Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootRepeal Log, PC Can't Run HiJackThis/MBAM.exe - I've Max++ infection


  • Please log in to reply
76 replies to this topic

#1 lost2pc

lost2pc

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 29 August 2009 - 02:04 PM

I hope this is enough info from RootRepeal Log to help me. THANKING the BC TEAM in advance :(

When I first tried to get to "BleepingComputer.com" via my ThinkPad, I received a FireFox message Network Connection Interrupted. I was only able to use the zip folder at RootRepeal, but as soon as I tried running in Normal Mode the hidden files scan, my laptop screen started freezing, so I quickly disconnected from the Internet and rebooted into Safe Mode without network.

Here is my best copy n paste log (this is from my flashstick). Of note RP wouldn't run Hidden files scan.

Still unable to run HJT - it will not open

Just saw ElsieO25 reply and instructions to post links from previous thread http://www.bleepingcomputer.com/forums/t/253149/malware-has-taken-over-my-xp-pro-help/
http://www.bleepingcomputer.com/forums/topic249117-15.html

Thanks

P.S. I'm apologizing for posting a partial log in a reply to my posting in "I am Infected?" I was so nervous and rushing.
*sending this info from a dying Dell Desktop via AOL-dialup- so sorry for any delayed response

Edited by lost2pc, 29 August 2009 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 30 August 2009 - 05:00 PM

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.


#3 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 06:04 PM

Thanks Random! I could not run these in Normal Mode as the I was blocked from internet access. Here is what I was able to get from Safe Mode w/Networking


Volume in drive C is Preload
Volume Serial Number is C065-B602

Directory of C:\WINDOWS\$NtUninstallKB968389$

08/04/2004 08:00 AM 407,040 netlogon.dll
1 File(s) 407,040 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

02/06/2009 02:46 PM 408,064 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 62,464 eventlog.dll
3 File(s) 650,752 bytes

Directory of C:\WINDOWS\system32\dllcache

02/06/2009 02:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Total Files Listed:
8 File(s) 2,110,464 bytes
0 Dir(s) 50,143,739,904 bytes free

