
http://support.microsoft.com/kb/892199/en-us

I still am having issues. Any suggestions will be greatly appreciated.

From the first website, this is what I did:
Download sharedaccess.reg (only for systems running Windows XP Service Pack 2) and save to Desktop. Then double-click the file to merge the contents to the registry. The Services entry will be created. Restart Windows (mandatory step, otherwise the following NETSH command will display an error message).

After restarting Windows, run this from Command Prompt (cmd.exe)

NETSH FIREWALL RESET

Launch firewall applet from Control Panel, and then configure your Windows Firewall s... Read more

A:Solved: Process error and Windows Firewall Error

Read other 16 answers
RELEVANCY SCORE 38

trying to run combofix and it starts up fine but before it does any "Completed stages" it says "\Microlab\Searchengin\ was unexpected at this time." and just has a flashing cursor.

Any ideas!?
 

A:combofix error

Read other 16 answers
RELEVANCY SCORE 38

I was advised to run ComboFix as a possible solution to the problem that I'm having accessing some files (Access is Denied) and activating command lines such as chkdsk, where I am told that I do not have sufficient privileges.

I am the administrator on a private pc.

Unfortunately I did not read the instructions regarding preparation so I do not have a helper. The DDS does not download, but I have attached the log report.

Can anyone pls advise what I should do? There is no change in the problem of file access and privilege level.

A:ComboFix error

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461730 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 38

I downloaded the newest version of Combofix on 7/8/10. When it is run it detects a Rootkit. I say OK to reboot. XP hangs during shutdown. After 4 hours it still has not shut down and rebooted. If I do a cold boot Combofix then runs but finds no problems and deletes nothing upon completion. If I reboot and run ComboFix again the same thing happens (finds a Rootkit but hangs during reboot). I put a different hard drive with XP that I know if be malware free. When Combofix is run it has the same exact issue.

A:Combofix Error

Please note the message text in blue at the top of the Am I infected? What do I do? forum. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here. With that said, there are circumstances ComboFix will hang or stall at various stages due to malware interference, failure to disable any other real-time protection tools and CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. While that is not normal behaviour, it is not unusual. In such cases, it is helpful to know at what stage CF stalled and to provide that information to the Helper who is assisting you so they can investigate.If you need assistance with your malware infection, please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT h... Read more

Read other 1 answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran atf cleaner,ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-16 17:36:43 - ComboFix 07-07-16.4 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))2007-07-16 16:59 <DIR> d-------- C:\WINDOWS\LastGood2007-07-15 22:57 51,200 --a------ C:\WINDOWS\nircmd.exe2007-07-15 22:00 <DIR> d-------- C:\WINDOWS\pss2007-07-15 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue((((((((... Read more

Read other answers
RELEVANCY SCORE 38

Hi all, i am getting a error message using combofix.exe the error message reads ""0x7c9111e0 referenced memory at 0x006c0079 could not be read""i have no clue what this means maybe someone can give me a hand. Before running the combo fix i ran ad-aware se, and super anti spyware then i ran a avg antivirus scan and then the combofix and then hijackthis, at the end (all was done in safe mode).i will post a logged file of the combofix to see if someone can help me out. Thanks."CraZy LoC" - 2007-07-15 19:57:40 - ComboFix 07-07-16 - Service Pack 2 NTFS [SAFE MODE]((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))2007-07-15 16:00 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-07-15 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2007-07-15 15:46 <DIR> d-------- C:\Program Files\Trend Micro2007-07-15 13:36 <DIR> d-------- C:\DOCUME~1\CRAZYL~1\APPLIC~1\Uniblue2007-07-15 13:08 51,200 --a------ C:\WINDOWS\nircmd.exe(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-11 21:51:13 -------- d-----w C:&#... Read more

A:Error Using Combofix.exe

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 3 answers
RELEVANCY SCORE 38

Hi,

I ran combofix in my laptop (OS Win 7). After that I am getting error whenever trying to open files... Err!: "Illegal Operation attempted on a registry key that has been marked for deletion. Help me!!!

