Jump to content

D.D.S. Script don't produce text file


Recommended Posts

Hi,

I'm suspecting that my PC is stil infected with malware after running MBAM. The programme did remove some problem files. I also ran TDSSKiller which solved my problem of MBAM and AVG Free which didn't want to update. However the PC is still very slow and from time to time I do get a warning indicating that virtual memory is too low.

I then stumbled upon your "I'm infected - What do I do now?" article and realized that I might have started at the wrong point...

I downloaded D.D.S. scr and ran it. The command screen pops up for a second and then closes again. I managed to screen capture it to read it and this is what I got:

Note on disabling script blocking tools etc.

The syntax of the command is incorrect. (x5)

'''''' is not recognized as an internal or external command, operable program or batch file.

It would be great if someone could give some advice here!

Thanks,

Johan

Link to post
Share on other sites

  • Replies 100
  • Created
  • Last Reply

Top Posters In This Topic

:welcome:

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

Now try a new DDS scan

Link to post
Share on other sites

Hi LDTate!

It seems I have a bigger problem than I originally thought. -

When I run rkill, the command screen opens and pauses quite a while with the message "Preparing Rkill." and then just closes without displaying any log of any processes that were terminated. Running DDS directly afterwards still produces the message "The syntax of the command is incorrect."

I tried booting in safe mode, but gets a message "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device".

I also noticed that my folder options "Hide extensions for known file types" and "Hide protected operating system files" remains ticked after I un-tick and apply and re-open the folder options.

Link to post
Share on other sites

OK, I finally got it upgraded to SP3 and did all the windows updates, re-booted and repeated untill there were no more critical updates. No change though - rkill and dss still don't work. :(

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Yes, all 5 of rkill just comes as far as "Preparing Rkill"

Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d75b3ae8fd9f3242a95032db6e03cf4f

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-07-19 01:30:25

# local_time=2012-07-19 03:30:25 (+0200, South Africa Standard Time)

# country="South Africa"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 12026435 12026435 0 0

# compatibility_mode=8192 67108863 100 0 375 375 0 0

# scanned=50258

# found=2

# cleaned=2

# scan_time=3791

C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun0.inf INF/Autorun worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun1.inf INF/Autorun worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Download Combofix from the link below but rename it to Iexplorer.com before saving it to your desktop.

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

* IMPORTANT !!! Save Iexplorer.com to your Desktop

Link 1

Double click on the Iexplorer.com ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:

If combofix (Iexplorer) won't run from the desktop, try running it from the USB device.

Link to post
Share on other sites

Halfway through the scan (about 10 minutes), I get a windows warning stating that System is low on virtual memory. Windows is increasing...

And then a little while later, ComboFix stopped with the message: grep: memory exhausted.

I checked the My Computer properties and saw that there is only 240MB of RAM. I'll hunt around for some RAM and try again.

Link to post
Share on other sites

PROGRESS!! I don't know why I never thought of ripping some RAM from an old un-used PC earlier! I'm up to 496MB and everything works much better now.

Here is the rkill log now:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 2012/07/20 at 10:27:48.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

--- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: localhost:3128

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.

Rkill completed on 2012/07/20 at 10:27:54.

Link to post
Share on other sites

OK, I decided to re-boot so as to see if my original problem with the dds scanner was also related to the RAM and indeed it was. Here is the log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by J. Fourie at 10:49:54 on 2012-07-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.117 [GMT 2:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Parental Control\ParentalControl.Exe

C:\Program Files\Autorun Eater\oldmcdonald.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\ChgService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Autorun Eater\billy.exe

C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = localhost:3128

mWinlogon: Userinit=c:\windows\system32\userinit.exe,System,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\t.h. ngcobo\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [ParentalControl] c:\program files\parental control\ParentalControl.Exe /SERVICE

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11g wireless cardbus & pci adapter hw.51 v1.00\WlanCU.exe

uPolicies-explorer: NoMultiIE = 0 (0x0)

uPolicies-explorer: LWA = 0 (0x0)

uPolicies-explorer: LWB = 0 (0x0)

uPolicies-explorer: LWC = 0 (0x0)

uPolicies-explorer: LWD = 0 (0x0)

uPolicies-explorer: LWE = 0 (0x0)

uPolicies-explorer: LWF = 0 (0x0)

uPolicies-explorer: LWG = 0 (0x0)

uPolicies-explorer: LWH = 0 (0x0)

uPolicies-explorer: LWI = 0 (0x0)

uPolicies-explorer: LWJ = 0 (0x0)

uPolicies-explorer: LWK = 0 (0x0)

uPolicies-explorer: LWL = 0 (0x0)

uPolicies-explorer: LWM = 0 (0x0)

uPolicies-explorer: LWN = 0 (0x0)

uPolicies-explorer: LWO = 0 (0x0)

uPolicies-explorer: LWP = 0 (0x0)

uPolicies-explorer: LWQ = 0 (0x0)

uPolicies-explorer: LWR = 0 (0x0)

uPolicies-explorer: LWS = 0 (0x0)

uPolicies-explorer: LWT = 0 (0x0)

uPolicies-explorer: LWU = 0 (0x0)

uPolicies-explorer: LWV = 0 (0x0)

uPolicies-explorer: LWW = 0 (0x0)

uPolicies-explorer: LWX = 0 (0x0)

uPolicies-explorer: LWY = 0 (0x0)

uPolicies-explorer: LWZ = 0 (0x0)

uPolicies-system: DisableClock = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342541062625

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: Interfaces\{F040A7DC-1F30-4821-B9D4-DCDECB54CFB5} : NameServer = 196.43.1.11,196.25.1.11

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-10-17 135168]

S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-10-17 103424]

.

