Jump to content

Malware keeps coming back


Recommended Posts

Posting log. Thank you.

DDS (Ver_10-10-21.02) - NTFSx86

Run by Lisa Pratt at 16:40:11.85 on Thu 10/21/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.209 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe

C:\documents and settings\lisa pratt\local settings\temp\fsg_4203.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Common Files\AOL\1171534602\ee\AOLSoftware.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Digital Line Detect\DLG.exe

svchost.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dlbxcoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lisa Pratt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/

uSearch Page = hxxp://www.couldnotfind.com/search_page.html?&account_id=1002412

uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080YYUS&fl=0&ptb=pLH95J1BBhS.DOCKBzyzWA&ind=2007111822&url=http://www.ask.com/web&q={searchTerms}&l=zu&o=sb

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.couldnotfind.com/search_page.html?&account_id=1002412

mSearchAssistant = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp

uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll

BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll

BHO: InstaFinderK: {4e7bd74f-2b8d-469e-90f0-f66ab581a933} - c:\progra~1\instaf~1\INSTAF~1.DLL

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll

TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll

TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\mskagent.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [opmnklaudio] rundll32.exe "pmnmml.dll",s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [<NO NAME>]

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Trickler] "c:\documents and settings\lisa pratt\local settings\temp\fsg_4203.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HostManager] c:\program files\common files\aol\1171534602\ee\AOLSoftware.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [searchSettings] c:\program files\search settings\SearchSettings.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [dALJd] c:\windows\bslcsfjw.exe

mRun: [mliifdaudio] rundll32.exe "pmnmml.dll",s

mRun: [iihedasys] rundll32.exe "nnmlii.dll",s

mRun: [iST Service] c:\program files\istsvc\istsvc.exe

dRun: [Adobe cleanup] rundll32.exe "c:\documents and settings\localservice\local settings\application data\adobe updater\mph.dll", StartProt

dRun: [gedbxusys] rundll32.exe "nnmlii.dll",s

dRun: [rqrronaudio] rundll32.exe "pmnmml.dll",s

dRunOnce: [91607778] "c:\docume~1\locals~1\locals~1\applic~1\91607778.exe" 0 24

StartupFolder: c:\documents and settings\lisa pratt\start menu\programs\startup\PowerReg Scheduler V3.exe

StartupFolder: c:\documents and settings\lisa pratt\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm

IE: &Search

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: facebook.com\www

Trusted Zone: turbotax.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: c:\windows\system32\mcafeemn.dll

STS: convalescently: {cea2e5cd-e849-427b-80f0-59298caef1c4} - c:\windows\system32\cqsfk.dll

LSA: Authentication Packages = msv1_0 nnmlii.dll

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-1 24652]

S2 windump;Windows Dumper Host;c:\windows\system32\windump.exe --> c:\windows\system32\windump.exe [?]

S3 gtermddo;gtermddo;c:\docume~1\lisapr~1\locals~1\temp\gtermddo.sys [2004-4-9 31744]

=============== Created Last 30 ================

2010-10-21 20:17:02 118272 ---ha-w- c:\windows\system32\tuvvvw.dll

2010-10-21 19:27:59 118272 ---ha-w- c:\windows\system32\khifda.dll

2010-10-21 15:31:27 118272 ---ha-w- c:\windows\system32\xxyvsp.dll

2010-10-21 14:24:34 118272 ---ha-w- c:\windows\system32\xxvuuu.dll

2010-10-21 13:25:34 118272 ---ha-w- c:\windows\system32\fccaxy.dll

2010-10-21 13:08:08 118272 ---ha-w- c:\windows\system32\xxvtro.dll

2010-10-21 13:07:22 -------- d-----w- c:\program files\ISTsvc

2010-10-21 11:23:43 118272 ---ha-w- c:\windows\system32\pmnmml.dll

2010-10-21 11:15:16 118272 ---ha-w- c:\windows\system32\opmkhh.dll

2010-10-20 11:18:49 -------- d-----w- c:\docume~1\lisapr~1\applic~1\Malwarebytes

2010-10-20 11:00:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-20 11:00:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-20 11:00:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-20 11:00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-16 01:24:47 140288 ----a-w- c:\windows\system32\pcre3.dll

2010-10-16 01:24:15 109056 ---ha-w- c:\windows\system32\nnmlii.dll

2010-10-06 19:56:42 11264 ----a-w- c:\windows\bslcsfjw.exe

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 16:42:10.54 ===============

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-21 17:08:38

Windows 5.1.2600 Service Pack 3

Running: lg1bsxdb.exe; Driver: C:\DOCUME~1\LISAPR~1\LOCALS~1\Temp\awloapog.sys

---- Kernel code sections - GMER 1.0.15 ----

? lwlyrmu.sys The system cannot find the file specified. !

