Over 1 million tech questions and answers.

ComboFix Error - gxvxccounter infection

Q: ComboFix Error - gxvxccounter infection

I have tried to remove gxvxccounter with ComboFix, but it gives me an error and the infection remains. ComboFix never gets through all the processes listed in the directions at http://www.bleepingcomputer.com/combofix/h...se-combofix#use. Now when I reboot I get an error that says pev.exe can't run. I'm still getting "Malware Doctor" running and only stops when I delete it through HiJackThis. Taskmanager and Regedit are both disabled. (I can get regedit back through HJT, but not taskmanager) I've run MalwareBytes and it says it was found and removed, but it keeps coming back.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:28 AM, on 5/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\Explorer.EXED:\WINDOWS\system32\spoolsv.exeD:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\WINDOWS\System32\AshEvtSvc.exeD:\Program Files\Bonjour\mDNSResponder.exeD:\WINDOWS\system32\inetsrv\inetinfo.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Winamp\winampa.exeD:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\Program Files\Java\jre6\bin\jusched.exeD:\WINDOWS\SOUNDMAN.EXED:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exeD:\Program Files\ScanSoft\OmniPageSE\opware32.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Pure Networks\Network Magic\nmapp.exeD:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeD:\Program Files\Roxio\CinePlayer\DMXLauncher.exeD:\WINDOWS\Mixer.exeD:\WINDOWS\system32\rundll32.exeC:\Program Files\Logitech\Profiler\lwemon.exeD:\Program Files\Skype\Phone\Skype.exeD:\WINDOWS\system32\ctfmon.exeD:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeD:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeD:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXED:\Program Files\Flock\flock.exeD:\Program Files\iPod\bin\iPodService.exeD:\WINDOWS\system32\NOTEPAD.EXED:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE\?\globalroot\D:\WINDOWS\system32\rundll32.exeD:\WINDOWS\system32\NOTEPAD.EXED:\Program Files\jZip\jZip.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Microsoft copyright - {56BB6D01-7BD5-4458-A4AE-F03DF643D6EE} - stfa.dll (file missing)O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RoxWatchTray] "D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [OpenDNS Update] "c:\Program Files\OpenDNS UO4 - HKLM\..\Run: [Omnipage] D:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nmctxth] "D:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplashO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [DMXLauncher] "D:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [autochk] rundll32.exe D:\WINDOWS\system32\autochk.dll,[email protected] - HKLM\..\Run: [Malware Doctor] D:\Documents and Settings\LocalService\Application Data\916653139.exeO4 - HKLM\..\Run: [combofix] "D:\WINDOWS\system32\CF18697.exe" /c "D:\ComboFix\C.bat"O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [Start WingMan Profiler] "c:\Program Files\Logitech\Profiler\lwemon.exe" /nouiO4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [autochk] rundll32.exe D:\DOCUME~1\ADMINI~1\protect.dll,[email protected] - HKUS\S-1-5-18\..\Run: [] D:\WINDOWS\TEMP\jvljji4.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] D:\WINDOWS\TEMP\1503265748.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] D:\WINDOWS\TEMP\jvljji4.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe D:\DOCUME~1\LOCALS~1\protect.dll,[email protected] (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [] D:\WINDOWS\TEMP\jvljji4.exe (User 'Default user')O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')O4 - Startup: ChkDisk.dllO4 - Startup: ChkDisk.lnk = ?O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Rea&d in intraVnews - C:\Program Files\intraVnews\ie.htmO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AshEvtSvc - Unknown owner - D:\WINDOWS\System32\AshEvtSvc.exeO23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exeO23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exeO23 - Service: Roxio Upnp Server 10 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exeO23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exeO23 - Service: RoxMediaDB10 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exeO23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe--End of file - 9560 bytesAlso, I couldn't disable AVG, so I uninstalled it. Even after deleting the AVG8 folder, ComboFix says it's still running.I've tried everything I can think of, but this one has me against the wall. Please help, I need to get this computer back in service for my business.Thanks,Randy

RELEVANCY SCORE 200
Preferred Solution: ComboFix Error - gxvxccounter infection

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: ComboFix Error - gxvxccounter infection

Hello rbr451,Welcome to Bleeping Computer.Sorry for delayed response. Forums have been really busy. My name is fireman4it and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.I will be analyzing your log. I will get back to you with instructions after it is approved.Since it has been a little while since you posted originally lets get another look at your machine.1.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. * When done, DDS will open two (2) logs: 1. DDS.txt 2. Attach.txtSave both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

Read other 3 answers
RELEVANCY SCORE 66.4

Hello and thank you for your help, in advance.

I have been trying to eliminate the Trojan.DNSchanger found at C:\WINDOWS\system32\gxvxccounter. Malwarebytes'Anti-malware finds it and eliminates it but then, upon reboot, it comes back. I have run the anti-malware app in safe mode as well as in normal mode.

In order to run the Anti-malware app, I had to change the name. This is also true for running SuperAntiSpyware. I have also tried running the anti-malware apps with internet connection disconnected but it has not helped.

My computer symptoms are that internet browsing with either Internet Explorer or Firefox is VERY slow and in some cases, I never get to my destination. Furthermore, I am unable to run anti-malware apps without changing their names.

