-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Feb
14
help with HJT results please
Filed Under Virus |
hi i need some help as i ran HJT on my sys it found a few things but im not going to touch it till i get some advise i am running vista home premium
Logfile of HijackThis v1.99.1
Scan saved at 9:58:32 p.m., on 18/01/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\sackdvscomy\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sackdvscomy\Program Files\hijackthis_sfx\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\sackdvscomy\Program Files\DNA\btdna.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC…ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D0B97A-5D61-4E5F-8BD3-37CC056CDC39}: NameServer = 203.97.33.1,203.97.37.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
i have been having a issue with my internet were my computer tells me that i am connected to the internet but i cant browse anything but if i restart the computer it is fine again
Welcome to linabbs 370hsv 
You are using an outdated version of HijackThis. Additionally, HijackThis no longer provides us with enough information for an intitial diagnosis. Please read this topic and post the recommended logs here.
dds notepad
DDS (Ver_09-01-18.01) - NTFSx86
Run by sackdvscomy at 19:05:46.53 on Mon 19/01/2009
Internet Explorer: 7.0.6000.16764
Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.64.1033.18.511.141 [GMT 13:00]
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Users\sackdvscomy\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\sackdvscomy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [BitTorrent DNA] "c:\users\sackdvscomy\program files\dna\btdna.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SoundMan] SOUNDMAN.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: {E1D0B97A-5D61-4E5F-8BD3-37CC056CDC39} = 203.97.33.1,203.97.37.1
================= FIREFOX ===================
FF - ProfilePath - c:\users\sackdv~1\appdata\roaming\mozilla\firefox\profiles\gduac4z7.default \
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\sackdvscomy\program files\dna\plugins\npbtdna.dll
============= SERVICES / DRIVERS ===============
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R4 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-11-1 14976]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-4 1125208]
S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2009-1-4 28672]
=============== Created Last 30 ================
2009-01-18 14:23 43,520 a——- c:\windows\system32\drivers\Rtnicxp.sys
2009-01-18 14:23 9,728 a——- c:\windows\system32\RtNicProp32.dll
2009-01-18 13:43 <DIR> –d—– c:\program files\Innovative Solutions
2009-01-18 13:35 <DIR> –d—– c:\program files\Saleen Software
2009-01-18 13:18 <DIR> –d—– c:\programdata\PC Drivers HeadQuarters
2009-01-18 13:18 <DIR> –d—– c:\progra~2\PC Drivers HeadQuarters
2009-01-18 13:08 <DIR> –d—– c:\users\sackdv~1\appdata\roaming\Blitware
2009-01-17 16:34 <DIR> –d—– c:\programdata\PrevxCSI
2009-01-17 16:34 <DIR> –d—– c:\progra~2\PrevxCSI
2009-01-15 13:24 290,304 a——- c:\windows\system32\drivers\srv.sys
2009-01-13 18:39 552 a——- c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-01-10 13:25 <DIR> –d—– c:\program files\Eusing Free Registry Cleaner
2009-01-10 13:16 <DIR> –d—– c:\users\sackdv~1\appdata\roaming\Uniblue
2009-01-04 17:37 28,672 a——- c:\windows\system32\drivers\RKHit.sys
2009-01-04 17:25 <DIR> –d—– c:\program files\Exterminate It!