Urgent Please

A:error after combofix

Hi Team,

I would like to remove this as the issue is been resolved. I have reinstalled the IE and issue resolved completely... Hope you can recommend this for others also...

Read other 2 answers
RELEVANCY SCORE 38

Hey guys:I ran combofix and got this error right after the log window:Could Not Find C:\WINDOWS\system32\drivers\Combo-Fix.sysI don't know if the program is finished running or not because that screen just sits there.I'm not sure if I should close the window or not? ThanksEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix error

This is why we have warnings posted and recommend that you do not run it on your own.
I will see if I can find an answer for you

Read other 6 answers
RELEVANCY SCORE 38

Below is a log from my combofix scan - I have infections in .ddl files - how do I get them 'resolved'?

ComboFix 09-11-29.02 - Administrator 11/29/2009 18:08.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.255.154 [GMT -5:00]
Running from: c:\windows\TEMP\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ac3_0010.exe
C:\mte3ndi6odoxng.exe
c:\progra~1\COMMON~1\{28301~1

c:\progra~1\COMMON~1\{38301~1

c:\program files\deskbar

c:\program files\deskbar\inst.bat

c:\program files\internet optimizer

C:\rdfx4.exe

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\nem220.dll

c:\windows\smdat32a.sys

c:\windows\smdat32m.sys

c:\windows\start.exe

c:\windows\system32\clrviddc.dll

c:\windows\uninst2.htm

c:\windows\unist1.htm

c:\windows\Web\default.htt



c:\windows\system32\qmgr.dll . . . is infected!!



c:\windows\system32\comres.dll . . . is infected!!



.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))

.



2009-11-21 20:28 . 2009-11-21 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2009-11-08 23... Read more

Read other answers
RELEVANCY SCORE 38

Ok so we are getting the following error on 20+ pc's on a domain based network. We get this error on basically every PC we log into and run combofix on. We have tried MANY rootkit removal utilities with no luck. (ie malwarebytes, combofix, sdfix, rootkit revealer, Trend rootkit, mcafee rootkit, superantispyware, etc...) The server has also been scanned... We've deleted the users profiles on the server and on the local PC's, we've even completely reloaded a PC and added it back to the domain and the message came back immediately after running combofix on a clean profile. After the error pops up it prompts us to reboot the computer and then it runs combofix again and finds nothing. If we wait a little while after that it comes back up again... If anyone has seen this or has any input it would be greatly appreciated!

A:Combofix error

Hello and welcome to BleepingComputer.I take it this is about a corporate network? If so, you really should consider a reformat or having the IT department taking this down. We cannot possibly work on 20 computers at a time in this forum. Besides, while cleaning one computer, malware would spread through the network and reinfected it, and so undo all our work.To have a chance to successfully clean all machines, you will need to isolate all of them, make sure all of them are completely clean as well as any removable storage and only after that reconnect the computers.

Read other 2 answers
RELEVANCY SCORE 38

hi guys,
 
every times i can try to start combofix i receive this error:
 
error writing c:\32788R22FWJFW\023.dat
 
how can i solve it??
 
thanks in advance

A:error of combofix.exe

Hello and welcome to BC,
 
Please read this topic about Combofix: ComboFix usage, Questions, Help? - Look here
 
You can get an expert opinion by asking for help in the Virus, Trojan, Spyware, and Malware Removal Logs forum. You will need to follow instructions in the Preparation Guide. 
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
 
 
Let me know if you need any help with that. 

Read other 4 answers
RELEVANCY SCORE 38

I recently was infected by a virus so I ran Malware Bytes which usually takes care of any viruses pretty well. After it scanned there was one that it said it could not be removed so I assumed it was one that would be cleaned upon reboot. I scanned again anyway after reboot several times but it comes back with nothing but my browsers keep redirecting to random sites. Previously to fix this, i've used ComboFix which has successfuly fixed that. I still had the Combofix file on my computer so I ran Rkill first (which only killed a Google Updater) then CombFix. My ZA firewall put up connection alerts several times for IE and Firefox, and either accepting or declining them, I get an error message from ComboFix that says "error - win32 only" in English and several other languages and it never starts. I have XP pro on my machine, i've downloaded the most recent one (combofix) available from here at BC and even tried to run it in safe mode. What is the problem? Can anyone help? Anyone experience this?