Can anyone help me with what to do next? My DDS log follows.
Sincerely,
Alex (westyoungman)
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 22:23:56.18 on Tue 05/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.412 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\... Read more

A:gxvxccounter Trojan.DNSchanger infection

Hello westyoungman Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please perform the following:Do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be pat... Read more

Read other 37 answers
RELEVANCY SCORE 47.6

My computer has been acting funny the past few days so I decided to post about it in another part of the site here. The person who helped me had me run Malware Bytes Anti malware and it discovered a few things. The user said I have a pretty nasty rootkit and directed me here (that topic is here )The symptoms I have been having are:I cannot run many anti-spyware programs (mbam.exe has to be renamed to mbam1.exe, SpybotSD.exe to SpybotSD1.exe, etc)Sometimes web links I click on are redirect to other sitesComputer will randomly lock up (mouse moves fine, but cannot click on anything, cannot ctrl-alt-del, etc)That person also had me run a program called RootRepeal, and it found a couple things so here is that log file (also posted in the other tread)ROOTREPEAL ? AD, 2007-2008==================================================Scan Time: 2009/04/22 22:46Program Version: Version 1.2.3.0Windows Version: Windows XP Media Center Edition SP2==================================================Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: C:\WINDOWS\system32\gxvxccounterStatus: Invisible to the Windows API!Path: C:\WINDOWS\system32\gxvxcyncufmkpsvqredfkgwmwjidbngbldlcn.dllStatus: Invisible to the Windows API!Path: C:\Program Files\Yahoo! Games\Monopoly Here & Now Edition\Monopoly.exe:{EB2FABD9-FA31-9A07-E885-B74FDA7D4791}Status: Visible to the Windows API, but not on disk.Path: C:\WINDOWS\system32\drivers\tfqivgfd.datStatus: Locked to... Read more

A:Infected w/ a rootkit - gxvxccounter

Hi mindless2,

My name is Syler and I will be helping you to clean your computer, please give me some time
to look over your logs and I will get back to you as soon as possible.

Thanks

Read other 4 answers
RELEVANCY SCORE 47.6

Hello everyone, I am "SecurityAlert" and I have been having a problem. Recently, I have been experiencing problems with google searches on firefox and internet explorer, and whenever I try to click on a search result, I am redirected to a website called "jump.com". I have always canceled the action in the browser to stop any (further) possible harm to my computer.I use Avira AntiVir Free Edition, and it has detected a suspicious file called "gxvxccounter.sys" in every scan, and other files that are similar to this. (e.g gxvxcxvirkhacekvsuawotomfchkdblhcgmbx.dll, etc)These file names appear to be gibberish, however they appear to be actually malware, and are hidden in the system32 files, and I cannot see them even with administrative priviledges. Quarantining these files and deleting them has done nothing, as the file keeps reappearing in every system scan I perform. I have deleted these files and quarantined them to the point where now Avira says this malware cannot be deleted, and only copied to quarantine. Even though the file has been quarantined several times the effects are still visible. I will provide a HJT log below. Any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:48:06 PM, on 05/06/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:&#... Read more

A:gxvxccounter Trojan detected, please help

Hello SecurityAlert,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.***************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a fil... Read more

Read other 34 answers
RELEVANCY SCORE 47.6

I want to run combofix cause i went to a website and possible clicked on something i should not i beleive i may have a back door trojan

The error i am getting is

Windows cannot find "NircmdB.exe". make sure you typed the name correctly, and then try again.

I tried renaming to cf.exe no luck i even try using SDFix in safemode no luck when i click on runthis bat file cmd start then close so i dont know what is going on..

In the past i had vista and abale to run combofix and get rid of any virus i had . Now with window 7 i am getting this error above

Any help to run combofix would really appreciate. All i want ot do is run combofix on window 7

thanks

A:Combofix will not run on window 7 full retail version, combofix will not run error

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further ComboFix does not officially support Windows 7 and SDFix only works on Windows XP.Please download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-Malware... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

Where to start?!?! OK, When this first started I hadnt had this computer very long at all and it (of course) had Norton on it. I removed it (not a fan!) and just honestly had not gotten around to putting another scanner on here. I like to use Bitdefender online scanner. I realized I had SOMETHING becasue my google searches were being "hijacked". Then when I tried to download a scanner I couldn't my pc wouldnt let me download anything that could have been helpful. I got all types of error messages. However, with help from a couple in a different category here we did manage to get a few scanners to run. (malwarebytes, superantispyware, among others.) I was told afterward that my best shot was to reformat but that the computer just may never be "secure" again. Reformatting isn't an option as of right now so I was refered here. The only reason I can tell that there is some sort of malware is becasue of google still being hijacked. The computer is NOT slow, I do NOT get pop-ups, and as of now I am getting NO error messages, it is simply that my google search results pop up and when I click a link to go to that website it takes me somewhere else all together. Sometimes It is another search result and sometimes it is a real estate company, or a quiz to take. Here are the reports as requested.
Thanks in advance for any advice and help given.
Christina*


DDS (Ver_09-03-16.01) - NTFSx86
Run by E-Z Customer at 8:57:10.74 on Fri 04/24/2009
Internet... Read more

A:gxvxccounter,rootkit/backdoor trojan???

Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Then,Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:http://www.bleepingcomputer.com/combofix/how-to-use-combofixAfter running ComboFix, please post the ComboFix log and the ark.txt as a reply to this topic.

Read other 7 answers
RELEVANCY SCORE 47.2

Hope you can help me with this one.
I think it started when I downloaded a movie that required me to 'download a licence'. I did - but I shouldn't have.
My internet searches get redirected when I click on a link. I can still go to sites, but needs to manually enter addresses in the URL bar.
Not sure if it is related, but my computer is also freezing randomly, and always freezing if I try to shutdown using the start button. I can shutdown successfully using the task manager though.

Other issues are:
Not being able to use 'scan disk' and defrag. They load up, but you can't start the scan.
System restore did not work. I can select a date, but then nothing happens.
Malwarebytes will not run.
Superantispyware will not run.

I have:
Scanned with Trend Micro Internet Security and only come up with a vunerability about Excel 2000. (which I also can't fix).
Run a Hijackthis. Log below.
Changed the name of MBAM.exe to something else and have done a scan. I have included the log below. It comes up with 1 threat - the Trojan.DNSChanger gxvxccounter. It 'successfully removes it' but it is still there next time. Is this maybe because I had to change the name to run the program?

I'm out of ideas. Your help is greatly appreciated.
Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 3

3/05/2009 8:38:52 AM
mbam-log-2009-05-03 (08-38-52).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 166894
Time ... Read more

A:Cannot remove gxvxccounter - Browser hijacked

Read other 6 answers
RELEVANCY SCORE 47.2

Hi everyone. My name's Matt and this is my first post on this site. I've come across a pesky little virus of some sort that redirects any Google search results, usually sending me to a website to buy some useless item or another. After searching around a few different forums (like this one) I've seen that I'm not the only one who's experienced this recently. When I run a scan with Antivir, I can see the culprit as 'gxvxccounter'. There are other hidden files coming up in the scan that I'm assuming are all working together.