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7CB9F80]

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

Disk \Device\Harddisk0\DR0 sector 03: copy of MBR

Disk \Device\Harddisk0\DR0 sector 04: copy of MBR

Disk \Device\Harddisk0\DR0 sector 05: copy of MBR

Disk \Device\Harddisk0\DR0 sector 06: copy of MBR

Disk \Device\Harddisk0\DR0 sector 07: copy of MBR

Disk \Device\Harddisk0\DR0 sector 08: copy of MBR

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sector 12: copy of MBR

Disk \Device\Harddisk0\DR0 sector 13: copy of MBR

Disk \Device\Harddisk0\DR0 sector 14: copy of MBR

Disk \Device\Harddisk0\DR0 sector 15: copy of MBR

Disk \Device\Harddisk0\DR0 sector 16: copy of MBR

Disk \Device\Harddisk0\DR0 sector 17: copy of MBR

Disk \Device\Harddisk0\DR0 sector 18: copy of MBR

Disk \Device\Harddisk0\DR0 sector 19: copy of MBR

Disk \Device\Harddisk0\DR0 sector 20: copy of MBR

Disk \Device\Harddisk0\DR0 sector 21: copy of MBR

Disk \Device\Harddisk0\DR0 sector 22: copy of MBR

Disk \Device\Harddisk0\DR0 sector 23: copy of MBR

Disk \Device\Harddisk0\DR0 sector 24: copy of MBR

Disk \Device\Harddisk0\DR0 sector 25: copy of MBR

Disk \Device\Harddisk0\DR0 sector 26: copy of MBR

Disk \Device\Harddisk0\DR0 sector 27: copy of MBR

Disk \Device\Harddisk0\DR0 sector 28: copy of MBR

Disk \Device\Harddisk0\DR0 sector 29: copy of MBR

Disk \Device\Harddisk0\DR0 sector 30: copy of MBR

Disk \Device\Harddisk0\DR0 sector 31: copy of MBR

Disk \Device\Harddisk0\DR0 sector 32: copy of MBR

Disk \Device\Harddisk0\DR0 sector 33: copy of MBR

Disk \Device\Harddisk0\DR0 sector 34: copy of MBR

Disk \Device\Harddisk0\DR0 sector 35: copy of MBR

Disk \Device\Harddisk0\DR0 sector 36: copy of MBR

Disk \Device\Harddisk0\DR0 sector 37: copy of MBR

Disk \Device\Harddisk0\DR0 sector 38: copy of MBR

Disk \Device\Harddisk0\DR0 sector 39: copy of MBR

Disk \Device\Harddisk0\DR0 sector 40: copy of MBR

Disk \Device\Harddisk0\DR0 sector 41: copy of MBR

Disk \Device\Harddisk0\DR0 sector 42: copy of MBR

Disk \Device\Harddisk0\DR0 sector 43: copy of MBR

Disk \Device\Harddisk0\DR0 sector 44: copy of MBR

Disk \Device\Harddisk0\DR0 sector 45: copy of MBR

Disk \Device\Harddisk0\DR0 sector 46: copy of MBR

Disk \Device\Harddisk0\DR0 sector 47: copy of MBR

Disk \Device\Harddisk0\DR0 sector 48: copy of MBR

Disk \Device\Harddisk0\DR0 sector 49: copy of MBR

Disk \Device\Harddisk0\DR0 sector 50: copy of MBR

Disk \Device\Harddisk0\DR0 sector 51: copy of MBR

Disk \Device\Harddisk0\DR0 sector 52: copy of MBR

Disk \Device\Harddisk0\DR0 sector 53: copy of MBR

Disk \Device\Harddisk0\DR0 sector 54: copy of MBR

Disk \Device\Harddisk0\DR0 sector 55: copy of MBR

Disk \Device\Harddisk0\DR0 sector 56: copy of MBR

Disk \Device\Harddisk0\DR0 sector 57: copy of MBR

Disk \Device\Harddisk0\DR0 sector 58: copy of MBR

Disk \Device\Harddisk0\DR0 sector 59: copy of MBR

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

Disk \Device\Harddisk0\DR0 sectors 156249809 (+1): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Attach.zip

gmerlog.log

Link to post
Share on other sites

Welcome to the forum

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

---------------------------------------------------

Next:

Please download and run ComboFix:

A few notes first:

  • ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  • ComboFix must be run from an Administrative account.
  • Vista and W7 users - Right click, choose "Run as Administrator"
  • It must be downloaded to and run from your desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    ComboFix Guide <---please read!

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks

and Please disable Autorun ASAP!.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.