=============== Created Last 30 ================

.

2012-07-20 06:42:04 -------- d-sha-r- C:\cmdcons

2012-07-20 06:35:08 98816 ----a-w- c:\windows\sed.exe

2012-07-20 06:35:08 518144 ----a-w- c:\windows\SWREG.exe

2012-07-20 06:35:08 256000 ----a-w- c:\windows\PEV.exe

2012-07-20 06:35:08 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 06:34:56 -------- d-s---w- C:\Iexplorer

2012-07-19 12:21:10 -------- d-----w- c:\program files\ESET

2012-07-19 06:28:36 -------- d-----w- C:\53982c37fb4e5f4cb42dd1e3

2012-07-19 06:08:04 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\IECompatCache

2012-07-19 06:06:24 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\PrivacIE

2012-07-19 06:01:49 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\IETldCache

2012-07-18 06:57:00 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-07-18 06:52:53 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-07-18 06:51:44 -------- d-----w- c:\windows\ie8updates

2012-07-18 06:50:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-07-18 06:50:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-07-18 06:50:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2012-07-18 06:46:17 -------- dc-h--w- c:\windows\ie8

2012-07-17 16:34:51 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-07-17 16:31:48 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-07-17 16:31:48 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-17 16:28:12 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2012-07-17 16:28:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-07-17 16:27:28 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-07-17 16:24:29 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2012-07-17 16:24:13 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2012-07-17 16:24:08 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2012-07-17 16:23:50 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll

2012-07-17 16:23:50 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2012-07-17 16:23:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2012-07-17 16:22:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2012-07-17 16:21:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2012-07-17 16:19:41 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2012-07-17 16:19:41 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2012-07-17 16:17:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2012-07-17 16:13:49 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2012-07-17 16:12:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2012-07-17 16:12:46 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2012-07-17 16:06:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-07-17 15:45:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2012-07-17 15:45:18 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2012-07-17 15:44:42 9728 ------w- c:\windows\system32\rwnh.dll

2012-07-17 15:44:41 10752 ------w- c:\windows\system32\smtpapi.dll

2012-07-17 15:42:51 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe

2012-07-17 15:42:46 -------- d-----w- c:\windows\l2schemas

2012-07-17 15:42:45 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll

2012-07-17 15:42:44 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll

2012-07-17 15:42:44 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll

2012-07-17 15:42:44 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll

2012-07-17 15:42:44 -------- d-----w- c:\windows\system32\en

2012-07-17 15:28:49 19569 ----a-w- c:\windows\007493_.tmp

2012-07-17 14:38:59 19968 ----a-w- c:\windows\system32\SET2E8.tmp

2012-07-17 14:37:59 18944 ----a-w- c:\windows\system32\SET1A4.tmp

2012-07-17 14:35:52 19569 ----a-w- c:\windows\006137_.tmp

2012-07-09 08:32:25 -------- d-----w- c:\documents and settings\t.h. ngcobo\local settings\application data\Google

2012-07-09 08:31:17 -------- d-----w- c:\documents and settings\t.h. ngcobo\local settings\application data\Deployment

2012-07-06 06:54:20 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-04 14:08:59 -------- d-----w- c:\documents and settings\t.h. ngcobo\application data\Malwarebytes

2012-07-04 14:08:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-02 09:27:04 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys

2012-07-02 09:27:04 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

2012-07-02 09:27:02 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys

2012-07-02 09:27:02 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys

.

==================== Find3M ====================

.

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 14:46:47 78336 ------w- c:\windows\system32\ieencode.dll

.

============= FINISH: 10:51:23.01 ===============

I will now wait for further instruction from you (I still have ComboFix on the desktop under the name Iexplorer.com but will not run it unless you tell me to)

Link to post
Share on other sites

No, I do not work through a proxy server. When I started working with this PC, that proxy settings prevented me from getting access to the internet. After running MBAM the problem was solved.

Let me run combofix...

Link to post
Share on other sites

The blue AutoScan screen of ComboFix is now open for almost an hour with the message "Scanning for infected files... This typically doesn't take more than 10 minutes however, scan times for badly infected machines may easily double" and a blinking cursor. Is it still busy scanning or has the process halted for some reason?

Link to post
Share on other sites

It doesn't seem as if there is any activity. I have to go now - will leave it running and check back in about 2 hours. If there's anything else I should try, let me know.

Thanks!

Link to post
Share on other sites

bring up Task Manage using CTRL+ALT+DELETE. See if any of these processes are running, and End Task on them one at a time and see if it frees up CF:

pev

findstr

sed

grep

nircmd

swsc

* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

Next lets get rid of the proxy.

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Now try Combofix again

Link to post
Share on other sites

Hi, I'm not sure in which time zone you are, but I'm at GMT+2 - I suspect you're awake when I'm sleeping and vice versa ;)

I brought the PC home (ja sure, I have nothing better to do on a Friday evening!). The only process in the taskmanger from your list above is GREP.3XE and its memory usage is quite high (pushes PF usage to 0.99GB). I ended it and it caused the AutoScan window to close.

I switched the proxy server off and CF is scanning again - about 30 minutes that it is busy now...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.