As per the preparation guide, I've run DDS and I'm pasting my dds text file and attaching my 'attach' text file below.

I hope I'm doing everything right, and I hope someone can help me out. Thanks so much in advance.

Matt
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt at 19:16:06.67 on Fri 04/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1612 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\... Read more

A:Google Redirect Virus (gxvxccounter)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hey all, I have just registered here to find a solution to this problem. I have ran Malwarebytes Antimalware multiple times and the only infection I ever have is a Trojan.DNSchanger found in the C:\Windows\System32\gxvxccounter. I have looked up a bit about this and it seems that this is the reason than when I click on a link in google, I get redirected to a different page than the one intended. I can get past this by refreshing google page then clicking on link again, however this is very annoying.

But back to the topic, everytime I run malwarebytes it picks up the file, when I remove it, it says it has been removed and requires a restart. So I restart the computer, run it again, and it is still there. So any help in removing this would be greatly appreciated.

A:windows\system32\gxvxccounter trojan.dnschanger

This is a very nasty infectionhttp://rootrepeal.googlepages.com/http://rootrepeal.googlepages.com/RootRepeal.zipJust use the file tab at the bottom, scan and paste the report into a reply here please

Read other 9 answers
RELEVANCY SCORE 46.4

I tried to remove this using McAfee, thought I did it but failed. Can only run in safe mode with networking. Mostly get BSOD and a few browser redirects in regular mode.

Here is the dds text file-

DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Kory at 9:50:45.83 on Sat 11/14/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.2046.1439 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C... Read more

A:Vista 32bit ntoskrnl-hook with gxvxccounter

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. ... Read more

Read other 4 answers
RELEVANCY SCORE 46

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jenn at 1:07:38.87 on Fri 04/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\... Read more

A:GOOGLE RE-DIRECT VIRUS C:\WINDOWS\SYSTEM32\GXVXCCOUNTER

Google redirects me quite abit as well as laptop freezes on occasion. I have McAfee and also ran Mcafee Rootkit Detective and it detects the GXVXCCOUNTER files and says it deletes them but upon restart and rescan, they reappear and sometimes more hidden registries with same filename included. i have seen the advice given here and could really use a helping hand. I am working on my masters degree and work mainly on this cpu. I have backed up all files and just hoping for some help removing this bad bad rootkit crap. Thanks

Read other 10 answers
RELEVANCY SCORE 44.8

While I don't claim to have the skills of any of the expert techs at Bleeping Computer, I have found that the infection reported from Combofix may have happened before the reported date of January 29th.
Working on a Windows 7 OS laptop (64 bit) and a Vista OS laptop (64 bit) and another Vista OS laptop (32bit) I have found the same infection on all 3 laptops recently, the only common denominator being running Combofix on all 3 systems with the resulted infection found by Eset Online Scanner "Win32/Toolbar.Widgi application". The number of instances report has been as low as 7 and as high as 11 with the reapeats of only the same infection reported.
The difference in the reported infection date was the Vista OS (64 bit) system which was run at least a month ago.
I could be wrong as to what infected it with the same reported infection on all 3 systems but that was the only program I can currently attribute it to.
If this is the wrong location to post this please (admins) move this to where it should be posted.

Read other answers
RELEVANCY SCORE 44.8

//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 13/08/2007 08:43:52
//
//-----------------------------------------------------------------
Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
Folders : 21505
Files : 1238385
Memory processes scanned : 54
Archives : 25562
Runtime packers : 132425
Identified viruses : 3
Infected files : 5
Memory processes infected : 0
Suspect files : 30
Warnings : 0
Disinfected files : 0
Deleted files : 4
Moved files : 0
I/O errors : 41
Scan time : 03:12:32
Scan speed (files/sec) : 107

Spyware Statistics

Registry keys scanned : 2029
Registry keys infected : 0
Cookies scanned : 528
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 754807
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:&... Read more

A:Combofix Infection

Please contact RiP_ChAiN_ in the Hijack Team and have him reopen your Hijack Thread.

Read other 2 answers
RELEVANCY SCORE 44.8

I JUST RAN COMBOFIX TO FIX A MBR CORRUPTION, COULD SOMEONE TELL ME WHAT WAS FOUND IN THE LOG? ALSO, I DO NOT HAVE A WINDOWS RECOVERY DISC. I'M RELOADING THE ANTIVIRUS NOW TO SEE IF THERE IS STILL AND ISSUE. PREVIOUSLY WHEN SCANNED I BELIEVE IT SAID FILE 0 MBR INFECTED [email protected] THANKS.
ComboFix 11-04-22.03 - User 04/23/2011 12:15:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2508 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\User\Application Data\.#\[email protected]@393FA0.###
c:\documents and settings\User\Application Data\.#\[email protected]@393FD0.###
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-21 16:27 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-21 16:26 . 2011-04-21 16:26 -------- d-----w- c:\windows\system32\winrm
2011-04-21 16:26 . 2011-04-21 16:26 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-21 16:26 . 2011-04-21 16:27 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-04-21 15:38 . 2011-04-23 16:11 ------... Read more

A:I JUST RAN COMBOFIX TO FIX A MBR INFECTION

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Well I'm pretty bad with computers and I have this problem when every time I defrag, my available memory seems to decrease. Like from 40.0 GB free of 111 GB then after defragging it becomes 30.0 GB free of 111 GB. And also, my laptop gets slow at times like CPU Usage goes to 90% when I'm running the same old usual apps I use that only take around 40-50% CPU Usage. Here's the log from my ComboFix Log.
ComboFix 11-12-01.01 - louise 01/12/2011 22:04:05.2.2 - x86 MINIMAL
Running from: c:\users\louise\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 14:13 . 2011-12-01 14:13 -------- d-----w- c:\users\louise\AppData\Local\temp
2011-12-01 14:13 . 2011-12-01 14:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-01 14:13 . 2011-12-01 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 10:05 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55D06A82-5C01-4138-94D6-94385BF1DB35}\mpengine.dll
2011-11-... Read more

A:ComboFix Log (I don't know what infection I have)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430215 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Recently while using the Combofix program I began to notice a trojan warning popping up on my system after downloading and using Combofix from the #1 link on bleepingcomputer.
I thought it might have possibly come in with another program or was erroneously detected but a friend of mine experienced the same thing using a different program and found the same thing on his computer after also downloading and using Combofix.
Mine is being reported by Emsisoft AntiMalware as follows:

Trojan-Ransom.Win32PinkBlocker!IK (underlined entire line)
Details: 1 files - high risk
- File: C:\Users\Virus\Desktop\rempu.exe/32788R22FWJFW\pevb.cfxxe

Virus is the name of my computer and rempu is the renamed version of the exe file for combofix.

