My computer started behaving oddly recently, and I thought it might have been a problem with spyware again.

So I decided to do the same thing that I was told to do on these forums the last time I had spyware. I ran Malwarebytes, restarted the computer, then ran Combofix. My next step was to run HiJackThis, and then post all three logs here.

Unfortunately, after running Combofix (I made sure to close all applications and not click anywhere while it ran - only thing is that once I completely shut down AVG antivirus, Combofix gave me a warning that it was still running... I clicked 'OK' and before I could make sure that AVG was fully disabled, Combofix started running and it was too late to do anything) my computer restarted and is now stuck on the windows log on screen.

I have my own profile and a guest profile, but neither of the icons show up for me to enter XP. There is only the light blue screen and the Windows XP logo, nothing else, not even the 'Turn off this computer' button on the lower left of the screen.

I've restarted about 3 or 4 times, but it makes no difference. The only response I get from my computer is a beeping sound when I press the Enter keys, Esc and Tab.
I don't have a recovery disk for XP, but I'm hoping it doesn't have to come to that!

Could someone please help me? I would greatly appreciate it!

Thanks for your time guys!

ComboFix is extremely powerful and is only intended to be used under the supervision of a trained helper... Your experience is why this is true...

The main option is to see if you can use a Restore with System Restore to go back to the point before you ran it... Then do not run it again without supervision...

Tap the F8 key just before Windows starts to load and choose Safe Mode, then:

1. Click Start.
2. Point to All Programs.
3. Point to Accessories.
4. Point to System Tools.
5. Click System Restore.
6. Follow the instructions on the wizard.

Also, if you are running a bootleg version of WinXP, you will likely get infected again and many helpers will not help you given that it is so futile... This is the 3rd time you have posted with this kind of problem and you don't seem to finish when you start, so I am not particularly interested in following up either...

Firstly, I really want you to know that there is no doubt in how grateful I am for the help you guys provide... you don't have to do it, and I realise that fully. At the same time, because of this, I followed the steps I was instructed to do when I first posted a problem here. I know it may not have been the smartest thing, but it was merely me being proactive.

Secondly, no, I am not running a bootleg copy of Windows XP. I bought my computer off another guy who unfortunately still has the CD. The only 'illegal' thing in my computer would be MS Office, and I haven't used that regularily (if at all) in about a year.

And thirdly, I have followed up every time to confirm if my computer is running smoothly or not after following your instructions. The first time I posted, I followed up... the second time, I'm assuming you refer to the post under 'kay_ikram', that was my mum and it was her responsibility to follow up, which she did not do.
This is the second time I've had a computer problem and I've posted my issue. And I can assure you that by all means, I will follow up with this no matter what.

Now... unfortunately, I'll have to be a pain for a little longer! :( I have followed the instructions posted, but Windows does not start in Safe Mode. I still get the Windows logo in front of the light blue screen, with no options to log on or shut down the computer. Apart from the usual screen resolution being bigger, there's no difference in the Safe Mode screen and the 'start Windows normally' screen.

Sigh... I really wish LIFE had a system restore point. I wouldn't have to hate myself so much then >__>

Once again, thanks so much!

You should be able to get to system restore from the Help and Support icon in the start menu.

That's the problem unfortunately :(
I cannot get into Windows at all to get to the Start menu. Even in Safe Mode, all I see is the log on screen without any profiles to log into, just the Windows XP logo...
I'll see if I can find an image of it for you guys!

In Safe Mode, you should be going straight to the Admin account... If you are not, you could try "Last known good configuration" if that option in there in the boot menu when you press F8...

One of the reasons that ComboFix attempts to get you to set up the Recovery Console is so that you can recover if something like this happens... If you don't have the XP disk, you may end up being out of luck...

Thanks for the help guys.

Unfortunately it's not logging me onto the Admin account, no matter what option I choose. Seems like I will need the recovery CD. I just had a rummage around the house and I'm sure it's still with the previous owner now.
Fingers crossed he still has it! And I guess if all hope fails, I can always get a Mac :p

I too am having problems with ComboFix. It was ran on my computer by a certain unnamed software vender, lets call them "McDafee" without my permission. It took me 2 weeks to find out why SpywareDoctor was finding an infection in my registry called "Application.NirCmd." Now I come to realize that it is most likely ComboFix. Does anybody have any similar experiences with "McDafee." I read that ComboFix was taken of the market for a while since it contained a rootkit. Does anybody know of any recent problems with ComboFix, and why so many anti-spyware programs show this software as potentially dangerous? And finally how in the hell do I get it off my computer? Its not listed in program list or any running service that I can find. And SpywareDoctor just suggests to add it to my threat ignore list, but I don't want any program that I didn't agree to on my computer. All help would be greatly appreciated. I am running windows xp with IE6.