2009-01-04 16:49 198,656 a——- c:\windows\system32\CNMLM83.DLL
2009-01-03 23:36 2,036,576 a——- c:\windows\system32\D3DCompiler_40.dll
2009-01-03 23:36 452,440 a——- c:\windows\system32\d3dx10_40.dll
2009-01-03 23:36 4,379,984 a——- c:\windows\system32\D3DX9_40.dll
2009-01-03 23:36 514,384 a——- c:\windows\system32\XAudio2_3.dll
2009-01-03 23:36 70,992 a——- c:\windows\system32\XAPOFX1_2.dll
2009-01-03 23:36 235,856 a——- c:\windows\system32\xactengine3_3.dll
2009-01-03 23:36 23,376 a——- c:\windows\system32\X3DAudio1_5.dll
2009-01-03 23:36 68,616 a——- c:\windows\system32\XAPOFX1_1.dll
2009-01-03 23:36 509,448 a——- c:\windows\system32\XAudio2_2.dll
2009-01-03 23:36 238,088 a——- c:\windows\system32\xactengine3_2.dll
2009-01-03 23:34 2,297,552 a——- c:\windows\system32\d3dx9_26.dll
2009-01-03 23:30 <DIR> –d-h— c:\windows\msdownld.tmp
2009-01-03 23:30 <DIR> –d—– c:\windows\system32\directx
2009-01-03 21:20 <DIR> -cd-h— c:\programdata\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-03 21:20 <DIR> -cd-h— c:\progra~2\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-03 21:20 <DIR> –d—– c:\program files\Utherverse Digital Inc
2008-12-26 10:05 <DIR> –d—– c:\program files\Bonjour
2008-12-26 10:00 <DIR> –d—– c:\programdata\Apple
==================== Find3M ====================
2009-01-18 14:33 51,200 a——- c:\windows\inf\infpub.dat
2009-01-18 14:33 86,016 a——- c:\windows\inf\infstrng.dat
2009-01-18 14:33 86,016 a——- c:\windows\inf\infstor.dat
2008-12-13 11:52 174 a–sh— c:\program files\desktop.ini
2008-12-07 17:03 410,984 a——- c:\windows\system32\deploytk.dll
2008-11-01 16:33 1,687,040 a——- c:\windows\system32\gameux.dll
2008-11-01 16:33 52,736 a——- c:\windows\apppatch\iebrshim.dll
2008-11-01 16:33 2,144,256 a——- c:\windows\apppatch\AcGenral.dll
2008-11-01 16:33 537,600 a——- c:\windows\apppatch\AcLayers.dll
2008-11-01 16:33 449,536 a——- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 16:33 173,056 a——- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 16:33 28,672 a——- c:\windows\system32\Apphlpdm.dll
2008-11-01 12:38 4,247,552 a——- c:\windows\system32\GameUXLegacyGDFs.dll
2008-11-01 12:23 2,560 a——- c:\windows\apppatch\AcRes.dll
2008-10-29 19:20 2,923,520 a——- c:\windows\explorer.exe
2008-10-22 16:43 241,152 a——- c:\windows\system32\PortableDeviceApi.dll
2008-10-22 16:43 160,768 a——- c:\windows\system32\PortableDeviceTypes.dll
2008-10-22 16:43 95,232 a——- c:\windows\system32\PortableDeviceClassExtension.dll
2008-10-22 12:31 2,048 a——- c:\windows\system32\tzres.dll
2008-07-21 16:52 665,600 a——- c:\windows\inf\drvindex.dat
2006-11-03 01:42 287,440 a——- c:\windows\inf\perflib\0409\perfi.dat
2006-11-03 01:42 287,440 a——- c:\windows\inf\perflib\0409\perfh.dat
2006-11-03 01:42 30,674 a——- c:\windows\inf\perflib\0409\perfd.dat
2006-11-03 01:42 30,674 a——- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 22:20 287,440 a——- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 22:20 287,440 a——- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 22:20 30,674 a——- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 22:20 30,674 a——- c:\windows\inf\perflib\0000\perfc.dat
2007-02-22 08:49 8,192 a–sh— c:\windows\users\default\NTUSER.DAT
============= FINISH: 19:07:11.44 ===============
attach notepad
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-01-18.01)
Microsoft� Windows Vista� Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21/07/2008 12:36:23 p.m.
System Uptime: 19/01/2009 6:36:52 p.m. (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | ‘P4SD-LA’
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 153 GiB total, 39.151 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP215: 15/01/2009 12:34:40 p.m. - Scheduled Checkpoint
RP216: 15/01/2009 5:28:34 p.m. - Windows Update
RP217: 16/01/2009 11:21:52 a.m. - Scheduled Checkpoint
RP218: 17/01/2009 7:41:59 p.m. - Scheduled Checkpoint
RP219: 17/01/2009 10:18:08 p.m. - Removed Apple Mobile Device Support
RP221: 17/01/2009 10:21:48 p.m. - Removed Apple Mobile Device Support
RP222: 17/01/2009 10:24:10 p.m. - Removed Apple Software Update
RP223: 18/01/2009 11:33:20 a.m. - Scheduled Checkpoint
RP225: 18/01/2009 1:17:27 p.m. - Installed Driver Detective
RP226: 18/01/2009 1:25:34 p.m. - Removed Driver Detective.
