I emailed you all a few weeks ago about a virus that would not allow me to save my Combo Fix or Hijack This logs, and once you run the programs then you can not run them again.
I can no longer open my run function, and it is becoming harder to find a way to connect to the internet.
I did find this bug log on my c drive. I am not sure where it came from or what it has documented.
I am now getting this desot.exe has encountered a problem and needs to close. We are sorry for the inconvenience. It tells me to send an error report or debug.
Please help!!!! school started yesterday! This is my lifeline, and all I have!
Here is the "BUG LOG"...again, not sure what it is reporting.
32788R22FWJFW\swreg.exe import 32788R22FWJFW\EXE.reg
32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\
MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfxxe
32788R22FWJFW\PV.cfxxe -kf *.pif nircmd.* ANDRE.EXE TOLO.exe Merlin.scr jalang.exe jalangkung.exe jantungan.exe DOSEN.exe C3W3K4MPUS.exe cmd.exe
Killing '*.pif'
Killing 'nircmd.*'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
Killing 'cmd.exe'
pv: No matching processes found
PUSHD "C:\32788R22FWJFW"
IF NOT EXIST pev.cfxxe COPY /Y pev.exe pev.cfxxe
1 file(s) copied.
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
1 file(s) copied.
SET "Comspec=C:\WINDOWS\system32\cmd.execf"
IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
IF EXIST OsVer EXIT
VER 1>OsVer
GREP.cfxxe -F "5.2." OsVer
IF 1 == 0 GOTO Not_NT
GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac
IF 0 == 0 GOTO NT
GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT
SED.cfxxe "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00
PEV.EXE -rtf -s+901 .\OriPath00 && (
SED.cfxxe -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01
FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
)
IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel"
Killing 'runonce.exe'
Killing 'grpconv.exe'
Killing 'procmon.exe'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
pv: No matching processes found
PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED "/.* /!d; s///" temp03 1>temp04
SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05
FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
CALL :MDCheck
Could Not Find C:\32788R22FWJFW\md5sum00.pif
PEV -rtf -md573FF0546C6C03834F58C5B90D18A77E4 .\md5sum.pif || CALL :MDFaiL ChkSum_Fail
.\md5sum.pif
PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat
GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=73FF0546C6C03834F58C5B90D18A77E4
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-429B14235C
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
KMD=CF17216.exe
LOGONSERVER=\\USER-429B14235C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$
Qrntn=C:\Qoobox\Quarantine
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
sfxname=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=USER-429B14235C
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
=============================================
IF NOT DEFINED sfxname GOTO END
GREP -F \ temp01 && CALL :Aux
GREP -Fi "C:\WINDOWS\system32\userinit.exe" Userinit00 || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\WINDOWS\system32\userinit.exe," )
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
CALL LANG.bat
Active code page: 1252
SET SfxCmd 1>SET00
SED -r "/SfxCmd=/I!d; s///; s/\s*$//; s/^(\x22[^\x22]*\x22|[^\x22]\S*) +//; s/^\x22*C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\R9QL9XTY\\ComboFix[1].exe\x22*//I; s/^([^\x22]\S*)/@SET SfxCmd=\x22\1\x22/; s/^(\x22.*)/@SET SfxCmd=\1/" SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
Access is denied.
@SET SfxCmd="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
Access is denied.
IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r "s/\x22//g; s/.*\) //; s/.*(\{.{8}-.{4}-.{4}-.{4}-.{12}\}).*/\1/" AvBlack00 1>AvBlack01
FOR /F "TOKENS=*" %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs "%~G"
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
)
GREP -Fivf AVWhite resident.txt | GREP -E "^(AV|SP): .*enabled\* \(" 1>AVChk && (
SED -r "s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ \*(On-access scanning |)enabled\*.*//" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!" "" && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!" ""
)
grep: resident.txt: No such file or directory
DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
GREP -Fx "REGEDIT4" Fin.dat || (
ECHO.1>"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss"
PEV -rtf "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss" || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)
GOTO AbortD
)
REGEDIT4
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL /A/F "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log"
COPY /Y /B "C:\WINDOWS\system32\cmd.execf" "C:\WINDOWS\system32\CF17216.exe"
1 file(s) copied.
SET "COMSPEC=C:\WINDOWS\system32\CF17216.exe"
FOR /F "TOKENS=*" %G IN ("C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe") DO (
SET "FileName=%~NG"
SET "FilePath=%~DPG"
)
(
SET "FileName=ComboFix[1]"
SET "FilePath=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\"
)
SET FileName 1>FileName
GREP -ix "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB
DEL /A/F/Q DirName0?
Could Not Find C:\32788R22FWJFW\DirName0?
CALL NircmdB.exe INFOBOX "You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
GOTO END
IF EXIST "C:\WINDOWS\system32\cmd.execf" MOVE /Y "C:\WINDOWS\system32\cmd.execf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp"
CD ..
IF DEFINED cfldr RD /S/Q "32788R22FWJFW"
The system cannot find the path specified.
I can no longer open my run function, and it is becoming harder to find a way to connect to the internet.
I did find this bug log on my c drive. I am not sure where it came from or what it has documented.
I am now getting this desot.exe has encountered a problem and needs to close. We are sorry for the inconvenience. It tells me to send an error report or debug.
Please help!!!! school started yesterday! This is my lifeline, and all I have!
Here is the "BUG LOG"...again, not sure what it is reporting.
32788R22FWJFW\swreg.exe import 32788R22FWJFW\EXE.reg
32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\
MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfxxe
32788R22FWJFW\PV.cfxxe -kf *.pif nircmd.* ANDRE.EXE TOLO.exe Merlin.scr jalang.exe jalangkung.exe jantungan.exe DOSEN.exe C3W3K4MPUS.exe cmd.exe
Killing '*.pif'
Killing 'nircmd.*'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
Killing 'cmd.exe'
pv: No matching processes found
PUSHD "C:\32788R22FWJFW"
IF NOT EXIST pev.cfxxe COPY /Y pev.exe pev.cfxxe
1 file(s) copied.
IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
1 file(s) copied.
SET "Comspec=C:\WINDOWS\system32\cmd.execf"
IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
IF EXIST OsVer EXIT
VER 1>OsVer
GREP.cfxxe -F "5.2." OsVer
IF 1 == 0 GOTO Not_NT
GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac
IF 0 == 0 GOTO NT
GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT
SED.cfxxe "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00
PEV.EXE -rtf -s+901 .\OriPath00 && (
SED.cfxxe -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01
FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
)
IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G"
SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel"
Killing 'runonce.exe'
Killing 'grpconv.exe'
Killing 'procmon.exe'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
pv: No matching processes found
PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED "/.* /!d; s///" temp03 1>temp04
SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05
FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
CALL :MDCheck
Could Not Find C:\32788R22FWJFW\md5sum00.pif
PEV -rtf -md573FF0546C6C03834F58C5B90D18A77E4 .\md5sum.pif || CALL :MDFaiL ChkSum_Fail
.\md5sum.pif
PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat
GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat
GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL
GOTO :EOF
=============================================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=73FF0546C6C03834F58C5B90D18A77E4
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-429B14235C
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
KMD=CF17216.exe
LOGONSERVER=\\USER-429B14235C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$
Qrntn=C:\Qoobox\Quarantine
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
sfxname=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=USER-429B14235C
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
=============================================
IF NOT DEFINED sfxname GOTO END
GREP -F \ temp01 && CALL :Aux
GREP -Fi "C:\WINDOWS\system32\userinit.exe" Userinit00 || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\WINDOWS\system32\userinit.exe," )
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
CALL LANG.bat
Active code page: 1252
SET SfxCmd 1>SET00
SED -r "/SfxCmd=/I!d; s///; s/\s*$//; s/^(\x22[^\x22]*\x22|[^\x22]\S*) +//; s/^\x22*C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\R9QL9XTY\\ComboFix[1].exe\x22*//I; s/^([^\x22]\S*)/@SET SfxCmd=\x22\1\x22/; s/^(\x22.*)/@SET SfxCmd=\1/" SET00 1>sfx.cmd
DEL /A/F SET00
ATTRIB +R "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
Access is denied.
@SET SfxCmd="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe"
CALL sfx.cmd
CALL AV.cmd
SET /a AVCount+=1
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
Access is denied.
IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r "s/\x22//g; s/.*\) //; s/.*(\{.{8}-.{4}-.{4}-.{4}-.{12}\}).*/\1/" AvBlack00 1>AvBlack01
FOR /F "TOKENS=*" %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs "%~G"
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
)
GREP -Fivf AVWhite resident.txt | GREP -E "^(AV|SP): .*enabled\* \(" 1>AVChk && (
SED -r "s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ \*(On-access scanning |)enabled\*.*//" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!" "" && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!" ""
)
grep: resident.txt: No such file or directory
DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?
SET AVCount=
IF EXIST vista.mac CALL :Vista
GREP -Fx "REGEDIT4" Fin.dat || (
ECHO.1>"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss"
PEV -rtf "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tdsstdss" || (
ECHO.1>wtf_tdssserv
CALL c.bat
GOTO END
)
GOTO AbortD
)
REGEDIT4
IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort
IF EXIST "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log" DEL /A/F "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\32788R22FWJFW32788R22FWJFW.log"
COPY /Y /B "C:\WINDOWS\system32\cmd.execf" "C:\WINDOWS\system32\CF17216.exe"
1 file(s) copied.
SET "COMSPEC=C:\WINDOWS\system32\CF17216.exe"
FOR /F "TOKENS=*" %G IN ("C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\ComboFix[1].exe") DO (
SET "FileName=%~NG"
SET "FilePath=%~DPG"
)
(
SET "FileName=ComboFix[1]"
SET "FilePath=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R9QL9XTY\"
)
SET FileName 1>FileName
GREP -ix "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB
DEL /A/F/Q DirName0?
Could Not Find C:\32788R22FWJFW\DirName0?
CALL NircmdB.exe INFOBOX "You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters" ""
GOTO END
IF EXIST "C:\WINDOWS\system32\cmd.execf" MOVE /Y "C:\WINDOWS\system32\cmd.execf" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp"
CD ..
IF DEFINED cfldr RD /S/Q "32788R22FWJFW"
The system cannot find the path specified.