A:Combofix error

ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computerYou shouldn't be running ComboFix without supervision by staff here at BC.

Read other 3 answers
RELEVANCY SCORE 38

Okay, I'm just looking to pick up a couple ideas from the kind and wonderful people here.

I use combofix fairly regularly with my job, I'm lead tech for a small district of a large corp. and I was introduced to combofix a couple years ago and found that it simplifies the cleanup and removal of certain malware to where I can take care of them in mere moments.

And so I had a customer with sysguard on it, sysguard is not a new bug, nor is it exceptionly bad, just annoying. Program wise its actually very similar to smitfraud, and can be removed using some of the same tactics. But combofix can kill it in one fell swoop, unfortunately when I ran it this last time I received the error Not Admin when it started scanning. I went though everything I could think of to find where this permission error was coming from, but its WinXP MCE sp3, there are not a lot of choices inside the Administrator Account in SafeMode.

I went and manually removed the hoaxware, much more time consuming. I decided to try combofix again just to see if the bugger was what was stopping it from running, but I get the same error. Everything else I have runs fine, even the batch and com tools that I have.

So, anyone with information would be good. I unfortunately will not be able to post any logs as I do not have access to the computer anymore. I'm mostly looking for ideas that i can try in case I run into this again.

Read other answers
RELEVANCY SCORE 38

After Running AVG Business edition and Malware-Bytes, was unable to remove a virus threat entitled "Tojan virus Agent_r.AHR". Have used and performed ComboFix several times at the advice on users on the forum and knew that after the failed attempts to remove the virus using previous scanners, ComboFix was the next step. Error Log follows below:ComboFix 11-07-05.02 - Register 6 07/05/2011 14:27:56.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1578 [GMT -5:00]Running from: c:\documents and settings\Register 6\My Documents\Downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\kernel.dll..((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))..2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\Register 6\Application Data\Malwarebytes2011-07-05 17:37 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-07-05 17:37 . 2011-07-05 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-05 17:37 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-... Read more

A:ComboFix Error Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 38

Hi - i am using dvd shink 3.2 v 3.2 and just now out of the blue i get the error " Overlapped i/o error in progess " whats that all about and whats the fix, i have w98se if that helps - thanks . . .
 

A:I / O error in process

Well, we can't really help you with applications for copying copy protected media, so I'm going to close this thread. Please read the TSG Rules.
 

Read other 1 answers
RELEVANCY SCORE 38

Hey I'm new to this. But I've asked alot of people about my problem! I use a program called graboid. It had been fine up until a week or so ago. Now everytime I try to open the program even if I re-install it is...
GraboidClient.exe - Application Error

Application had generated an exception that could not be handled.

Process ID=0xa04 (2564), Thread ID=0xde8 (3560)

Click OK to terminate the application.
Click CANCEL to debug the application.

Hope you guys can help me because I havent a clue what to do.

Hope to hear some feed back soon. Cheers guys, J
 

A:Process id error:::

is anyone going to even bother trying to help me???
 

Read other 1 answers
RELEVANCY SCORE 38

Hello everyone. I am new here and hoping that someone can advise me on the issue i seem to be having. I notice my internet browsing had been slow and on playing online games i was getting drop outs.

I run various spayware software packages, and removed some minor malware found. However on running my Virus scanner i got a process error message on everything being scanned. This concerns me.

Ok, so i find this forum, and done a hijack log. which is to follow :-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:50, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.ex... Read more

Read other answers
RELEVANCY SCORE 38

I've read a bunch of old topics and tried following the same instructions and I'm still having problems.  
 
