[Harriers9]

I have had a problem surface while using ComboFix as instructed here:

http://www.geekstogo...88#entry1757688

Please take a look at this attachment to see the problem and tell me how to cure it.

[Advertisements]

Sorry wrong forum as we don't help with anything to do with malware or any of the programs that are used for removal.
I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the
START HERE. These self-help tools will help you clean up 70% of problems on your own.
If you are still having problems after doing the steps, then please post the requested logs in THAT forum.
If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

[rshaffer61]

Sorry wrong forum as we don't help with anything to do with malware or any of the programs that are used for removal.
I suggest you go to the Malware Removal and Spyware Removal Forum and run all the steps located in the
START HERE. These self-help tools will help you clean up 70% of problems on your own.
If you are still having problems after doing the steps, then please post the requested logs in THAT forum.
If you are unable to run any of the tools then start a new topic in the malware forum and put this in the subject line...I am unable to run any malware tools

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).

Add a link to this topic so that malware tech can see what steps have been taken here

[Harriers9]

I was sent here by the guy helping me on there.

I have already run the fixes advised and this problem cropped up. He says that it's nothing to do with malware but is a Windows problem.

I have to say there was no problem in that respect until I ran ComboFix so it must be something to do with that. Now though I seem to be stuck with a dodgy C Drive that has multiple ComboFix references in it.

This is not an acceptable result to me. I expected a repair suggested on this forum to actually cure the problem and not to create new ones.

[Eclipsed]

rshaffer61, he was pointed here for help after working in the infection forum...

[Harriers9]

I think the reason I was sent here was because of this mention on the other thread.

I've run ComboFix but I didn't get a txt file and I can't find one on the C drive either. I did notice that my C drive has renamed itself to ComboFix though. Is that right?

Also when ComboFix started to close windows after the 50 stage scan I got a blue screen for a few seconds. Just caught Bad Pool Header before it vanished

[ldtate]

I sent the OP here because of "Blue Screen + Bad Pool error"
Seeing the picture that was attached shows multiple Local Disk C:

This isn't something that CF caused.

[wannabe1]

I give up.......how'd you do that?

In looking through your logs in the malware forum, it looks like the System Restore feature is on and active. See if running System Restore to a time just before you ran ComboFix will straighten out the Local Disk C: directory. Keep in mind that this will likely restore some infected files, but ldtate won't mind...he lives for this stuff.

If that straightens out the directory, we'll see if the file system is ok.

Did you change the Windows folder to a media folder or did it just suddenly show up that way?

[Harriers9]

I've only had the PC back for about 3 weeks after the original motherboard died.

Since then I've installed more memory and a graphics card and not even looked in the system folders at all. The guy that got it all working for me used the backup from my WD back up drive and I found that my profile had got corrupted and couldn't get onto IE8 but could on Fire Fox. My email, Thunderbird, was also corrupted and kept looking for an old profile reference.

I started a new profile and deleted the old one.

Then the other day a trojan got onto the computer even though AVG and Malwarebytes were running but didn't flag anything up. Since then I've had nothing but annoying little problems.

Random IE pages appear and Sitemeter on all of my websites is no longer accessible. I cannot even get onto the SM home page via this PC yet I can via my laptop and my mobile.

I have no graphics in Ebay or on Facebook and also banners on my message board have vanished.

I will drop back to a previous System Restore to see if this current problem goes but I'm really thinking that I'm looking at a full re-install of XP. Something that I didn't really expect so soon after having a 'new' PC.

[happyrock]

collapse all the expanded windows...you will see the top C drive and combofix above it on the desktop...
the rest are only visible after you expand the C drive

uninstalling combofix should make it all go away except the top C drive..

[rshaffer61]

I'm sorry for the confusion as I should have read more carefully.
Also try running chkdsk /r on the drive and see if it will correct the issue.

Go to
Start and then to Run
Type in Chkdsk /r Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y
If the window doesn't shutdown on its own then reboot the system manually. On reboot the system will start the chkdsk operation
This one will take longer then chkdsk /f

Note... there are 5 stages...
It may appear to hang at a certain percent for a hour or more or even back up and go over the same area...this is normal...
DO NOT SHUT YOUR COMPUTER DOWN WHILE CHKDSK IS RUNNING OR YOU CAN HAVE SEVERE PROBLEMS
This can take several hours to complete.
When completed it will boot the system back into windows.

Let me know if this fixes the problem








How To Run Chkdsk /r from Recovery Console:


How to run checkdisk from recovery console (Windows xp). (Courtesy dsenette)

• Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  Note:Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted to do so.
• When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  Note:If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console.
• When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER.
• At the Recovery Console command prompt, type the following then press Enter:
  

  chkdsk /r

• Allow this to run UNDISTURBED until completed (45 min or so)
• Report any errors

[b]If that doesn't work we may have to run SFC to check on missing or corrupted files.

[Harriers9]

I have deleted ComboFix rather than doing a System Restore. Mainly in the hope that CF did get rid of the rootkit problem and not wanting to have it come back.

The CF references have now all gone.

Next up is the CHK disc and then once that's done I'll be back for some help to cure my other problem of missing graphics etc.

[ldtate]

I found out the reason for all the Combofix Folders and local C: drives was because Combofix didn't finish.

[wannabe1]

ah...didn't try that.

Thanks ldt...

[ldtate]

ah...didn't try that.

Thanks ldt...

I hadn't seen that before so I asked. Ried told me what happened.

Inner workings of CF. Those 'C:\' drives are the combofix folder. If the user would have gotten a run to complete, that folder would have gone away - or as you just did - uninstall ComboFix.

So we leaned something new again today

[Harriers9]

I've now run CHKDSK. All clean.

In light of the above should I run CF again or leave it a while to see if the rootkit problem has gone?

I'll do a separate thread for the other problem. I still have that.