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 30 August 2009 - 06:46 PM

  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
    rmdir "C:\WINDOWS\$hf_mig$\KB893066\KB893066" 
    rmdir "C:\WINDOWS\$hf_mig$\KB900725\KB900725" 
    rmdir "C:\WINDOWS\$hf_mig$\KB908531\KB908531" 
    rmdir "C:\WINDOWS\$hf_mig$\KB912945\KB912945" 
    rmdir "C:\WINDOWS\$hf_mig$\KB913446\KB913446" 
    rmdir "C:\WINDOWS\$hf_mig$\KB917953\KB917953" 
    rmdir "C:\WINDOWS\$hf_mig$\KB920213\KB920213" 
    rmdir "C:\WINDOWS\$hf_mig$\KB921398\KB921398" 
    rmdir "C:\WINDOWS\$hf_mig$\KB924270\KB924270" 
    rmdir "C:\WINDOWS\$hf_mig$\KB925902\KB925902" 
    rmdir "C:\WINDOWS\$hf_mig$\KB928255\KB928255" 
    rmdir "C:\WINDOWS\$hf_mig$\KB930178\KB930178" 
    rmdir "C:\WINDOWS\$hf_mig$\KB931784\KB931784" 
    rmdir "C:\WINDOWS\$hf_mig$\KB932168\KB932168" 
    rmdir "C:\WINDOWS\$hf_mig$\KB933729\KB933729" 
    rmdir "C:\WINDOWS\$hf_mig$\KB938829\KB938829" 
    rmdir "C:\WINDOWS\$hf_mig$\KB941644\KB941644" 
    rmdir "C:\WINDOWS\$hf_mig$\KB941693\KB941693" 
    rmdir "C:\WINDOWS\$hf_mig$\KB943460\KB943460" 
    rmdir "C:\WINDOWS\$hf_mig$\KB943485\KB943485" 
    rmdir "C:\WINDOWS\$hf_mig$\KB948590\KB948590" 
    rmdir "C:\WINDOWS\addins\addins" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33C.tmp\ZAP33C.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37D.tmp\ZAP37D.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP42C.tmp\ZAP42C.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP434.tmp\ZAP434.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP440.tmp\ZAP440.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP515.tmp\ZAP515.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP532.tmp\ZAP532.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP587.tmp\ZAP587.tmp" 
    rmdir "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8E.tmp\ZAP8E.tmp" 
    rmdir "C:\WINDOWS\assembly\temp\temp" 
    rmdir "C:\WINDOWS\assembly\tmp\tmp" 
    rmdir "C:\WINDOWS\Config\Config" 
    rmdir "C:\WINDOWS\Connection Wizard\Connection Wizard" 
    rmdir "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz" 
    rmdir "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib" 
    rmdir "C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave" 
    rmdir "C:\WINDOWS\ime\chsime\applets\applets" 
    rmdir "C:\WINDOWS\ime\CHTIME\Applets\Applets" 
    rmdir "C:\WINDOWS\ime\imejp\applets\applets" 
    rmdir "C:\WINDOWS\ime\imejp98\imejp98" 
    rmdir "C:\WINDOWS\ime\imjp8_1\applets\applets" 
    rmdir "C:\WINDOWS\ime\imkr6_1\applets\applets" 
    rmdir "C:\WINDOWS\ime\imkr6_1\dicts\dicts" 
    rmdir "C:\WINDOWS\ime\shared\res\res" 
    rmdir "C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729" 
    rmdir "C:\WINDOWS\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\11.0.8003" 
    rmdir "C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729" 
    rmdir "C:\WINDOWS\Installer\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" 
    rmdir "C:\WINDOWS\Installer\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" 
    rmdir "C:\WINDOWS\Installer\{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}\{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" 
    rmdir "C:\WINDOWS\java\classes\classes" 
    rmdir "C:\WINDOWS\java\trustlib\trustlib" 
