"You may not have the appropriate permission to access the item."

View previous topic View next topic Go down

"You may not have the appropriate permission to access the item."

Post by trailblazer250v6 on 2nd March 2010, 2:53 am

I cannot run anything on my system, avg, spyware malware,regedit,MBAM... It all started w/ trying to fix the virus anitvirus vista 2010 and now through attempting to fix that I am stuck and cannot open anything. I ran Systemlook and this is what it gave me.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:40 on 01/03/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll --a--c 315392 bytes [05:41 22/11/2008] [12:00 25/03/2005] A832D97D4113E28DB89C33219D9E7D20
C:\Windows.old\Windows\ServicePackFiles\amd64\scecli.dll --a--- 315392 bytes [05:45 22/11/2008] [05:54 17/02/2007] 40453F57AAC02F32F785642F5C2E211E
C:\Windows.old\Windows\system32\scecli.dll --a--- 315392 bytes [05:44 22/11/2008] [05:54 17/02/2007] 40453F57AAC02F32F785642F5C2E211E
C:\Windows.old\Windows\SysWOW64\scecli.dll --a--- 188928 bytes [12:00 25/03/2005] [16:05 18/02/2007] E7B7FD7D8907DADED4928E922608887F
C:\Windows\System32\scecli.dll --a--- 177152 bytes [12:40 20/10/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [02:22 21/01/2008] [02:22 21/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll --a--- 177152 bytes [12:40 20/10/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll --a--c 681984 bytes [05:41 22/11/2008] [12:00 25/03/2005] 918FF7D96DE11D01DBA8BFFB3218C5A0
C:\Windows.old\Windows\ServicePackFiles\amd64\netlogon.dll --a--- 681472 bytes [05:45 22/11/2008] [05:40 17/02/2007] BFF99E983A1F35B4E8AA74DEA19D014B
C:\Windows.old\Windows\system32\netlogon.dll --a--- 681472 bytes [05:44 22/11/2008] [05:40 17/02/2007] BFF99E983A1F35B4E8AA74DEA19D014B
C:\Windows.old\Windows\SysWOW64\netlogon.dll --a--- 430592 bytes [12:00 25/03/2005] [16:05 18/02/2007] 451564B8F22461D90CF8ED3945637845
C:\Windows\System32\netlogon.dll --a--- 592896 bytes [12:40 20/10/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [02:22 21/01/2008] [02:22 21/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll --a--- 592896 bytes [12:40 20/10/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll --a--c 130048 bytes [05:41 22/11/2008] [12:00 25/03/2005] 2C1641EFCDA764DCC29E01A528F227A1
C:\Windows.old\Windows\ServicePackFiles\amd64\eventlog.dll --a--- 130560 bytes [05:45 22/11/2008] [05:20 17/02/2007] 589B15B2B3254E2745CB205243EB8588
C:\Windows.old\Windows\system32\eventlog.dll --a--- 130560 bytes [05:44 22/11/2008] [05:20 17/02/2007] 589B15B2B3254E2745CB205243EB8588

-=End Of File=-

trailblazer250v6
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 25024
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "You may not have the appropriate permission to access the item."

Post by Dr Jay on 2nd March 2010, 7:21 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "You may not have the appropriate permission to access the item."

Post by trailblazer250v6 on 3rd March 2010, 1:38 am

Ok well on the plus side I think that it removed the virus. Once it was done running it automatically restarted. Once I tried to open anything like IE or notepad another window popped up and tells me "choose the program you want to use to open this file" then once I choose something it just opens through notepad and is displayed in code. Other program such as SystemLook come up w/ an error message C:\users\administrator\desktop\systemlook.txt is not a valid win32 application; or it says windows installer could not be accessed....So I crossed on bridge and ran into 5 more...

trailblazer250v6
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 25024
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "You may not have the appropriate permission to access the item."

Post by Dr Jay on 3rd March 2010, 5:18 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: "You may not have the appropriate permission to access the item."

Post by trailblazer250v6 on 3rd March 2010, 12:38 pm

The same thing happened when I attempted this, it tried to have me open it through another program. I tried clicking "look for apropriate program on the web" but nothing is ever found. Then when I tried to re-download MBAM and open it, I getthe message "C:\user\administrator\downloads\mbam-setup(3).exe application not found"

trailblazer250v6
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-03-02
OS OS : Windows Vista
Points Points : 25024
# Likes # Likes : 0

View user profile

Back to top Go down

Re: "You may not have the appropriate permission to access the item."