Malwarebytes freezes half way through the run.  I tried in safemode I get the same thing.  I tried combofix and I keep getting run errors/extract errors.  I read a lot of topics where people were having similar problems.  The only addition to mine is my hard drive is constantly saying low disk space.  Its no where near low, If I delete one or two things totally a few gigs within 20 minutes my disk space is back to 0 kb again.  
 
Please help! Much appreciated! .
 
Moderator Edit: Moved from Windows 7 forum to a more appropriate forum since Combofix did not run
Roger

A:Combofix Error + Malwarebytes Error

Hello -
Only because this is program specific, please post it to the Malwarebytes General Forum area linked below
 
https://forums.malwarebytes.org/index.php?s=9e6d8926279a7354514504570a27a007&showforum=41
 
They would be the better people to deal with this at the moment -
 
Thank You -

Read other 5 answers
RELEVANCY SCORE 37.6

Recently just downloaded combofix and going to run it on a computer here but receive the error:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error
---------------------------
OK
---------------------------

Tried it on my workstations and it gets the same thing as well. Is there a workaround?

A:Combofix - NSIS Error

Nevermind, looks like the issue has been resolved!

Read other 18 answers
RELEVANCY SCORE 37.6

My daughter has managed to acquire some type of malware which behaves much like Vundo... however, since I'm a bit rusty on my skillz, I can't be exactly sure.

Description of symptoms:

Will not connect to the home network any longer, either wireless or wired. When LiveMessenger fails to connect, troubleshooting shows an invalid IP address...when I run IPCONFIG, it states there's an internal error.

AVG Anti-Virus modules will not run.

Spybot S&D will not run

Downloaded Malware Antibytes but the program will not install. The process is in Task Manager, but is "hung" and will not initiate.

Downloaded Combofix from a link in this forum. When executed, it drops to the DOS box, then comes up with Date Error. The date presented is the current, correct date, yet it states to Check Your Settings.

Ran The Comedian which gave me a valid ERUNT, but would not set a restore point.

And, last but not least, HJT will not install.

Um.. help?

A:Combofix Date Error?

Ok.. found the rename trick for MBAM... had to even go ren the exe in Program Files/Malware Antibytes folder but its currently running... we'll see.. If it works, someone may want to make a sticky out of that lil trick..

Read other 52 answers
RELEVANCY SCORE 37.6

Hi

I had a similar problem to the guy over here:
http://forums.techguy.org/malware-r...68-post-virtumonde-cryp_morphine-removal.html

I have Windows Vista Ultimate SP1 32bit if that helps.
I have 2 x 500Gb hard drives in RAID0 partitioned to a C and D drive, C being the primary Windows Drive and D being where I backup all my work etc...

Full hardware specs:
Intel Core 2 Quad Q6600 @ 3.41Ghz
2x2gb OCZ Reaper [email protected] 5-5-5-12
2x500Gb Western Digital GreenPower (More info above)
Gainward 8800GT 1Gb Golden Sample
Coolermaster Real Power Modular 800W

I followed the instructions, it all went well until I tried combofix.exe

It asked for a restart and as one of the posts said to expect this, I allowed it to happen, upon Windows restarting and the login screen appearing, I proceeded to enter my password and sat back waiting the spinning circle to do its work.

Then came the error, "Error: The handle is invalid." and a "OK" button underneath it.

So I simply tried again with same results. So then I went to hit the restart button on the bottom right hand corner, but the problem was that the button animated (glowing as I clicked it) but nothing happened.

Restarted computer and tried all the safe modes with same results.

What went wrong? How can I fix it? Oh and I can't really provide any logs as I can't log on, I am writing this thread on another computer.

I seriously need to access my work and everything on it. The best scenario is th... Read more

A:combofix.exe winlogin error

Ok, Hi everyone again.

Today I tried to fix this and I fixed it. Can someone tell me how to find 'Last Known Good Configuration' as the first few times I got the boot menu I didn't get that option, and how do I get the boot menu without hitting the physical reset switch when the computer is on? Thanks

Oh and I can't enter my Combofix log as it is too large...
 