    rmdir "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs" 
    rmdir "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files" 
    rmdir "C:\WINDOWS\msapps\msinfo\msinfo" 
    rmdir "C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES" 
    rmdir "C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF" 
    rmdir "C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps" 
    rmdir "C:\WINDOWS\pchealth\helpctr\BATCH\BATCH" 
    rmdir "C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint" 
    rmdir "C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles" 
    rmdir "C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs" 
    rmdir "C:\WINDOWS\pchealth\helpctr\System\DFS\DFS" 
    rmdir "C:\WINDOWS\pchealth\helpctr\System\News\News" 
    rmdir "C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM" 
    rmdir "C:\WINDOWS\pchealth\helpctr\Temp\Temp" 
    rmdir "C:\WINDOWS\PIF\PIF" 
    rmdir "C:\WINDOWS\Registration\CRMLog\CRMLog" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\a855eed5ad28db3548ad40195130e787\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft" 
    rmdir "C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70" 
    rmdir "C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered" 
    rmdir "C:\WINDOWS\Sun\Java\Deployment\Deployment" 
    rmdir "C:\WINDOWS\SxsCaPendDel\SxsCaPendDel" 
    rmdir "C:\WINDOWS\system32\1025\1025" 
    rmdir "C:\WINDOWS\system32\1028\1028" 
    rmdir "C:\WINDOWS\system32\1031\1031" 
    rmdir "C:\WINDOWS\system32\1037\1037" 
    rmdir "C:\WINDOWS\system32\1041\1041" 
    rmdir "C:\WINDOWS\system32\1042\1042" 
    rmdir "C:\WINDOWS\system32\1054\1054" 
    rmdir "C:\WINDOWS\system32\2052\2052" 
    rmdir "C:\WINDOWS\system32\3076\3076" 
    rmdir "C:\WINDOWS\system32\3com_dmi\3com_dmi" 
    rmdir "C:\WINDOWS\system32\Adobe\update\update" 
    rmdir "C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE" 
    rmdir "C:\WINDOWS\system32\appmgmt\S-1-5-21-4229174763-2783399609-392354559-1008\S-1-5-21-4229174763-2783399609-392354559-1008" 
    rmdir "C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{8E462109-3BE4-4456-BE4A-7BF26A776F08}\{8E462109-3BE4-4456-BE4A-7BF26A776F08}" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Lenovo\Client Security Solution\Client Security Solution" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.190\v2.0.50727.190" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\My Documents\Access Connections\Access Connections" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood" 
    rmdir "C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood" 
    rmdir "C:\WINDOWS\system32\dhcp\dhcp" 
    rmdir "C:\WINDOWS\system32\drivers\disdn\disdn" 
    rmdir "C:\WINDOWS\system32\export\export" 
    rmdir "C:\WINDOWS\system32\GroupPolicy\Machine\Machine" 
    rmdir "C:\WINDOWS\system32\GroupPolicy\User\User" 
    rmdir "C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT" 
    rmdir "C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT" 
    rmdir "C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT" 
    rmdir "C:\WINDOWS\system32\inetsrv\inetsrv" 
    rmdir "C:\WINDOWS\system32\LogFiles\WUDF\WUDF" 
    rmdir "C:\WINDOWS\system32\mui\dispspec\dispspec" 
    rmdir "C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup" 
    rmdir "C:\WINDOWS\system32\oobe\html\oemcust\oemcust" 
    rmdir "C:\WINDOWS\system32\oobe\html\oemhw\oemhw" 
    rmdir "C:\WINDOWS\system32\oobe\sample\sample" 
    rmdir "C:\WINDOWS\system32\ShellExt\ShellExt" 
    rmdir "C:\WINDOWS\system32\spool\PRINTERS\PRINTERS" 
    rmdir "C:\WINDOWS\system32\wbem\mof\bad\bad" 
    rmdir "C:\WINDOWS\system32\wbem\mof\good\good" 
    rmdir "C:\WINDOWS\system32\wbem\snmp\snmp" 
    rmdir "C:\WINDOWS\system32\wins\wins" 
    rmdir "C:\WINDOWS\system32\xircom\xircom" 
    rmdir "C:\WINDOWS\Temp\MCE00000\MCE00000" 
    rmdir "C:\WINDOWS\Temp\MCE00001\MCE00001" 
    rmdir "C:\WINDOWS\Temp\MCE00002\MCE00002" 
    rmdir "C:\WINDOWS\Temp\MCE00003\MCE00003" 
    rmdir "C:\WINDOWS\Temp\MCE00004\MCE00004" 
    rmdir "C:\WINDOWS\Temp\MCE00005\MCE00005" 
    rmdir "C:\WINDOWS\Temp\MCE00006\MCE00006" 
    rmdir "C:\WINDOWS\Temp\MCE00007\MCE00007" 
    rmdir "C:\WINDOWS\Temp\MCE00008\MCE00008" 
    rmdir "C:\WINDOWS\Temp\MCE00009\MCE00009" 
    rmdir "C:\WINDOWS\Temp\MCE0000a\MCE0000a" 
    rmdir "C:\WINDOWS\Temp\MCE0000b\MCE0000b" 
    rmdir "C:\WINDOWS\Temp\MCE0000c\MCE0000c" 
    rmdir "C:\WINDOWS\Temp\MCE0000d\MCE0000d" 
    rmdir "C:\WINDOWS\Temp\MCE0000e\MCE0000e" 
    rmdir "C:\WINDOWS\Temp\MCE0000f\MCE0000f" 
    rmdir "C:\WINDOWS\Temp\MCE00010\MCE00010" 
    rmdir "C:\WINDOWS\Temp\MCE00011\MCE00011" 
    rmdir "C:\WINDOWS\Temp\MCE00012\MCE00012" 
    rmdir "C:\WINDOWS\Temp\MCE00013\MCE00013" 
    rmdir "C:\WINDOWS\Temp\MCE00014\MCE00014" 
    rmdir "C:\WINDOWS\Temp\MCE00015\MCE00015" 
    rmdir "C:\WINDOWS\Temp\MCE00016\MCE00016" 
    rmdir "C:\WINDOWS\Temp\MCE00017\MCE00017" 
    rmdir "C:\WINDOWS\Temp\MCE00018\MCE00018" 
    rmdir "C:\WINDOWS\Temp\MCE00019\MCE00019" 
    rmdir "C:\WINDOWS\Temp\MCE0001a\MCE0001a" 
    rmdir "C:\WINDOWS\Temp\MCE0001b\MCE0001b" 
    rmdir "C:\WINDOWS\Temp\MCE0001c\MCE0001c" 
    rmdir "C:\WINDOWS\Temp\MCE0001d\MCE0001d" 
    rmdir "C:\WINDOWS\Temp\MCE0001e\MCE0001e" 
    rmdir "C:\WINDOWS\Temp\MCE0001f\MCE0001f" 
    rmdir "C:\WINDOWS\Temp\MCE00020\MCE00020" 
    rmdir "C:\WINDOWS\Temp\MCE00021\MCE00021" 
    rmdir "C:\WINDOWS\Temp\MCE00022\MCE00022" 
    rmdir "C:\WINDOWS\Temp\MCE00023\MCE00023" 
    rmdir "C:\WINDOWS\Temp\MCE00024\MCE00024" 
    rmdir "C:\WINDOWS\Temp\MCE00025\MCE00025" 
    rmdir "C:\WINDOWS\Temp\MCE00026\MCE00026" 
    rmdir "C:\WINDOWS\Temp\MCE00027\MCE00027" 
    rmdir "C:\WINDOWS\Temp\MCE00028\MCE00028" 
    rmdir "C:\WINDOWS\Temp\MCE00029\MCE00029" 
    rmdir "C:\WINDOWS\Temp\MCE0002a\MCE0002a" 
    rmdir "C:\WINDOWS\Temp\MCE0002b\MCE0002b" 
    rmdir "C:\WINDOWS\Temp\MCE0002c\MCE0002c" 
    rmdir "C:\WINDOWS\Temp\MCE0002d\MCE0002d" 
    rmdir "C:\WINDOWS\Temp\MCE0002e\MCE0002e" 
    rmdir "C:\WINDOWS\Temp\MCE0002f\MCE0002f" 
    rmdir "C:\WINDOWS\Temp\MCE00030\MCE00030" 
    rmdir "C:\WINDOWS\Temp\MCE00031\MCE00031" 
    rmdir "C:\WINDOWS\Temp\MCE00032\MCE00032" 
    rmdir "C:\WINDOWS\Temp\MCE00033\MCE00033" 
    rmdir "C:\WINDOWS\Temp\MCE00034\MCE00034" 
    rmdir "C:\WINDOWS\Temp\MCE00035\MCE00035" 
    rmdir "C:\WINDOWS\Temp\MCE00036\MCE00036" 
    rmdir "C:\WINDOWS\Temp\MCE00037\MCE00037" 
    rmdir "C:\WINDOWS\Temp\MCE00038\MCE00038" 
    rmdir "C:\WINDOWS\Temp\MCE00039\MCE00039" 
    rmdir "C:\WINDOWS\Temp\MCE0003a\MCE0003a" 
    rmdir "C:\WINDOWS\Temp\MCE0003b\MCE0003b" 
    rmdir "C:\WINDOWS\Temp\MCE0003c\MCE0003c" 