Post by Dr Jay on 3rd March 2010, 2:38 pm


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


  • Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by trailblazer250v6 on 4th March 2010, 2:43 am

    Once again, I download it I get the message "Choose the program..." once it try to open it. Really stuck here, what ever the source of this is, it is keeping me from opening anything... I am hoping I didn't delete something wrong from my processes while trying to rid of that virus... Whatever it is though it is allowing me to open firefox through my comcast account shortcut.

    trailblazer250v6
    Novice
    Novice

    Posts Posts : 22
    Joined Joined : 2010-03-02
    OS OS : Windows Vista
    Points Points : 25024
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by Dr Jay on 4th March 2010, 2:48 am

    Ok. We're not done trying to beat it.

    Please download [You must be registered and logged in to see this link.]

    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by trailblazer250v6 on 4th March 2010, 2:52 am

    exeHelper by Raktor
    Build 20091220
    Run at 21:50:32 on 03/03/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    trailblazer250v6
    Novice
    Novice

    Posts Posts : 22
    Joined Joined : 2010-03-02
    OS OS : Windows Vista
    Points Points : 25024
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by Dr Jay on 4th March 2010, 3:10 am

    Now can you start the program I needed you to do?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by trailblazer250v6 on 4th March 2010, 3:35 am

    Unfortunately I still can't open the programs, still get "choose the program..." message. And shortly after I posted that message my comp went to blue screen and crashed and now is running very slowly. I am going to try and run it in safe mode to see if that helps at all I really appreciate all this help, even if we can't figure it out...anymore miracles up your sleeve?

    trailblazer250v6
    Novice
    Novice

    Posts Posts : 22
    Joined Joined : 2010-03-02
    OS OS : Windows Vista
    Points Points : 25024
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by Dr Jay on 4th March 2010, 6:11 am

    Please download ComboFix from [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]

    [You must be registered and logged in to see this link.]


    Rename ComboFix.exe to commy.bat before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
    • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.bat" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by trailblazer250v6 on 4th March 2010, 12:31 pm

    Ok so when I go to download it, I don't get an optoin to rename it. Where there is generally a txt box to change it is solid, I can't even choose where it goes. Now once it is downloaded I can change title of it, but I don't know if that is actually reformatting the program, and it is always sent right to my downloads file. Now I can right click it and it comes up with the option of run as administrator.... but I am not sure if thats how I am supposed to run it...

    trailblazer250v6
    Novice
    Novice

    Posts Posts : 22
    Joined Joined : 2010-03-02
    OS OS : Windows Vista
    Points Points : 25024
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by Dr Jay on 4th March 2010, 2:07 pm

    So you could not rename it?

    What about renaming it after it is downloaded? Try that, then start it from the run box.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by trailblazer250v6 on 5th March 2010, 12:14 am

    Awsome, it ran, and I can open some of the programs now. Here's the code it came up with.

    ComboFix 10-03-04.02 - Administrator 03/04/2010 18:44:42.1.4 - x86 NETWORK
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.2832 [GMT -5:00]
    Running from: c:\users\Administrator\Desktop\commy.bat
    Command switches used :: /stepdel
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Adobe\254857257.old
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500
    c:\windows\system32\gogogahi.exe
    c:\windows\system32\lesohufu.exe
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc1.exe
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc2.exe
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\Dc4.exe
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\desktop.ini
    c:\recycler\S-1-5-21-404135821-3473200025-921332265-500\INFO2
    C:\Thumbs.db
    c:\users\ADMINI~1\AppData\Local\Temp\install_flash_player.exe
    c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\0ya5N88M.jpg
    c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\820504.jpg
    c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\boaOBM0By.jpg
    c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\L7yXyXYA.jpg
    c:\windows\system32\app_dll.dll
    c:\windows\system32\gefuwami.dll
    c:\windows\system32\jivafiti.dll
    c:\windows\system32\kalomawu.dll
    c:\windows\system32\kugewape.dll
    c:\windows\system32\liseruka.dll
    c:\windows\system32\meruyuva.dll
    c:\windows\system32\nipawivo.dll
    c:\windows\system32\nizukipu.dll
    c:\windows\system32\piseraho.dll
    c:\windows\system32\pubinibu.dll
    c:\windows\system32\tafiwizo.dll
    c:\windows\system32\torazovi.dll
    c:\windows\system32\tugufiki.dll
    c:\windows\system32\twain_32.dll
    c:\windows\system32\vogakape.dll
    c:\windows\system32\yavawoji.dll
    c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
    .