Read other 1 answers
RELEVANCY SCORE 37.6

Mods: If this is better posted somewhere else then please feel free to move it.

I had a Dell notebook which I had worked on before and after running CCleaner, MalwareBytes, Spybot S&D, Windows Security Essentials (each of which found a lot of really nasty stuff) and updating SpywareBlaster it still had some problems which none of the previous programs would detect, and after they all gave it a clean bill of health I knew something was still wrong. I then used my trusty ComboFix program which for the first time ever refused to run and gave a variety of weird error messages about "can't run on a 64-bit system", "can't run with AVG installed" and other similar things.

Well, since the computer had the Vista Home Premium SP2 32-bit OS on it and didn't have AVG installed I knew something was Rotten in Denmark so I went back to the BC forums and found the TDSSKiller, which I downloaded and ran. See the log below for the results:

2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0961 3400 Scan finished
2011/03/31 17:52:53.0961 3400 ================================================================================
2011/03/31 17:52:53.0977 4188 Detected object count: 1
2011/03/31 17:53:34.0646 4188 mouclass (0e6be2ddff3e98f92e465a4cdc886e5a) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/31 17:53:34.0646 4188 Suspicious file (Forged): C:�... Read more

A:ComboFix Gives Error Messages And Won't Run

This is not a ComboFix log and the small portion of it I posted is for illustrative purposes only; I am not asking for any help, just sharing my experience. I hope that is not a violation of the rules...

Read other 3 answers
RELEVANCY SCORE 37.6

Hello: I am getting a error of Can not export RegRuns00: Error opening the file. There may be a disk or file system error. This occurs when I run the program Combofix on my Windows XP home system. Can anyone give me any help with this?
Thanks and have a great day!!

A:RegRunns00 combofix error

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

Read other 2 answers
RELEVANCY SCORE 37.6

ComboFix downloaded from bleepingcomputer throws an NSIS error (v 11.10.1.3 and 11.9.30.5).

When downloaded from infospyware, it runs successfully, but is an older version (11.9.26.2).

OS: XP Professional
Browsers: IE8 and Firefox on a non-infected machine. Caches cleared.

The target machine has been infected with Open Cloud Security. The older version of ComboFix deleted a number of infected files including some rootkit stuff, but I am concerned that without the latest version, some components may have been missed. The Open Cloud authors have apparently been modifying their strategy, as much of the advice online refers to component names that were not present in my case.

ComboFix was downloaded on a non-infected machine and transferred via USB stick.

Error message:
---------------------------
NSIS Error
---------------------------
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error

A:ComboFix -- NSIS error

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.

Read other 1 answers
RELEVANCY SCORE 37.6

I've got a machine running Vista Home premium, SP1. When I try to run a cmd prompt with administrator mode, using anyone of the methods to get there, I get a few error messages with Combofix, saying that I need administrative rights to perform this action. It runs all the way thru the checks, with at least one more error during, and 4 or 5 at the end. Any ideas?

A:ComboFix Administrator error

Hi,

I'm sorry for the delay.
Why do you want to run ComboFix? Do you have malware?

I want to inform you that the execution of ComboFix, without supervision from a trained helper, can have very harmful effects on your computer.
ComboFix is a powerful tool, that can, without supervision from one of us, make your system (partly) corrupt. So I advise you to don't use this tool, and our other tools, in the future anymore without supervision.

Read other 1 answers
RELEVANCY SCORE 37.6

I ran combofix after it was complete it said something like, let combofix reboot your PC. It stayed like that for a while so finally i just hit the power button.

Now I get an error at boot up:

STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\SystemRoot\System32\Config\Default or its log or alternate.
It is corrupt, absent, or not writable.

Beginning dump of physical memory.....................

I tried "last known good configuration" , same problem. Safe mode doesnt work either.

Any ideas?

A:Ran Combofix, Now Registry Error

I booted off the windows xp cd into recovery console and ran this command copy c:\windows\repair\default c:\windows\system32\config\default

It also seems like the virus is gone

Read other 2 answers