    rmdir "C:\WINDOWS\Temp\MCE0003d\MCE0003d" 
    rmdir "C:\WINDOWS\Temp\MCE0003e\MCE0003e" 
    rmdir "C:\WINDOWS\Temp\MCE0003f\MCE0003f" 
    rmdir "C:\WINDOWS\Temp\MCE00040\MCE00040" 
    rmdir "C:\WINDOWS\Temp\MCE00041\MCE00041" 
    rmdir "C:\WINDOWS\Temp\MCE00042\MCE00042" 
    rmdir "C:\WINDOWS\Temp\MCE00043\MCE00043" 
    rmdir "C:\WINDOWS\Temp\MCE00044\MCE00044" 
    rmdir "C:\WINDOWS\Temp\MCE00045\MCE00045" 
    rmdir "C:\WINDOWS\Temp\MCE00046\MCE00046" 
    rmdir "C:\WINDOWS\Temp\MCE00047\MCE00047" 
    rmdir "C:\WINDOWS\Temp\MCE00048\MCE00048" 
    rmdir "C:\WINDOWS\Temp\MCE00049\MCE00049" 
    rmdir "C:\WINDOWS\Temp\MCE0004a\MCE0004a" 
    rmdir "C:\WINDOWS\Temp\MCE0004b\MCE0004b" 
    rmdir "C:\WINDOWS\Temp\MCE0004c\MCE0004c" 
    rmdir "C:\WINDOWS\Temp\MCE0004d\MCE0004d" 
    rmdir "C:\WINDOWS\Temp\MCE0004e\MCE0004e" 
    rmdir "C:\WINDOWS\Temp\MCE0004f\MCE0004f" 
    rmdir "C:\WINDOWS\Temp\MCE00050\MCE00050" 
    rmdir "C:\WINDOWS\Temp\MCE00051\MCE00051" 
    rmdir "C:\WINDOWS\Temp\MCE00052\MCE00052" 
    rmdir "C:\WINDOWS\Temp\MCE00053\MCE00053" 
    rmdir "C:\WINDOWS\Temp\MCE00054\MCE00054" 
    rmdir "C:\WINDOWS\Temp\MCE00055\MCE00055" 
    rmdir "C:\WINDOWS\Temp\MCE00056\MCE00056" 
    rmdir "C:\WINDOWS\Temp\MCE00057\MCE00057" 
    rmdir "C:\WINDOWS\Temp\MCE00058\MCE00058" 
    rmdir "C:\WINDOWS\Temp\MCE00059\MCE00059" 
    rmdir "C:\WINDOWS\Temp\MCE0005a\MCE0005a" 
    rmdir "C:\WINDOWS\Temp\MCE0005b\MCE0005b" 
    rmdir "C:\WINDOWS\Temp\MCE0005c\MCE0005c" 
    rmdir "C:\WINDOWS\Temp\MCE0005d\MCE0005d" 
    rmdir "C:\WINDOWS\Temp\MCE0005e\MCE0005e" 
    rmdir "C:\WINDOWS\Temp\MCE0005f\MCE0005f" 
    rmdir "C:\WINDOWS\Temp\MCE00060\MCE00060" 
    rmdir "C:\WINDOWS\Temp\MCE00061\MCE00061" 
    rmdir "C:\WINDOWS\Temp\MCE00062\MCE00062" 
    rmdir "C:\WINDOWS\Temp\MCE00063\MCE00063" 
    rmdir "C:\WINDOWS\Temp\MCE00064\MCE00064" 
    rmdir "C:\WINDOWS\Temp\MCE00065\MCE00065" 
    rmdir "C:\WINDOWS\Temp\MCE00066\MCE00066" 
    rmdir "C:\WINDOWS\Temp\MCE00067\MCE00067" 
    rmdir "C:\WINDOWS\Temp\MCE00068\MCE00068" 
    rmdir "C:\WINDOWS\Temp\MCE00069\MCE00069" 
    rmdir "C:\WINDOWS\Temp\MCE0006a\MCE0006a" 
    rmdir "C:\WINDOWS\Temp\MCE0006b\MCE0006b" 
    rmdir "C:\WINDOWS\Temp\MCE0006c\MCE0006c" 
    rmdir "C:\WINDOWS\Temp\MCE0006d\MCE0006d" 
    rmdir "C:\WINDOWS\Temp\MCE0006e\MCE0006e" 
    rmdir "C:\WINDOWS\Temp\MCE0006f\MCE0006f" 
    rmdir "C:\WINDOWS\Temp\MCE00070\MCE00070" 
    rmdir "C:\WINDOWS\Temp\MCE00071\MCE00071" 
    rmdir "C:\WINDOWS\Temp\MCE00072\MCE00072" 
    rmdir "C:\WINDOWS\Temp\MCE00073\MCE00073" 
    rmdir "C:\WINDOWS\Temp\MCE00074\MCE00074" 
    rmdir "C:\WINDOWS\Temp\MCE00075\MCE00075" 
    rmdir "C:\WINDOWS\Temp\MCE00076\MCE00076" 
    rmdir "C:\WINDOWS\Temp\MCE00077\MCE00077" 
    rmdir "C:\WINDOWS\Temp\MCE00078\MCE00078" 
    rmdir "C:\WINDOWS\Temp\MCE00079\MCE00079" 
    rmdir "C:\WINDOWS\Temp\MCE0007a\MCE0007a" 
    rmdir "C:\WINDOWS\Temp\MCE0007b\MCE0007b" 
    rmdir "C:\WINDOWS\Temp\MCE0007c\MCE0007c" 
    rmdir "C:\WINDOWS\Temp\MCE0007d\MCE0007d" 
    rmdir "C:\WINDOWS\Temp\MCE0007e\MCE0007e" 
    rmdir "C:\WINDOWS\Temp\MCE0007f\MCE0007f" 
    rmdir "C:\WINDOWS\Temp\MCE00080\MCE00080" 
    rmdir "C:\WINDOWS\Temp\MCE00081\MCE00081" 
    rmdir "C:\WINDOWS\Temp\MCE00082\MCE00082" 
    rmdir "C:\WINDOWS\Temp\MCE00083\MCE00083" 