    2010-03-04 23:51 . 2010-03-04 23:51 -------- d-----w- c:\users\Temp\AppData\Local\temp
    2010-03-04 23:10 . 2010-03-04 23:10 -------- d-----w- C:\commy
    2010-03-04 02:12 . 2010-03-04 02:12 680 ----a-w- c:\users\Temp\AppData\Local\d3d9caps.dat
    2010-03-04 02:12 . 2010-03-04 02:12 100432 ----a-w- c:\users\Temp\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-04 02:11 . 2010-03-04 02:12 -------- d-----w- c:\users\Temp\AppData\Local\Apple Computer
    2010-03-04 02:11 . 2010-03-04 02:12 -------- d-----w- c:\users\Temp\AppData\Roaming\Apple Computer
    2010-03-04 02:10 . 2010-03-04 02:10 -------- d-----w- c:\users\Temp\AppData\Local\Adobe
    2010-03-04 02:08 . 2010-03-04 02:08 -------- d-----w- c:\users\Temp\AppData\Local\Mozilla
    2010-03-02 12:19 . 2010-03-02 12:19 -------- d-----w- c:\program files\ESET
    2010-02-28 15:48 . 2010-02-28 15:48 169100 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-24 06:03 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-24 06:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-02-24 06:02 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-02-24 06:02 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-24 06:02 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-24 06:02 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-02-24 06:02 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-24 06:02 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-24 06:02 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-02-24 06:02 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-24 06:02 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-02-24 06:02 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-02-24 06:02 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-02-08 12:46 . 2010-02-08 12:46 -------- d-----w- c:\program files\iPod
    2010-02-08 12:46 . 2010-03-03 01:49 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-04 23:47 . 2008-02-05 17:18 655214 ----a-w- c:\windows\system32\perfh019.dat
    2010-03-04 23:47 . 2008-02-05 17:18 126030 ----a-w- c:\windows\system32\perfc019.dat
    2010-03-02 12:31 . 2009-11-30 00:05 -------- d-----w- c:\program files\QuickTime
    2010-03-02 12:31 . 2009-07-28 21:59 -------- d-----w- c:\program files\PeerGuardian2
    2010-03-02 12:24 . 2009-01-29 05:37 -------- d-----w- c:\program files\AIM6
    2010-03-02 01:23 . 2009-02-03 01:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Move Networks
    2010-03-01 00:17 . 2009-07-10 10:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\LimeWire
    2010-02-26 18:16 . 2009-01-29 05:41 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
    2010-02-26 18:12 . 2009-01-29 05:39 -------- d-----w- c:\programdata\Apple
    2010-02-24 14:16 . 2009-10-03 05:03 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-24 12:41 . 2009-01-28 19:37 100432 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-11 08:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-02-08 12:46 . 2009-01-29 05:39 -------- d-----w- c:\program files\Common Files\Apple
    2010-02-08 12:44 . 2010-02-08 12:44 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-01-30 01:07 . 2009-02-17 00:21 -------- d-----w- c:\program files\Google
    2010-01-27 01:46 . 2010-01-27 01:46 144160 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\uninstall.exe
    2010-01-27 01:46 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    2010-01-06 15:38 . 2010-02-24 06:02 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-01-06 15:38 . 2010-02-24 06:02 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-01-06 15:38 . 2010-02-24 06:02 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-01-06 15:38 . 2010-02-24 06:02 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-01-02 06:38 . 2010-01-22 08:17 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32 . 2010-01-22 08:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 06:32 . 2010-01-22 08:17 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 04:57 . 2010-01-22 08:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-11 11:43 . 2010-02-10 11:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-11 11:43 . 2010-02-10 11:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\Administrator\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-12-08 20:01 . 2010-02-10 11:26 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-12-08 20:01 . 2010-02-10 11:26 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 20:01 . 2010-02-10 11:26 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 17:26 . 2010-02-10 11:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\bahabona.dll
    1601-01-01 00:03 . 1601-01-01 00:03 95232 --sha-w- c:\windows\System32\hakurevi.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\hoyobuva.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\jiponite.dll
    1601-01-01 00:03 . 1601-01-01 00:03 35840 --sha-w- c:\windows\System32\lahuyano.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\lepefihi.dll
    1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\lokudeti.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\lukumeyo.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\merenugu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\modigege.dll
    1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\System32\mojekogi.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\pafikiwu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\setizafu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 95232 --sha-w- c:\windows\System32\tasasifu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\vopidezu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 94208 --sha-w- c:\windows\System32\yakiyetu.dll
    1601-01-01 00:03 . 1601-01-01 00:03 40960 --sha-w- c:\windows\System32\yedonuse.dll
    .
    Code:
    ~[Filtered]~