RP227: 18/01/2009 2:13:15 p.m. - Device Driver Package Install: Intel System devices
RP228: 18/01/2009 2:24:25 p.m. - Device Driver Package Install: Realtek Semiconductor Corp. Network adapters
RP229: 18/01/2009 2:28:05 p.m. - Device Driver Package Install: Intel Universal Serial Bus controllers
RP230: 18/01/2009 2:32:53 p.m. - Device Driver Package Install: Intel System devices
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
ArcSoft PhotoStudio 5.5
AviSynth 2.5
BitTorrent
Bonjour
Canon MP Navigator 3.0
Canon MP160
Canon Utilities Easy-PhotoPrint
D-Link DSLs
DNA
Driver Detective
DriverMax 4
Eye 110
GTOneCare
ImTOO DVD Creator
ImTOO DVD Ripper Ultimate
Java(TM) 6 Update 11
Java(TM) 6 Update 7
K-Lite Codec Pack 3.9.0 Full
LimeWire PRO 4.16.2
Microsoft Application Error Reporting
Microsoft Office Professional Edition 2003
Microsoft Protection Service
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Motorola Driver Installation 3.7.0
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
PS3.ProxyServerVista-R3T3LL
PX Engine
QuickTime
Realtek AC’97 Audio
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Utherverse 3D Client
Windows Live installer
Windows Live Messenger
Windows Live OneCare
Windows Live Photo Gallery
Windows Live Sign-in Assistant
WinRAR archiver
==== Event Viewer Messages From Past Week ========
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 121.72.248.123:50000. The error status code is contained within the returned data.
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 169.254.92.112:50000. The error status code is contained within the returned data.
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.2:50000. The error status code is contained within the returned data.
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.3:50000. The error status code is contained within the returned data.
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.4:50000. The error status code is contained within the returned data.
12/01/2009 12:17:52 p.m., Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.100.11:50000. The error status code is contained within the returned data.
13/01/2009 10:49:26 a.m., Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000EA6574924 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
16/01/2009 5:56:13 p.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
16/01/2009 5:56:13 p.m., Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/01/2009 10:23:05 p.m., Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
18/01/2009 12:07:15 p.m., Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for 192.168.1.4:50000. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
18/01/2009 12:19:55 p.m., Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
==== End Of File ===========================
Please visit the following webpage for instructions for downloading and running ComboFix
How to use ComboFix
Download ComboFix by sUBs from here, saving the file to your desktop.
Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall
ComboFix 09-01-18.03 - sackdvscomy 2009-01-19 20:34:40.1 - NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.1.1033.18.511.86 [GMT 13:00]
Running from: c:\users\sackdvscomy\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\RKHit.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_RKHIT
——-\Service_RkHit
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.
2009-01-18 14:23 . 2008-10-29 16:29 43,520 –a—— c:\windows\System32\drivers\Rtnicxp.sys
2009-01-18 14:23 . 2008-07-21 13:08 9,728 –a—— c:\windows\System32\RtNicProp32.dll
2009-01-18 13:43 . 2009-01-18 13:43 <DIR> d——– c:\program files\Innovative Solutions
2009-01-18 13:35 . 2009-01-18 13:38 <DIR> d——– c:\program files\Saleen Software
2009-01-18 13:18 . 2009-01-18 13:18 <DIR> d——– c:\users\All Users\PC Drivers HeadQuarters
2009-01-18 13:18 . 2009-01-18 13:18 <DIR> d——– c:\programdata\PC Drivers HeadQuarters
2009-01-18 13:08 . 2009-01-18 13:08 <DIR> d——– c:\users\sackdvscomy\AppData\Roaming\Blitware
2009-01-17 16:34 . 2009-01-17 16:46 <DIR> d——– c:\users\All Users\PrevxCSI
2009-01-17 16:34 . 2009-01-17 16:46 <DIR> d——– c:\programdata\PrevxCSI
2009-01-15 13:24 . 2008-12-16 16:14 290,304 –a—— c:\windows\System32\drivers\srv.sys
2009-01-13 18:39 . 2009-01-13 18:39 552 –a—— c:\windows\System32\DO_NOT_DELETE.backupSetID
2009-01-10 13:25 . 2009-01-17 17:09 <DIR> d——– c:\program files\Eusing Free Registry Cleaner
2009-01-10 13:16 . 2009-01-10 13:16 <DIR> d——– c:\users\sackdvscomy\AppData\Roaming\Uniblue
2009-01-04 17:25 . 2009-01-04 17:34 <DIR> d——– c:\program files\Exterminate It!
2009-01-04 16:49 . 2008-04-02 20:00 198,656 –a—— c:\windows\System32\CNMLM83.DLL
2009-01-03 23:36 . 2008-10-10 04:52 4,379,984 –a—— c:\windows\System32\D3DX9_40.dll
2009-01-03 23:36 . 2008-10-10 04:52 2,036,576 –a—— c:\windows\System32\D3DCompiler_40.dll
2009-01-03 23:36 . 2008-10-27 10:04 514,384 –a—— c:\windows\System32\XAudio2_3.dll
2009-01-03 23:36 . 2008-07-30 06:20 509,448 –a—— c:\windows\System32\XAudio2_2.dll
2009-01-03 23:36 . 2008-10-10 04:52 452,440 –a—— c:\windows\System32\d3dx10_40.dll
2009-01-03 23:36 . 2008-07-30 06:20 238,088 –a—— c:\windows\System32\xactengine3_2.dll
2009-01-03 23:36 . 2008-10-27 10:04 235,856 –a—— c:\windows\System32\xactengine3_3.dll
2009-01-03 23:36 . 2008-10-27 10:04 70,992 –a—— c:\windows\System32\XAPOFX1_2.dll
2009-01-03 23:36 . 2008-07-30 06:20 68,616 –a—— c:\windows\System32\XAPOFX1_1.dll
2009-01-03 23:36 . 2008-10-27 10:04 23,376 –a—— c:\windows\System32\X3DAudio1_5.dll
2009-01-03 23:34 . 2005-05-26 15:34 2,297,552 –a—— c:\windows\System32\d3dx9_26.dll
2009-01-03 23:30 . 2009-01-03 23:32 <DIR> d–h—– c:\windows\msdownld.tmp
2009-01-03 21:20 . 2009-01-03 21:20 <DIR> d–h-c— c:\users\All Users\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-03 21:20 . 2009-01-03 21:20 <DIR> d–h-c— c:\programdata\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-03 21:20 . 2009-01-03 21:20 <DIR> d——– c:\program files\Utherverse Digital Inc
2008-12-26 10:11 . 2008-12-26 10:11 <DIR> d——– c:\users\sackdvscomy\AppData\Roaming\Apple Computer
2008-12-26 10:05 . 2008-12-26 10:05 <DIR> d——– c:\program files\Bonjour
2008-12-26 10:00 . 2008-12-26 10:00 <DIR> d——– c:\users\All Users\Apple
2008-12-26 10:00 . 2008-12-26 10:00 <DIR> d——– c:\programdata\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 07:45 ——— d—–w c:\users\sackdvscomy\AppData\Roaming\DNA
2009-01-19 06:40 ——— d—–w c:\program files\Spybot - Search & Destroy
2009-01-19 06:37 ——— d—–w c:\programdata\Spybot - Search & Destroy
2009-01-19 05:39 ——— d—–w c:\program files\Microsoft Windows OneCare Live
2009-01-18 02:27 ——— d—–w c:\users\sackdvscomy\AppData\Roaming\BitTorrent
2009-01-18 00:19 ——— d–h–w c:\program files\InstallShield Installation Information
2009-01-17 09:26 ——— d—–w c:\program files\DivX
2009-01-17 09:25 ——— d—–w c:\program files\Common Files\PX Storage Engine
2009-01-15 04:36 ——— d—–w c:\program files\Windows Mail
2009-01-02 02:02 ——— d—–w c:\program files\Common Files\Symantec Shared
2008-12-25 21:09 ——— d—–w c:\programdata\Apple Computer
2008-12-25 21:05 ——— d—–w c:\program files\QuickTime
2008-12-22 08:50 ——— d—–w c:\users\sackdvscomy\AppData\Roaming\LimeWire
2008-12-21 04:20 ——— d—–w c:\program files\BitTorrent
2008-12-16 07:56 ——— d—–w c:\program files\AviSynth 2.5
2008-12-12 22:52 174 –sha-w c:\program files\desktop.ini
2008-12-08 07:25 ——— d—–w c:\program files\PokerStars.NET
2008-12-07 04:03 410,984 —-a-w c:\windows\System32\deploytk.dll
2008-12-07 04:02 ——— d—–w c:\program files\Java
2008-11-01 03:33 537,600 —-a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 —-a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 —-a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 —-a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 —-a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 —-a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 —-a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 —-a-w c:\windows\explorer.exe
2008-10-22 03:43 95,232 —-a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 —-a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 —-a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 —-a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 —-a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 —-a-w c:\windows\System32\connect.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-03 125440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-21 1232896]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-01-07 5385560]
"BitTorrent DNA"="c:\users\sackdvscomy\Program Files\DNA\btdna.exe" [2008-12-28 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCar eMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
–a—— 2008-12-28 10:16 342848 c:\users\sackdvscomy\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a—— 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
–a—— 2008-07-21 16:36 1006264 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