    rmdir "C:\WINDOWS\Temp\MCE00084\MCE00084" 
    rmdir "C:\WINDOWS\Temp\MCE00085\MCE00085" 
    rmdir "C:\WINDOWS\Temp\MCE00086\MCE00086" 
    rmdir "C:\WINDOWS\Temp\MCE00087\MCE00087" 
    rmdir "C:\WINDOWS\Temp\MCE00088\MCE00088" 
    rmdir "C:\WINDOWS\Temp\MCE00089\MCE00089" 
    rmdir "C:\WINDOWS\Temp\MCE0008a\MCE0008a" 
    rmdir "C:\WINDOWS\Temp\MCE0008b\MCE0008b" 
    rmdir "C:\WINDOWS\Temp\MCE0008c\MCE0008c" 
    rmdir "C:\WINDOWS\Temp\MCE0008d\MCE0008d" 
    rmdir "C:\WINDOWS\Temp\MCE0008e\MCE0008e" 
    rmdir "C:\WINDOWS\Temp\MCE0008f\MCE0008f" 
    rmdir "C:\WINDOWS\Temp\MCE00090\MCE00090" 
    rmdir "C:\WINDOWS\Temp\MCE00091\MCE00091" 
    rmdir "C:\WINDOWS\Temp\MCE00092\MCE00092" 
    rmdir "C:\WINDOWS\Temp\MCE00093\MCE00093" 
    rmdir "C:\WINDOWS\Temp\MCE00094\MCE00094" 
    rmdir "C:\WINDOWS\Temp\MCE00095\MCE00095" 
    rmdir "C:\WINDOWS\Temp\MCE00096\MCE00096" 
    rmdir "C:\WINDOWS\Temp\MCE00097\MCE00097" 
    rmdir "C:\WINDOWS\Temp\MCE00098\MCE00098" 
    rmdir "C:\WINDOWS\Temp\MCE00099\MCE00099" 
    rmdir "C:\WINDOWS\Temp\MCE0009a\MCE0009a" 
    rmdir "C:\WINDOWS\Temp\MCE0009b\MCE0009b" 
    rmdir "C:\WINDOWS\Temp\MCE0009c\MCE0009c" 
    rmdir "C:\WINDOWS\Temp\MCE0009d\MCE0009d" 
    rmdir "C:\WINDOWS\Temp\MCE0009e\MCE0009e" 
    rmdir "C:\WINDOWS\Temp\MCE0009f\MCE0009f" 
    rmdir "C:\WINDOWS\Temp\MCE000a0\MCE000a0" 
    rmdir "C:\WINDOWS\Temp\MCE000a1\MCE000a1" 
    rmdir "C:\WINDOWS\Temp\MCE000a2\MCE000a2" 
    rmdir "C:\WINDOWS\Temp\MCE000a3\MCE000a3" 
    rmdir "C:\WINDOWS\Temp\MCE000a4\MCE000a4" 
    rmdir "C:\WINDOWS\Temp\MCE000a5\MCE000a5" 
    rmdir "C:\WINDOWS\Temp\MCE000a6\MCE000a6" 
    rmdir "C:\WINDOWS\Temp\MCE000a7\MCE000a7" 
    rmdir "C:\WINDOWS\Temp\MCE000a8\MCE000a8" 
    rmdir "C:\WINDOWS\Temp\MCE000a9\MCE000a9" 
    rmdir "C:\WINDOWS\Temp\MCE000aa\MCE000aa" 
    rmdir "C:\WINDOWS\Temp\MCE000ab\MCE000ab" 
    rmdir "C:\WINDOWS\Temp\MCE000ac\MCE000ac" 
    rmdir "C:\WINDOWS\Temp\MCE000ad\MCE000ad" 
    rmdir "C:\WINDOWS\Temp\MCE000ae\MCE000ae" 
    rmdir "C:\WINDOWS\Temp\MCE000af\MCE000af" 
    rmdir "C:\WINDOWS\Temp\MCE000b0\MCE000b0" 
    rmdir "C:\WINDOWS\Temp\MCE000b1\MCE000b1" 
    rmdir "C:\WINDOWS\Temp\MCE000b2\MCE000b2" 
    rmdir "C:\WINDOWS\Temp\MCE000b3\MCE000b3" 
    rmdir "C:\WINDOWS\Temp\MCE000b4\MCE000b4" 
    rmdir "C:\WINDOWS\Temp\MCE000b5\MCE000b5" 
    rmdir "C:\WINDOWS\Temp\MCE000b6\MCE000b6" 
    rmdir "C:\WINDOWS\Temp\MCE000b7\MCE000b7" 
    rmdir "C:\WINDOWS\Temp\MCE000b8\MCE000b8" 
    rmdir "C:\WINDOWS\Temp\MCE000b9\MCE000b9" 
    rmdir "C:\WINDOWS\Temp\MCE000ba\MCE000ba" 
    rmdir "C:\WINDOWS\Temp\MCE000bb\MCE000bb" 
    rmdir "C:\WINDOWS\Temp\MCE000bc\MCE000bc" 
    rmdir "C:\WINDOWS\Temp\MCE000bd\MCE000bd" 
    rmdir "C:\WINDOWS\Temp\MCE000be\MCE000be" 
    rmdir "C:\WINDOWS\Temp\MCE000bf\MCE000bf" 
    rmdir "C:\WINDOWS\Temp\MCE000c0\MCE000c0" 
    rmdir "C:\WINDOWS\Temp\MCE000c1\MCE000c1" 
    rmdir "C:\WINDOWS\Temp\MCE000c2\MCE000c2" 
    rmdir "C:\WINDOWS\Temp\MCE000c3\MCE000c3" 
    rmdir "C:\WINDOWS\Temp\MCE000c4\MCE000c4" 
    rmdir "C:\WINDOWS\Temp\MCE000c5\MCE000c5" 
    rmdir "C:\WINDOWS\Temp\MCE000c6\MCE000c6" 
    rmdir "C:\WINDOWS\Temp\MCE000c7\MCE000c7" 
    rmdir "C:\WINDOWS\Temp\MCE000c8\MCE000c8" 
    rmdir "C:\WINDOWS\Temp\MCE000c9\MCE000c9" 
    rmdir "C:\WINDOWS\Temp\MCE000ca\MCE000ca" 