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont .exe" [2009-04-24 1025320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "pejuhotego"="jivafiti.dll" [N/A]
    "jezeverat"="c:\windows\system32\vogakape.dll" [N/A]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    ""="" [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableInstallerDetection"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=app_dll.dll,tugufiki.dll c:\windows\system32\vogakape.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli tugufiki.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f5,f2,17,c5,69,66,ca,01

    R0 oxdheaor;oxdheaor; [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:07]

    2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = [You must be registered and logged in to see this link.]
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7j14pyu4.default\
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: c:\users\Administrator\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{78443a0e-390a-4dcd-889c-10a3386ffb94} - kugewape.dll
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    SharedTaskScheduler-{c423d733-a8d2-4e97-8e34-1d36ab114c2c} - c:\windows\system32\vogakape.dll
    SSODL-finepodus-{c423d733-a8d2-4e97-8e34-1d36ab114c2c} - c:\windows\system32\vogakape.dll



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,0a,fd,d7,17,bb,96,4e,8c,73,fb,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,0a,fd,d7,17,bb,96,4e,8c,73,fb,\

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.avi"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\wordicon.exe"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\wordicon.exe"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-371945664-4036494631-2048450281-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\helppane.exe
    .
    **************************************************************************
    .
    Completion time: 2010-03-04 19:00:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-03-05 00:00

    Pre-Run: 355,973,951,488 bytes free
    Post-Run: 356,210,860,032 bytes free

    - - End Of File - - 4590665D38C9F768820E91F423082140

    trailblazer250v6
    Novice
    Novice

    Posts Posts : 22
    Joined Joined : 2010-03-02
    OS OS : Windows Vista
    Points Points : 25024
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: "You may not have the appropriate permission to access the item."

    Post by Dr Jay on 5th March 2010, 2:33 pm

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableInstallerDetection"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    These entries declare you have User Account Control (UAC) off. Is this true?

    ==

    Re-running ComboFix to remove infections:

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the quotebox below into it:
      killall::
      File::
      c:\windows\System32\bahabona.dll
      c:\windows\System32\hakurevi.dll
      c:\windows\System32\hoyobuva.dll
      c:\windows\System32\jiponite.dll
      c:\windows\System32\lahuyano.dll
      c:\windows\System32\lepefihi.dll
      c:\windows\System32\lokudeti.dll
      c:\windows\System32\lukumeyo.dll
      c:\windows\System32\merenugu.dll
      c:\windows\System32\modigege.dll
      c:\windows\System32\mojekogi.dll
      c:\windows\System32\pafikiwu.dll
      c:\windows\System32\setizafu.dll
      c:\windows\System32\tasasifu.dll
      c:\windows\System32\vopidezu.dll
      c:\windows\System32\yakiyetu.dll
      c:\windows\System32\yedonuse.dll

      Folder::
      c:\program files\Viewpoint

      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "pejuhotego"=-
      "jezeverat"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "GrpConv"=-
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=app_dll.dll,tugufiki.dll c:\windows\system32\vogakape.dll
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      @="0"

      RegLock::
      ""=-

      NetSvc::
      oxdheaor

      Firefox::
      FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

      Rootkit::
      ADS::
      MBR::
      Reboot::
    • Save this as CFScript.txt, in the same location as ComboFix.exe



    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13810
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302437
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum