My computer, it got broke.

R

redbaron09

New member
I keep getting a strange error every time any type of process or program is launched. This includes all processes at start up, and any process launched during normal use.
The error reads:
"The application or DLL globalroot\systemroot\system32\TDSSlxwp.dll is not a valid windows image. Please check this against your installation diskette."
I would post a HJT log, but I cant install it. Any time I try to install anything the installation wizard fails to launch, this also happens with various other programs such as spybot.
 
sorry, that guide doesnt address my problem. i cannot install HJT on my computer. it wont let me. i love to just copy and paste the log from a different computer but i cant even use the program.
 
Last edited by a moderator:
hi,

you can get on the internet using the infected computer? if so we will use combofix. First i would use the infected computer as little as possible and when not in use pull the plug on your modem or router so there is no internet connectivity to the computer.

there is a guide for using combofix. looks like a lot but dosnt require much on your part. read through the guide.
when you save combofix to your desktop:

-->change the name from combofix.exe to scan.exe, then save it to your desktop. doubleclick the scan.exe on your desktop and follow the prompts.

post the combofix log in your reply. next update and run your antivirus and any anti-malware apps you have.
last: post a hjt log
----------------------------------------
if you cannot get on the internet with the infected computer:

read the combofix guide, save combofix after renaming it to scan.exe to a usb flash drive,transfer via flash drive to infected computer. run scan.exe like above. post the combofix log, update run antivirus etc, post hjt log also.

--->leave usb drive in infected computer, dont remove and use it in another computer.

the combofix guide is here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
ComboFix 08-12-01.03 - k****** 2008-12-02 23:38:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Command switches used :: c:\documents and settings\k******\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\1083211688.exe
c:\windows\110642656.exe
c:\windows\1185722582.exe
c:\windows\212372300.exe
c:\windows\2159854114.exe
c:\windows\3431478420.exe
c:\windows\3534770564.exe
c:\windows\3761594674.exe
c:\windows\752939184.exe
c:\windows\csrssc.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\addwgnfp.ini
c:\windows\system32\boaewyci.ini
c:\windows\system32\drivers\TDSSoiqh.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\ebbpxbxt.dll
c:\windows\system32\eewaryvt.ini
c:\windows\system32\fuoirepn.ini
c:\windows\system32\gfihknpo.ini
c:\windows\system32\gfihknpo.ini2
c:\windows\system32\iihhqncx.ini
c:\windows\system32\iinlaggh.ini
c:\windows\system32\jbfaalxk.ini
c:\windows\system32\jcjnrngs.ini
c:\windows\system32\jcxtsmfc.ini
c:\windows\system32\obqwfd.dll
c:\windows\system32\pjifqdix.ini
c:\windows\system32\rmdspaas.ini
c:\windows\system32\sgnrnjcj.dll
c:\windows\system32\siejf93.dll
c:\windows\system32\TDSShrsr.dat
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSofxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSorvd.dll
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSpaxt.dll
c:\windows\system32\TDSSpqlt.log
c:\windows\system32\TDSSpqxt.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\tokunjlf.dll
c:\windows\system32\whppcv.dll
c:\windows\system32\wlligmtw.ini
c:\windows\system32\zbsszt.dll

----- BITS: Possible infected sites -----

hxxp://www.mp3codecinstall.net
hxxp://wsus.nmu.edu
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-11-27 19:45 . 2008-11-27 19:50 <DIR> d-------- c:\program files\Tetris
2008-11-27 03:42 . 2008-12-01 09:51 160 --a------ c:\windows\jusnh38enfsfst4g.tmp
2008-11-15 19:46 . 2008-06-20 05:45 360,320 --a------ c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2008-11-15 19:46 . 2008-06-20 05:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2008-11-15 17:15 . 2008-11-15 17:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 17:15 . 2008-11-15 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 19:24 . 2008-11-14 19:28 705 --a------ C:\jwwgtuh.exe
2008-11-14 19:24 . 2008-11-14 19:28 705 --a------ C:\iruq.exe
2008-11-14 19:24 . 2008-11-14 19:28 705 --a------ C:\dhup.exe
2008-11-14 19:24 . 2008-11-14 19:28 2 --a------ C:\682465944
2008-11-13 20:33 . 2008-11-19 16:42 <DIR> d-------- C:\Downloads
2008-11-13 20:32 . 2008-11-15 17:42 <DIR> d-------- c:\program files\BitComet
2008-11-10 23:30 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe
2008-11-10 23:30 . 2008-11-10 23:30 121 --a------ c:\windows\SIERRA.INI
2008-11-10 22:12 . 2008-11-11 02:31 <DIR> d-------- c:\program files\Project64 1.6
2008-11-07 03:55 . 2008-11-07 03:55 <DIR> d--hs---- c:\documents and settings\All Users\DRM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 04:44 235,040 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-03 04:43 96,836 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-03 04:43 7,404,576 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-03 04:43 24,056 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-03 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-16 00:46 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-11-14 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-01 23:59 --------- d-----w c:\program files\Personal Files
2008-11-01 23:57 720,896 ----a-w c:\windows\iun6002.exe
2008-10-30 23:42 606,848 ----a-w c:\windows\flashax.exe
2008-10-30 23:42 503,808 ----a-w c:\windows\leogeo_timebeat.scr
2008-10-30 23:42 12,288 ----a-w c:\windows\impborl.dll
2008-10-24 11:10 453,632 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 14:03 --------- d-----w c:\program files\Respondus LockDown Browser
2008-10-15 19:41 --------- d-----w c:\documents and settings\k******\Application Data\Launchy
2008-10-13 22:05 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-13 17:16 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-13 15:50 --------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2008-10-13 15:49 --------- d-----w c:\program files\AIM6
2008-10-13 15:49 --------- d-----w c:\documents and settings\k******\Application Data\acccore
2008-10-13 15:42 --------- d-----w c:\program files\Viewpoint
2008-10-13 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-13 15:41 --------- d-----w c:\program files\Common Files\AOL
2008-10-13 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-13 15:41 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-10-13 15:25 --------- d-----w c:\program files\AlienGUIse
2008-10-13 15:21 --------- d-----w c:\program files\Common Files\Stardock
2008-10-13 15:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 15:05 --------- d-----w c:\program files\Kaspersky Lab
2008-10-13 15:05 --------- d-----w c:\program files\Common Files\Kaspersky Lab
2008-10-13 15:05 --------- d-----w c:\program files\Common Files\Cisco Systems
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

------- Sigcheck -------

2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-11-15 19:46 360320 3c966f647bab332093cb0f92692b5cb8 c:\windows\system32\dllcache\tcpip.sys
2008-11-15 19:46 360320 3c966f647bab332093cb0f92692b5cb8 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-08-20 172032]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-12-05 487424]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Backup Reminder"="c:\program files\Northern Michigan University\Backup Reminder\BackupReminder.exe" [2007-02-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2008-10-13 231952]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-07-07 50688]
Intel Wireless Reporting Tool.lnk - c:\program files\Intel\WRT\WRT Tray.exe [2008-02-28 266240]
Launchy.lnk - c:\program files\Personal Files\Launchy\Launchy.exe [2008-10-15 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 15:36 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Personal Files\\LookAtLan.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
"25176:TCP"= 25176:TCP:BitComet 25176 TCP
"25176:UDP"= 25176:UDP:BitComet 25176 UDP

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-07-07 4442]
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2007-12-05 46656]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-07-07 26137]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-07-07 155152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-05-30 24344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-07-07 155152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-11 00:30]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-jsg8jfgfdfhfhf - c:\windows\TEMP\winlogun.exe
SharedTaskScheduler-{C5AF42A3-94F3-42BD-F434-3604832C897D} - (no file)
ShellExecuteHooks-{0DB0263F-A555-4853-AEF3-4D78331512B3} - c:\windows\system32\cbXoOFXP.dll
Notify-cbXoOFXP - cbXoOFXP.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\k******\Application Data\Mozilla\Firefox\Profiles\hqbpg6pa.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.acs.nmu.edu/home
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPJinit13126.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 23:44:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\klogon.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\DisplayLink Core Software\DisplayLinkService.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Northern Michigan University\Emergency Broadcast System\NMUEBS.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\spm.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-12-02 23:47:55 - machine was rebooted [k******]
ComboFix-quarantined-files.txt 2008-12-03 04:46:34

Pre-Run: 80,986,279,936 bytes free
Post-Run: 81,718,747,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

284 --- E O F --- 2008-11-12 23:07:57
 
hi,

ok we will use combofix again:

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

Code: 
File::
C:\jwwgtuh.exe
C:\iruq.exe
C:\dhup.exe
C:\682465944


Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop.

using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log.

can you get a hjt log now? we will get another download to use. its called malwarebytes link and directions:

Please download Malwarebytes' Anti-Malware to your desktop:

http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Congratulations are in order then on your new arrival.

post the new combofix log, and the malwarebytes log.
 
You must log in or register to reply here.
Back
Top