If this is not the correct place to post I apologize but I thought someone might look into this. On my system I'm using Win 7 64bit and my friends system is Win XP 32bit. Two completely different systems showing the exact same infection multiple times.

A:Combofix infection?

Provided that you downloaded ComboFix from Bleeping Computer directly (and not from one of the rogue sites offering fake or ancient versions) then it's a false positive. Even genuine versions of the most up-to-date issue of ComboFix are likely going to trigger many security programs because it uses many tools and techniques that the bad guys also like to use.That being said, you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.If you believe your computer might be infected, please review this topic and post a help request in the Am I Infected? What Do I Do? forum.is

Read other 2 answers
RELEVANCY SCORE 44.8

Hey guy's, I look new to the site, but I have been using this site for virus removal tools and what not for quite some time.
 
So, just curious, but I've never seen combofix display, "Writing 'limitblankpassworduse' with data '1' failed."
 
Attached is a screenshot with the quoted line.
 
This combofix was downloaded today, from bleeping computer and was executed on a corporate computer. No I was not instructed by a bleeping computer member to execute combofix and yes i understand the risks.
 
 

A:New Combofix infection?

Hello, thanks for posting.ComboFix is not infected. . . I have just verified this with multiple engines. What you're seeing is an error written to the console. That's all the information I can provide to you.As you've previously expressed your knowledge of the risks of running ComboFix unsupervised I'll spare you the normal speech. But I will point out that CF was never designed to run in a corporate/networked environment. The unique configuration of systems on the network from company to company can cause unpredictable results at times. Choosing to run CF in such a way is, of course, your prerogative. However, we will likely be unable to support any such use of the tool.~Blade

Read other 4 answers
RELEVANCY SCORE 44.4

Hi,
I think I already got rid of the Somato F thing, but I found I had infections in Java this morning, so reinstalled it.
I followed the instructions given in another thread to get rid of the junk, but not sure if that was the only infection present.
 
I have reached my "level of incompetence". Can someone help me analyze this log, please? Thanks
 
ComboFix Log follows.........
 
ComboFix 13-07-27.01 - Owner 07/29/2013  11:49:48.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3326.1630 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\ProcessLassopl_rsrc_temp.dll
c:\documents and settings\Owner\ncftp
c:\documents and settings\Owner\ncftp\firewall.txt
c:\documents and settings\Owner\ncftp\history.txt
c:\documents and settings\Owner\ncftp\init_v3.txt
c:\documents and settings\Owner\ncftp\prefs_v3.txt
c:\documents and settings\Owner\ncftp\trace.3416
c:\documents and settings\Owner\ncftp\trace.3904
c:\documents and settings\Owner\ncftp\trace.7352
c:\documents and settings\Owner\ncftp\trace.txt
c:\documents and settings\Owner\WI... Read more

A:Help with ComboFix log/Somato Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502652 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

Hi,
 
Sorry I have been trying to follow the guidelines and I hope I am not doing anything wrong or posting in the wrong place. I have just created an account. I confess having run combofix not fully understanding how it was working and what I should do with the report once established. Please don't be mad! I have very little knowledge of IT stuff....
 
So I now have a report and I am with little clue as to what to do next...
 
I hope that someone will be able to help.
 
Thank you

A:rootkit infection and ran combofix

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559272 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 4 answers
RELEVANCY SCORE 44.4

Hello, have cleaned a few computers with combofix, but recently i ran across this((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\Documents and Settings\Compaq_Owner\My Documents\SEMBLY~1C:\Documents and Settings\Compaq_Owner\My Documents\SEMBLY~1\??sembly\C:\Documents and Settings\Compaq_Owner\My Documents\SEMBLY~1\lsass.exeC:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Speed MonitorC:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnkC:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnkC:\WINDOWS\pskt.ini----- BITS: Possible infected sites -----hxxp://80.93.48.74.does anyone know what ----- BITS: Possible infected sites -----hxxp://80.93.48.74means, and how to fix it?Searching for this myself on google just reveals hundreds of other combofix logs. thanks

A:Combofix Bits Infection How To Fix

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff/Animal

Read other 1 answers
RELEVANCY SCORE 44.4

I went to a file conversion site planning on converting a tiff graphics file format illustration to the pdf format. When I downloaded the pdf out on my e-mail in box my computer (A Hewlett Packard Compaq dc 5800 running Windows XP Pro) was overwhelmed by a particularly virulent strain of malware. I lost my internet connection and I could not start any of my programs off the icons on my desktop.In desperation I searched the internet on my lap top and found a link to ComboFix. I downloaded it, moved it to a compact disc, and then transferred it to the desktop of my desktop. To install ComboFix I had to hit the install button before the malware took root in my system tray. Sort of like being in safe mode. Anyway, it worked! Couple hours later and my desktop was back in business as though nothing happened. Global Mod edit: ComboFix logs cannot be discussed outside of our malware forum. Please see Blade's post below. If you have any questions, please feel free to PM me. rigel

A:ComboFix Cured My Infection!