–a—— 2006-11-03 01:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5FF95C80-EA98-4B3B-998D-6D0F0DC840C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ECC3CDEB-C90A-4A24-AAB6-448AF7F345F2}"= UDP:c:\program files\DNA\btdna.exeNA
"{DDA5290F-7901-43E4-85E2-49F0DA389706}"= TCP:c:\program files\DNA\btdna.exeNA
"{95164BFB-BD7F-4016-BAA7-B6437195D5D0}"= UDP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"{1CA52144-CFDD-468C-9697-5F1FDF98BEA6}"= TCP:c:\program files\K-Lite Codec Pack\Filters\ac3config.exe:AC3Filter
"TCP Query User{E4BA7310-D75D-44B6-A471-86C09D4398FC}c:\\users\\sackdvscomy\\program files\\dna\\btdna.exe"= UDP:c:\users\sackdvscomy\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D3940F3B-84A5-47B5-A669-7AF4868DA132}c:\\users\\sackdvscomy\\program files\\dna\\btdna.exe"= TCP:c:\users\sackdvscomy\program files\dna\btdna.exe:btdna.exe
"{7BBDE732-FB00-48F5-9F06-24749C3B7FBF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9075FF3C-86C6-42EE-AD88-2B1D2CAA4247}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D4D1572F-E232-4B2D-8310-38C2D2739E5E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{94495A34-BA08-440A-9376-9449435E03AD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{484F59FC-2878-4A72-8AFF-544F0E99F47E}"= UDP:50000:Windows Live OneCare
"TCP Query User{95404B6B-A346-4674-A407-E73A27528FAE}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{ED5A2BEB-49F3-46CF-80C6-B3B32BD81285}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0×0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2006-11-02 251904]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R4 SBKUPNT;SBKUPNT;c:\windows\System32\drivers\SBKUPNT.SYS [2008-11-01 14976]
S3 PAC207;Eye 110;c:\windows\System32\drivers\PFC027.SYS [2006-12-05 507136]
.
Contents of the ‘Scheduled Tasks’ folder
2009-01-18 c:\windows\Tasks\DriverRobot.job
- c:\program files\Driver Robot\DriverRobot.exe []
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {E1D0B97A-5D61-4E5F-8BD3-37CC056CDC39} = 203.97.33.1,203.97.37.1
FF - ProfilePath - c:\users\sackdvscomy\AppData\Roaming\Mozilla\Firefox\Profiles\gduac4z7.defa ult\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\sackdvscomy\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 20:44:16
Windows 6.0.6000 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
———————— Other Running Processes ————————
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\System32\audiodg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-19 20:49:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 07:49:04
Pre-Run: 41,989,767,168 bytes free
Post-Run: 42,062,196,736 bytes free
191 — E O F — 2009-01-15 04:37:00
Looks like the program associated with the following scheduled task is no longer present.
c:\windows\Tasks\DriverRobot.job
Should be safe to delete the task.
Please do an online scan with Kaspersky Online Scanner
Click Accept, when prompted to download and install the program files and database of malware definitions.Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click View scan report at the bottom.
Click the Save Report As… button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**
To optimize scanning time and produce a more sensible report for review:Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Post the Kaspersky log here.
well i scanned twice and nothing came up i turned off all my security ive previously tried the winsock2 corruption repair i have also looked into this and gave it a try http://support.microsoft.com/kb/928233 (Windows Vista cannot obtain an IP address from certain routers or from certain non-Microsoft DHCP servers) . also gave this a go as an option Reinstall and Reset TCP/IP (Internet Protocol) in Windows Vista also checked my event log and found an error wich sent me here http://technet.microsoft.com/en-us/l…/cc727844.aspx tried this aswell and still nothing
I would suggest you check for updated drivers for you network card at the manufacturer’s website. You should be able to identify it in the Device Manager.
Since the scan came back clean, lets cleanup ComboFix. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.
it didnt uninstall it just ran again then while my one care was turned off it said it found a virus and removed combo from the desktop but all the files are still in c drive
network card is up to date aswell
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.