    rmdir "C:\WINDOWS\Temp\MCE000cb\MCE000cb" 
    rmdir "C:\WINDOWS\Temp\MCE000cc\MCE000cc" 
    rmdir "C:\WINDOWS\Temp\MCE000cd\MCE000cd" 
    rmdir "C:\WINDOWS\Temp\MCE000ce\MCE000ce" 
    rmdir "C:\WINDOWS\Temp\MCE000cf\MCE000cf" 
    rmdir "C:\WINDOWS\Temp\MCE000d0\MCE000d0" 
    rmdir "C:\WINDOWS\Temp\MCE000d1\MCE000d1" 
    rmdir "C:\WINDOWS\Temp\MCE000d2\MCE000d2" 
    rmdir "C:\WINDOWS\Temp\MCE000d3\MCE000d3" 
    rmdir "C:\WINDOWS\Temp\MCE000d4\MCE000d4" 
    rmdir "C:\WINDOWS\Temp\MCE000d5\MCE000d5" 
    rmdir "C:\WINDOWS\Temp\MCE000d6\MCE000d6" 
    rmdir "C:\WINDOWS\Temp\MCE000d7\MCE000d7" 
    rmdir "C:\WINDOWS\Temp\MCE000d8\MCE000d8" 
    rmdir "C:\WINDOWS\Temp\MCE000d9\MCE000d9" 
    rmdir "C:\WINDOWS\Temp\MCE000da\MCE000da" 
    rmdir "C:\WINDOWS\Temp\MCE000db\MCE000db" 
    rmdir "C:\WINDOWS\Temp\MCE000dc\MCE000dc" 
    rmdir "C:\WINDOWS\Temp\MCE000dd\MCE000dd" 
    rmdir "C:\WINDOWS\Temp\MCE000de\MCE000de" 
    rmdir "C:\WINDOWS\Temp\MCE000df\MCE000df" 
    rmdir "C:\WINDOWS\Temp\MCE000e0\MCE000e0" 
    rmdir "C:\WINDOWS\Temp\MCE000e1\MCE000e1" 
    rmdir "C:\WINDOWS\Temp\MCE000e2\MCE000e2" 
    rmdir "C:\WINDOWS\Temp\MCE000e3\MCE000e3" 
    rmdir "C:\WINDOWS\Temp\MCE000e4\MCE000e4" 
    rmdir "C:\WINDOWS\Temp\MCE000e5\MCE000e5" 
    rmdir "C:\WINDOWS\Temp\MCE000e6\MCE000e6" 
    rmdir "C:\WINDOWS\Temp\MCE000e7\MCE000e7" 
    rmdir "C:\WINDOWS\Temp\MCE000e8\MCE000e8" 
    rmdir "C:\WINDOWS\Temp\MCE000e9\MCE000e9" 
    rmdir "C:\WINDOWS\Temp\MCE000ea\MCE000ea" 
    rmdir "C:\WINDOWS\Temp\MCE000eb\MCE000eb" 
    rmdir "C:\WINDOWS\Temp\MCE000ec\MCE000ec" 
    rmdir "C:\WINDOWS\Temp\MCE000ed\MCE000ed" 
    rmdir "C:\WINDOWS\Temp\MCE000ee\MCE000ee" 
    rmdir "C:\WINDOWS\Temp\MCE000ef\MCE000ef" 
    rmdir "C:\WINDOWS\Temp\MCE000f0\MCE000f0" 
    rmdir "C:\WINDOWS\Temp\MCE000f1\MCE000f1" 
    rmdir "C:\WINDOWS\Temp\MCE000f2\MCE000f2" 
    rmdir "C:\WINDOWS\Temp\MCE000f3\MCE000f3" 
    rmdir "C:\WINDOWS\Temp\MCE000f4\MCE000f4" 
    rmdir "C:\WINDOWS\Temp\MCE000f5\MCE000f5" 
    rmdir "C:\WINDOWS\Temp\MCE000f6\MCE000f6" 
    rmdir "C:\WINDOWS\Temp\MCE000f7\MCE000f7" 
    rmdir "C:\WINDOWS\Temp\MCE000f8\MCE000f8" 
    rmdir "C:\WINDOWS\Temp\MCE000f9\MCE000f9" 
    rmdir "C:\WINDOWS\Temp\MCE000fa\MCE000fa" 
    rmdir "C:\WINDOWS\Temp\MCE000fb\MCE000fb" 
    rmdir "C:\WINDOWS\Temp\MCE000fc\MCE000fc" 
    rmdir "C:\WINDOWS\Temp\MCE000fd\MCE000fd" 
    rmdir "C:\WINDOWS\Temp\MCE000fe\MCE000fe" 
    rmdir "C:\WINDOWS\Temp\MCE000ff\MCE000ff" 
    rmdir "C:\WINDOWS\Temp\MCE00100\MCE00100"
  • Click File > Save as
  • In the box labelled File name copy and paste cleanup.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Double click on cleanup.bat
  • A DOS window will come up briefly and then disappear, this is normal
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:
    C:\WINDOWS\system32\drivers\UACwroepkhcnx.sys
    C:\WINDOWS\system32\drivers\UAClevjilwrow.dll
    C:\WINDOWS\system32\drivers\UACihlngvqdmx.dll
    C:\WINDOWS\system32\drivers\UACltyouymmpl.dll
    C:\WINDOWS\system32\drivers\UACihlngvqdmx.dll
    C:\WINDOWS\system32\drivers\UACihlngvqdmx.dll
    Files to move:
    C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll
    Drivers to delete:
    UACd.sys
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log, along with a new HijackThis log in your next reply.