Hello.I am glad you got your problem sorted. However, for the benefit of both you and everyone else reading this thread, please be aware of the following:ComboFix (CF for short) is intended by its creator to be "used under the guidance and supervision of an expert", NOT for personal, unsupervised use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.You may find this topic to be informative - ComboFix usage, Questions, Help? - Look here~Blade

Read other 3 answers
RELEVANCY SCORE 44.4

Hello thereI have been running Avira Free on my laptop, which is running xp Home Edition sp2. Yesterday my laptop began to run cripplingly slowly and erratically. Avira notified that it had detected the following virus:TR/CryptXPACK.Gen[trojan]Googling reveals that it's not uncommon for Avira to detect this Trojan, but also that it won't get rid of it, and that it will keep coming back. I made subsequent scans with Avira and with TrojanRemover, both in Safe mode. Neither scan detected the Trojan, but my laptop was still playing up. I've since run Combofix as per the online instructions, and it all seemed to work fine. Combofix deleted a file while scanning. It went by too quickly for me to get all of its title, but it seemed to be related to the toolbar of SpeedBit Video Downloader, an app I downloaded a few days before. Perhaps you will be able to see it in the Combofix log that I have pasted below. My laptop seems to be OK-ish again now after restart, but I'm not sure if it really is or not. I would be extremely grateful to any kind soul who might be able to confirm - or otherwise - that I'm now in the clear, and instruct me as to what I should do further to my Combofix results.Many thanks in anticipation,GlennHERE IS THE LOG:ComboFix 10-09-19.03 - Glenn Rice 20/09/2010 15:22:15.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.223.109 [GMT 1:00]Running from: c:\documents and settings\Glenn Rice\Desktop\ComboFix.... Read more

A:I need help with Combofix log / Trojan infection please

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 9 answers
RELEVANCY SCORE 44.4

i got a google redirect, firewall disabling, antivirus disabling virus somehow and THE ONLY tool that would run was combofix. absolutely all the other ones are blocked by whatever infection i have- my microsoft security client, super antispyware, hijack this, nothing will run and everything is disabled. combofix ran a couple times with restarts in between and i've attached the log i got a message thru it the infection was really bad. so, i know the warnings about combofix-annnd now my laptops keyboard and touchpad wont work, i'm using the tablet pointer thing for this. after the combofix cleanup my computer seems to be running better but everything is still disabled and of course now my keyboard and touch pad are failing. the keyboard worked fine to click thru the options during startup to get to safemode and whatnot though. please help if you can!
jen

ComboFix 11-10-05.02 - JW 10/07/2011 20:13:17.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.673 [GMT -6:00]
Running from: c:\documents and settings\JWoodward\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Dat... Read more

A:really bad infection... combofix attached

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422411 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

Hey, I have recently been suspicious of a virus on my computer. I have run speed tests at speedtest.net and am getting a connection speed of around 7MBps, however my browsers (both IE and FF) are running very slowly, these symtoms are also followed by my firewall turning itself off everytime I restart my computer and I am getting permission error messages from a strange programme.Scanning my computer with AVG and AdAware has done nothing, however I have just scanned it with ComboFix and will include a copy of its results. Any help In reading it and telling me If anything is wrong would be greatly appreciated Thanks in advance, Tim.ComboFix 09-04-20.09 - Tim 20/04/2009 11:49.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1618 [GMT 1:00]Running from: c:\documents and settings\Tim\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\drivers\svchost.exec:\windows\system32\twain32c:\windows\system32\twain32\local.dsc:\windows\system32\twain32\user.dsc:\windows\Sysvxd.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NPF((((((((((((((((((((((((( Files Created from 2009-03-20 t... Read more

A:Virus/Infection Help (ComboFix Log)

Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.The BC Staff

Read other 1 answers
RELEVANCY SCORE 44.4

I have a computer that is infected with the Downloader Virus and I could not get the dds.com to create a dds.txt file so I ran ComboFix attached it the Log file.
 
Thank you for your help.
 
ComboFix 13-12-26.01 - sysadmin 12/28/2013  23:55:07.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3895.2449 [GMT -6:00]
Running from: c:\users\sysadmin.Accounting-PC\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-29  )))))))))))))))))))))))))))))))
.
.
2013-12-29 06:01 . 2013-12-29 06:01 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2013-12-29 06:01 . 2013-12-29 06:01 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp
2013-12-2... Read more

A:Virus Infection ComboFix Log

No need to respond. I solved the problem. Thank you

Read other 2 answers
RELEVANCY SCORE 44.4

My computer has recently become significantly slower. In the last couple of days I saw entries in the browser history for sites I had not visited. Also I have been getting some strange popups (had ron/ronx.php in the URL). I ran combofix and it returned the log below. Any help analyzing it is appreciated.ComboFix 08-12-11.04 - Admin 2008-12-11 21:41:36.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.445 [GMT -5:00]Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Admin\Cookies\HOLMN.QWNc:\documents and settings\Admin\Cookies\NJWDJ.PUNc:\documents and settings\Admin\Cookies\NXRSU.FTDc:\documents and settings\Admin\Cookies\QKTNU.RJUc:\documents and settings\Admin\Cookies\RDXTA.LEGc:\documents and settings\Admin\Cookies\VURQF.FJHc:\documents and settings\Admin\Cookies\XNAIU.WKIc:\windows\Downloaded Program Files\setup.infc:\windows\IE4 Error Log.txt.((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 ))))))))))))))))))))))))))))))).2008-12-11 11:01 . 2008-12-11 11:01 <DIR> d-------- c:\documents and settings\Admin\Application Dat... Read more

A:possible infection ran combofix log attached

I just read the part about not posting combofix unless asked. Sorry about that.