Thank you,
Ebc0885

I too am having problems with ComboFix. It was ran on my computer by a certain unnamed software vender, lets call them "McDafee" without my permission. It took me 2 weeks to find out why SpywareDoctor was finding an infection in my registry called "Application.NirCmd." Now I come to realize that it is most likely ComboFix. Does anybody have any similar experiences with "McDafee." I read that ComboFix was taken of the market for a while since it contained a rootkit. Does anybody know of any recent problems with ComboFix, and why so many anti-spyware programs show this software as potentially dangerous? And finally how in the hell do I get it off my computer? Its not listed in program list or any running service that I can find. And SpywareDoctor just suggests to add it to my threat ignore list, but I don't want any program that I didn't agree to on my computer. All help would be greatly appreciated. I am running windows xp with IE6.

Thank you,
Ebc0885This post is so full of mistakes and misinformation it is hard to know where to begin... I am guessing you mean McAfee?? If so, there is no way that McAfee is using ComboFix for anything... As for ComboFix being taken off the market, it was never on the market... It is a free tool and it is pulled occasionally to fix bugs or other problems that come up as it evolves... It is sometimes tagged by anti-malware programs because it uses tools that are potentially used by abusive programs, including the one you noted... It certainly does not and never has contained a rootkit... If you actually installed ComboFix, it is easy enough to delete it... However, if you are saying it was installed by someone else, it is probably not ComboFix and you computer is probably infected... If that is the case, you need to start your own thread to ask for help... If it is not the case and you have any other questions, please start your own thread to ask them...

If the only evidence you have actually seen to suggest that ComboFix is installed is the existence of NirCmd, that is a publicly available tool that may have been used by malware or by some other program, so it is quite likely that you do not even have ComboFix...

Combofix is not, never has been a virus. Yes, it is detected as such by many AV tools, because it works as a level that can be very damaging to the OS, if used improperly.

I have never heard that it was 'taken off the market' for any reason...

And if it isn't running and isn't anywhere you can find it, then it isn't there...except for a leftover registry entry...that can either be ignored (like recommended) or manually searched for and removed (not recommended unless very familiar and comfortable with registry editing).

Now on to your OS...what version of XP (any service packs)? And IE6?

Wow guys thanks for the condescending remarks. Maybe if you read your on forum and links you would see that combo fix was withdrawn for a time in 2007 because a rootkit in the wild caused combo fix to delete all files from the system drive. And as for the infection spyware doctor and hijack this both confirm that the "Application.NirCmd" was caused by combo fix. Thanks for being so nice to a newbie like myself. You have really made this a pleasant experience

Wow guys thanks for the condescending remarks. Maybe if you read your on forum and links you would see that combo fix was withdrawn for a time in 2007 because a rootkit in the wild caused combo fix to delete all files from the system drive. And as for the infection spyware doctor and hijack this both confirm that the "Application.NirCmd" was caused by combo fix. Thanks for being so nice to a newbie like myself. You have really made this a pleasant experience

If you had read what I actually wrote, you would see I noted that ComboFix has been withdrawn a number of times to fix various issues... However, it has never been on the "market", so that reference was just wrong...

It doesn't matter if Spyware Doctor claimed NirCmd is from ComboFix, it is a readily available tool that a number of different applications use, so it could be from any number of sources... HijackThis does not analyze files, it simply reports them, so there is no way it could confirm that the source of that file on your computer was ComboFix...

http://download.cnet.com/NirCmd/3000-2094_4-77191.html
http://www.softpedia.com/get/System/System-Miscellaneous/NirCmd.shtml
http://www.nirsoft.net/utils/nircmd.html
http://www.snapfiles.com/get/nircmd.html

Again, assuming you did not install ComboFix yourself, it is not installed by any other legitimate program... The Developer and those of us that use it are very careful about how it is used and it is always installed by the user... If you gave your computer over to someone else to clean it up, it is possible that this person installed it, but someone had to make the choice to install it on your computer if it is there... If it is there, it should be fairly simple to find... If you have some rogue program that is claiming to be ComboFix, that may not be as true...

As for your greeting here, you came in making outrageous claims about a tool that we use to help people all over the web and provide no support for those claims... You apparently are even accusing McAfee of infecting your computer, however, that is difficult to tell since you refer to "McDafee" and it is possible you mean something else... If you wish to be treated more pleasantly, don't come crashing in and making accusations about things you appear to not understand...