#5 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 07:27 PM

Thanks so much! Here is Avenger log. Still trying to get HJT to run. Please standby

#6 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 07:34 PM

Whew! Kept get "access denied. no permission" Downloaded it again - so here is the log. Again, THANKS so much :(

#7 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 30 August 2009 - 07:45 PM

Please upload this file:

C:\Documents and Settings\Michelle Ledgister\LOCAL Settings\Temp\lsass.exe and post the results as a reply to this topic

To either jotti or virustotal
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Also, please run Win32kDiag.exe again and post the log

Edited by random/random, 30 August 2009 - 07:45 PM.


#8 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 07:54 PM

Sorry Random, but I'm very much a tech-spaz. How do I upload C:\Documents and Settings\Michelle Ledgister\LOCAL Settings\Temp\lsass.exe ?

#9 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 30 August 2009 - 08:04 PM

Go to http://www.virustotal.com/
Click Browse
Then find the file C:\Documents and Settings\Michelle Ledgister\LOCAL Settings\Temp\lsass.exe
There should be an icon on the left hand side labelled "Desktop". Double click on that. Then double click on "My Computer", then double click on "Documents and Settings" then double click on "Michelle Ledgister", then double click on "LOCAL Settings", then double click on "Temp", then select (single click) "lsass.exe", then click "Open" and then "Send file"

These instructions might not be quite right, since I'm using a different Operating system at the moment (Vista). If you can't upload the file, don't worry, just continue with the rest of the instructions.

#10 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 08:30 PM

Random Thanks so much for your help & Patience!

Here are the logs. Hopefully the upload worked.

Thanks again.

#11 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 30 August 2009 - 08:38 PM

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the combofix log and a new HijackThis log as a reply to this topic.

#12 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 30 August 2009 - 10:39 PM

Hi Random,

I'm sorry I took so long but that's what happens when you're a tech-spaz. I'm hoping and praying that ComboFix ran alright as the Recovery Console setup did not go very well.

Please let me know if I need to re-run ComboFix. Here are the logs.

Thanks a bunch you're awesome :(

#13 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 31 August 2009 - 05:51 PM

Hi Random,

Were you able to get anything useful from these logs? Or do you need me to run them again?

Thanks so much for your assistance.

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 PM

Posted 31 August 2009 - 06:23 PM

Everything ran fine, but I do need to sleep, and the logs have a lot of information in and take a while to go through.

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/253441/rootrepeal-log-pc-cant-run-hijackthismbamexe-ive-max-infection/
Collect::[24]
c:\windows\system32\wingenocx.dll
c:\windows\alex.dat
c:\windows\system32\ixexys.com
c:\windows\vajyp.com
c:\windows\system32\akulol.dat
c:\windows\suvy.dat
c:\windows\system32\UACltyouymmpl.dll
c:\windows\system32\UACsuupshppwv.dll
c:\windows\system32\UACoflbqllrth.dat
c:\windows\system32\UAClevjilwrow.dll
c:\windows\system32\drivers\UACwroepkhcnx.sys
c:\windows\system32\drivers\pziiw.sys
DirLook::
c:\program files\Stripper
Driver::
dzoiets
Registry::
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


#15 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 31 August 2009 - 06:38 PM

Great to hear that - Thanks Random. I will run the above and post later. Sweet dreams!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users