Read other 11 answers
RELEVANCY SCORE 44.4

Let me start this by saying that i learned my lesson well. i will NEVER use interned explorer ever again. not secure enough for my needs. anyway, the problems ive had are .dll errors, slow computer, connectivity issues, fake security alerts, pop-ups while browsing, and an "anti-spyware program" that installed itself and started doing who knows what while it was "scanning" in the background. steps ive taken to remedy these issues are:Complete system scans with AVG Anti-virus, AVG Anti-spyware, AVG Anti-rootkit, Adaware, Spybot S&D, and Trend Micro Housecall. after all that, im still having most of the problems. Heres my combofix log:ComboFix 08-07-09.5 - Scholl 2008-07-20 14:24:40.4 - NTFSx86Running from: C:\Documents and Settings\Scholl\desktop\combo-fix.exeCommand switches used :: /killallWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\BM83d9682d.txtC:\WINDOWS\system32\asmilxrk.iniC:\WINDOWS\system32\cdfvie.dllC:\WINDOWS\system32\ejavhcyh.iniC:\WINDOWS\system32\ghhkTvut.iniC:\WINDOWS\system32\ghhkTvut.ini2C:\WINDOWS\system32\mkggrycq.iniC:\WINDOWS\system32\VxxHNqss.iniC:\WINDOWS\system32\VxxHNqss.ini2.((((((((((((((((((((((((( Files Created from 20... Read more

A:Combofix Log - Virtumonde Infection? Help!

bump.

sorry for the duplicate posts. had weird connection issue and kept hitting post without seeing any result. anyway, please help me out here.

Read other 6 answers
RELEVANCY SCORE 44.4

Ok, something is wrong.After running ComboFix my AV (Avira Free) does not update. I uninstalled it.Windows XP SP3 Pro (Updated)Malwarebytes (Updated and passed a scan in Safe Mode with network access, result clean)Sandboxie 3.50Uninstalled Daemon Tools (god, it took me long to uninstall sptd.sys)No realtime AV, now.ComboFix detected kernel32.dll as infected and supose fixed it.inst.exe infected (which I think is a false positive)Attached ComboFix.txtNow I see strange things in "Drivers which are not Plug and Play". I have a spanish OS so I've just translated. One is catchme which I think is from ComboFix.First Topic made: Linkgmer always hangs. No log.DDS (Ver_10-11-08.01) - NTFSx86 Run by geko at 8:04:10,73 on 08/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22FW: Look 'n' Stop 2.07 (Soft4Ever) *enabled* {2A530F53-4A99-4EE0-8471-4A00BA4A47B0}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = https://www.google.com/BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Aplicaci?n auxiliar de inicio de sesi?n: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dlldRun: [CTFMON.EXE] c:\windows\syst... Read more

A:ComboFix detected infection.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 13 answers
RELEVANCY SCORE 44.4

Hello, I ran combofix and it seemed to have cleaned the infection, but it quarantined all my media files (70 GB worth). I would like to know how do I retain all those files? At first I thought they were all deleted but they seem to be in a folder "Qoobox" where it added .vir at the end of each file. And is there anything else I need to do with combofix?

Thanks.

A:Need help with infection (not sure the type) and combofix

Please read about the problem and the fixhttp://www.bleepingcomputer.com/forums/t/290138/combofix-problems-and-resolution-for-legitimate-files-being-deleted/

Read other 1 answers
RELEVANCY SCORE 44

Working on my room mates computer. He has a "Win 7 Antispyware 2012" infection. Was unable to download combofix. Attempted download from my computer. After download completed on my computer, I received a warning indicating an infection was blocked from bleepingcomputer.com.

I will submit a separate forum post for the rogue anti-spyware (after following instructions on http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012). For this post I am interested in the supposed threat from downloading combofix. I find it highly unlikely there is a real threat there, but would like a third party to investigate.

I will include the reports I received as well as a link to the avast reports. The first time I downloaded combofix was via "http://majorgeeks.com/Combofix_d6402.html". I ran a double check by going to "http://www.bleepingcomputer.com/download/anti-virus/combofix" and selecting "BleepingComputer Mirror". I was notified an infection was present both times.

-----
Windows 7 Professional (64-bit)
Service Pack 1

Avast! Free Antivirus
Current Version: 6.0.1367
Engine and virus definitions are up to date

--- (via Majorgeeks)
Infection Details
URL: http://download.bleepingcomputer.com/sUBs/ComboFix.exe|%3E$0/pev.3XE|%3E[PECompact]
Process: file://C:\Program Files (x86)\Mozilla Fiirefox\firefox.exe
Infection: win32:Rootkit-gen [Rtk]

http://www.avast.com/en-us/lp-security-information-fp?p... Read more

A:Avast indicates infection from combofix download

Avast usually have false positive problems.
It currently has a false detection:
VirusTotal - Free Online Virus, Malware and URL Scanner
http://www.virustotal.com/file-scan/report.html?id=437441626166fac349681f726ef20877447d58995d2046ed0f8bb5644f88e9f1-1326102653

You should read the following topic:
ComboFix usage, Questions, Help? - Look here
http://www.bleepingcomputer.com/forums/topic273628.html

Read other 1 answers
RELEVANCY SCORE 44

Hello,
My teenage daughter's PC had a very bad rootkit infection.
It took over Norton Internet Security 2009 and caused many problems on her machine:
disabled cd/dvd writers and misdirected links on the internet.

After trying malwarebytes and superantispyware the computer was still infected.

I ran Combofix and it seems to be working now.
Is there anything else I should do after running Combofix?

I can post the log if that would be useful.

Thank you very much for your help.

Mary Ann

A:Rootkit infection - Combofix [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.I ran Combofix and it seems to be working now.To everyone reading this topic: Please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if... Read more

Read other 3 answers
RELEVANCY SCORE 44

Hello,

PC was scanned with multiple scans, alls show it is clean. Please have a look at the attached combofix log and tell me if you find any suspicious entries.

Symptoms: While surfing in Firefox, antivirus reports

Found entries: cmstlpq.dll Backdoor.Trojan

"intrusion attempt from newporto.cn was blocked"
Risk level: high
HTTP Infostealer Snifula.B
attacker
newporto.cn (77.78.240.136)
 

A:Combofix Log - Infosteler Snifula B Infection

one up
 

Read other 1 answers
RELEVANCY SCORE 44

Hey guys, I have been wrestling with that dang infectious antivirus thing for the last few days. If you haven't gotten it, what it does is break every program you try to open, claim that it's "infected! buy me!"Anyways, I read a lot of the help topics about it, so I did a System Restore, followed by a couple MalawareBytes, SUPERAntiSpyware, and Symantec Endpoint Protection Scans. It resulted in that "changed registry" problem I've seen a lot of other posts about, where Windows comes up in Windows Classic mode, and there's varying degrees of internet connectivity. Then because I'm a tool I went and got infected by the same site again Hah, it seems to be lurking around Mediafire (and on what- at least, had been- a reputable site. Anyways, I did a couple more System Restores, but these also just resulted in the same "Windows Classic Mode" and NO connectivity, until I opened Safe Mode with Networking and came right here.I'd already had some experience with using Combofix to clear the "search engine redirect" virus that I'd gotten before (and, to me at least, cured), so I was totally willing to just jump right in.Anyways, I followed every instruction it gave me (shutting down "CD emulation," etc). When my desktop popped back up, it was in Windows XP mode!!! On its own!! I'm afraid to take this as too good a sign though, and was wondering (since I have no idea how to re... Read more

A:Antivirus Soft infection, combofix log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 44

Hi,
Could some body help me in identifying any more threats, my computer was infected with "Trojan.fakeav" and both SuperAntiSpyware and Malwarebytes Antimalware failed to remove it.
So I ran ComboFix and it seems to have deleted the infected dll files, but wanted to ask the gurus if there is any thing more I need to worry about.
Please find attached ComboFix log.
regards,
Ram

A:Ran ComboFix after Trojan.fakeav infection

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion,... Read more

Read other 1 answers
RELEVANCY SCORE 44

Ok first, I'd like to thank you guys for doing this for everyone out there. I know I appreciate it a lot. I also have to apologize because I already ran ComboFix before seeing the advice to not run unless you guys say I should. I also rand Malwarebytes prior to Combofix. Obviously, just let me know if there's anything else I need to do or provide.Description of Problem:General freezing. Opening of tabs in Firefox that I didn't open like to a google page or some sort of news website. Windows popups like "svchost.exe -Application error" and "Generic Host Process for Win32 Services". Just before coming here, at the login portion of my email website, the log-in address was different than my address.EDIT: I'm working on getting my log on here. It's way, way too longEDIT #2: I've uploaded it to filefactory. If that's a problem, please let me know. Here it is.

A:Unknown Infection type w/ ComboFix Log

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 44

pls help with this one too :) this is from a different pc infected this time with virtumonde...thx for your time

ComboFix 08-08-04.09 - Ice 2008-08-07 17:00:26.2 - NTFSx86
Running from: D:\kituri\antivirusi si removal tools\Rootkits-FIX\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 15:59 . 2008-08-07 17:00 474 ---hs---- C:\WINDOWS\system32\wwpjllqw.ini
2008-08-07 14:45 . 2008-08-07 14:45 80,384 --a------ C:\WINDOWS\system32\wqlljpww.dll
2008-08-07 14:17 . 2008-08-07 14:17 <DIR> d-------- C:\Documents and Settings\Ice\Application Data\Nero
2008-08-07 14:12 . 2008-08-07 14:12 <DIR> d-------- C:\Program Files\Nero
2008-08-07 14:12 . 2008-08-07 14:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-07 14:12 . 2008-08-07 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-07 12:39 . 2008-08-07 12:39 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-08-07 12:39 . 2008-08-07 12:39 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 12:27 . 2008-08-07 12:27 <DIR&g... Read more

Read other answers
RELEVANCY SCORE 44

I was instructed to run combofix after the system had completely fallen apar requiring a format and reload. Data is missing. The program never completed hanging at Stage 21 with a WINDOWS CANOT FIND DISK errorNorton,SpyBot and SPYWARE DOCTOR all failed to catch this Trojan._________________________________________ Hijack Log___________________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:25, on 2007-10-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRU... Read more

A:Virtumonde Infection & Combofix Problems

Have you already reformatted and reinstalled after you found out you were infected? If so, the infection would be gone now.

Read other 1 answers
RELEVANCY SCORE 43.6

Hi, my computer is infected with Personal Antivirus. I already have installed MalwareBytes, but it will not let me run it now. I have tried Combofix and HiJackThis, both will not let me run them, even in safe mode. What now?Edit: Moved topic from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal to the more appropriate forum. ~ Animal

A:Personal Antivirus Infection - Cant run MWB, Combofix or Hijackthis

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

In addition to the two attached files (1) Attach.txt and (2) Ark.txt, I have pasted these two log files (1) DDS.txt and (2) log.txt from Combofix.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[DDS.txt]DDS (Ver_09-11-29.01) - NTFSx86 Run by sfaries at 15:36:55.70 on Mon 11/30/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1154 [GMT -6:00]AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\In... Read more

A:Google redirect infection; ComboFix attempted

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Hello! I've somehow managed to pick up a particularly nasty case of malware called Guard Online, and though I've been able to kill off malware like this before, this one is particularly tenacious. I've followed the removal guide on this site utilizing Rkill and MalwareBytes, but Rkill detects nothing and MBAM is prevented from completing its scan. The Full Scan runs for a few seconds, then abruptly closes, and further attempts to run that install are disallowed, giving me the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I'm working in Safe Mode as Administrator, so obviously this must be the malware talking. I've attempted to re-name MBAM.exe in an attempt to disguise it, but no luck.

It seems the next step is ComboFix, but it says I shouldn't run it on my own, so here I am!

Here are my results from DDS:
----------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.5512
Run by Administrator at 17:40:46 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2503 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32 ... Read more

A:Guard Online infection - ComboFix help needed?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\2919305052
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

After running MalwareBytes, Avira, and Combofix, Combofix continues to complain aboutc:\windows\system32\wininit.exec:\windows\system32\settings.iniAt about stage five, Pev.exe fails. Combofix attempts to reboot, but hangs at the "Logging Off" screen. I assume it's trying to reboot to correct a rootkit infection? Upon hard shutdown (poweroff) and reboot, icons and anything on the program menu is unoperable until reboot again. Multiple runs of ComboFix fails to correct the problem. Combofix log below.ComboFix 10-08-24.0A - a full house 08/24/2010 23:15:15.4.1 - x86Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2012.1105 [GMT -5:00]Running from: c:\users\a full house\Desktop\cf.comSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\settings.iniInfected copy of c:\windows\system32\wininit.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\wininit.exe .((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 ))))))))))))))))))))))))))))))).2010-08-25 04:23 . 2010-08-25 04:23 -------- d-----w- c:\users\Public\AppData\Local\temp2010-08-25 04:23 . 2010-08-25 04:23 -------- d-----w- c:\users\lorretaj\AppData\Lo... Read more

A:Combofix fails to correct wininit.exe infection

Hi drbeams,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will rev... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Hi...I was asked to post my Hijack This log in this forum.Here is what got me here.Last night, I tried to run Combofix.exe on my own, after reading up on usage. I shouldn't have, but I did. According the instructions, it suggested that I turn off my antivirus and other scanners. I have Symantec Endpoint and Ad-Watch running, and I closed or disabled these. I also have ZoneAlarm Free running. Though the instructions said to turn off this, I didn't feel comfortable, so I left it running.I launched Combofix, and everything seemed to run smooth, but at the beginning, I got a ZoneAlarm request for ping.exe... I assumed this was for Combofix, so I let it go. Then as Combofix was finishing, I got a request through ZoneAlarm for ipconfig.exe. Again, I assumed this was for Combofix, and I let it go. Just as my desktop was coming back, and moments before my Combofix log was opened in Notepad, Ad-Watch launched itself, and immediately caught a program psexesvc.exe. It said the program was a "Trapped Suspicous Process", and it stopped the process.Immediately following this, I received nearly 200 registry change alerts from Ad-Watch's RegShield. Most of these changes were in HKLM\S\MS\W\CV\Run, HKCU\S\MS\IE\Main, etc. These seemed very bad to me, so I blocked each and every one. I have a log from Adwatch of these attempts should you be interested.I finished up blocking those changes, and reviewed my Combofix log. It seemed ok to me. I... Read more

A:Ran Combofix With Disastrous Results, And Pos. Unknown Infection

Hello, Quixotic1. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount... Read more

Read other 13 answers
RELEVANCY SCORE 43.6

Hi,I had several trojans/viruses detected so I ran combofix and it has seemed to solve the problems, but please can you take a look at the log to check everything is ok:ComboFix 10-09-11.02 - Jonny 11/09/2010 21:37:06.1.4 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1658 [GMT 1:00]Running from: c:\documents and settings\Jonny\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Jonny\Application Data\9C004B492AF9A1EF0A6563BF3F1389D7c:\documents and settings\Jonny\Application Data\9C004B492AF9A1EF0A6563BF3F1389D7\enemies-names.txtc:\documents and settings\Jonny\Application Data\9C004B492AF9A1EF0A6563BF3F1389D7\local.inic:\documents and settings\Jonny\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnkc:\documents and settings\Jonny\Application Data\xkbyfvlcjc:\documents and settings\Jonny\Application Data\xkbyfvlcj\ejpoqkcshdw.exec:\documents and settings\Jonny\Desktop\Antimalware Doctor.lnkc:\documents and settings\Jonny\Local Settings\Application Data\Windows Serverc:\documents and settings ... Read more

A:Combofix Log (Patched.FL/AntimalwareDoctor/explorer.exe infection)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 43.6

After spending hours trying to troubleshoot this myself, I decided to ask the experts here for help.Computer was infected with what I think was a virus, tried running AVG and MalwareBytes, didn't fix the problem, then ran ComboFix, seemed to have removed the virus but now the internet connection is not working. Any help is appreciated!Log from DDS:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26Run by Administrator at 20:37:31 on 2012-02-12Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2942.1804 [GMT -8:00].AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k Loca... Read more

A:Used ComboFix to remove RootKit infection and now no internet

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 49 answers
RELEVANCY SCORE 43.6

Hello,
My teenage daughter's PC had a very bad rootkit infection.
It took over Norton Internet Security 2009 and caused many problems on her machine:
disabled cd/dvd writers and misdirected links on the internet.

After trying malwarebytes and superantispyware the computer was still infected.

I ran Combofix and it seems to be working now.

The Combofix, Malwarebytes, Superantispyware and DDS attach logs are attached.
Malwarebytes was run first. When that didn't work, Superantispyware was run in
Safe Mode. As a last resort, Combofix was run. Since one Norton file was not
removed by Combofix, I was wondering if I should uninstall Norton and reinstall
from the CD again. Thank you for your help.

I ran DDS as instructed and the log follows:
DDS (Ver_09-06-26.01) - NTFSx86
Run by holly at 13:22:32.87 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.164 [GMT -4:00]
============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program F... Read more

A:DDS logs after root infection deleted with combofix

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 42.8

Hi there,I've been directed here from the 'am Infected...' forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260851/boot-fails-bsods-restarts-when-loading-windows-etc/ ~ OB I followed the preperation guide but couldn't run RootRepeal (resets PC on scan - also reports 'invalid PE image found on running the program.)Background & probs with CombofixIt was suggested by the guys at the Micro Star forums that I run ComboFix to solve / diagnose any problems with a PC I am trying to fix. After following the guide on the bleepingcomputer webiste, and disabling security software etc.. the program just sits there and doesn't get past the 'This typically doesn't take more than 10 minutes - However...' message.It does not alter the clock or suggest it is going to do so and it does not get to any of the test stages.History of problems with computer (lasting one month)[RARE] BSOD reporting PFN_LIST_CORRUPT (0x8F) - tested drivers and memory (idividually and then both 512 sticks with memtest up to 40 passes) - all tested as working[RARE] BSOD reporting STOP: 0x0000008E - srescan.sys (something to do with zonealarm, though this has only recently been occuring since I installed zone alarm in place of other firewall products (threatfire and pctools)[FREQUENT] Some cold starts result in restarts at random points in the start-up process (initial checks... login screen... loading windows...) - some restarts result in a dead computer with a flashing HD light though this ... Read more

A:Unknown infection - combofix doesn't run, RootRepeal crashes PC,

Can you close this topic please,

I've wiped the HD and re-installed windows but still getting the same problem

Read other 3 answers