VBS:Malware-gen detected by Avast - Free Antivirus Forum

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

VBS:Malware-gen detected by Avast

BullGuard Antivirus Forum > Virus Removal > Removal Help > VBS:Malware-gen detected by Avast

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

DarkPrincess
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-22-2009 3:23 (GMT +2)

Apologies for posting in another topic. Deepest thanks to anyone who may be able to help.

I found this through autorun.uni, which I seemed to download through Quicktime Alternative via SD card.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:28 PM, on 11/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Blitzz\BWI715\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [Blitzz BWI715] C:\Program Files\Blitzz\BWI715\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231374419434
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 6910 bytes

........................................

Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 5.1.2600 Service Pack 2

11/21/2009 6:48:53 PM
mbam-log-2009-11-21 (18-48-53).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 378760
Time elapsed: 10 hour(s), 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Ben's\D\software\Key Win XP\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Ben's\D\software\Sony.Sound.Forge.v8.0.Incl.Keygen\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP32\A0015712.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP37\A0016089.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP37\A0016092.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP37\A0016095.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP37\A0016104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP37\A0016107.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP46\A0016273.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016610.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016639.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016753.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016707.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016782.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{5D9ABE95-AC90-4109-88B0-479880DA57C6}\RP47\A0016787.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{6FFAC361-AD69-42C8-9160-FC004B38A935}\RP101\A0025689.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{6FFAC361-AD69-42C8-9160-FC004B38A935}\RP109\A0029783.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{6FFAC361-AD69-42C8-9160-FC004B38A935}\RP121\A0034136.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

..........................

DDS (Ver_09-10-26.01) - NTFSx86
Run by Susan at 18:56:58.56 on Sat 11/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3067 [GMT -6:00]

AV: avast! antivirus 4.8.1356 [VPS 091121-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Blitzz\BWI715\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Susan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\ati hydravision\HydraDM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"
mRun: [Blitzz BWI715] c:\program files\blitzz\bwi715\WLANmon.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\susan\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231374419434
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\susan\applic~1\mozilla\firefox\profiles\z4gmtsmu.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-18 20560]
R3 BWI715;BWI715 Wireless Network Adapter Service;c:\windows\system32\drivers\BWI715.sys [2009-1-8 344096]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-4-16 39048]

=============== Created Last 30 ================

2009-11-21 10:41:26 0 d-----w- c:\docume~1\susan\applic~1\Malwarebytes
2009-11-21 10:41:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 10:41:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 10:41:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 10:41:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-21 10:26:04 0 d-----w- c:\program files\CCleaner
2009-11-20 21:42:30 0 d-----w- c:\windows\system32\LogFiles
2009-11-20 21:38:11 0 d-sha-r- C:\cmdcons
2009-11-20 21:34:07 98816 ----a-w- c:\windows\sed.exe
2009-11-20 21:34:07 77312 ----a-w- c:\windows\MBR.exe
2009-11-20 21:34:07 260608 ----a-w- c:\windows\PEV.exe
2009-11-20 21:34:07 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 01:15:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-18 19:59:55 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-18 19:59:55 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-18 19:59:50 0 d-----w- c:\program files\QuickTime Alternative
2009-11-18 07:53:42 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-18 07:53:42 21504 ----a-w- c:\windows\system32\hidserv.dll

==================== Find3M ====================

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

============= FINISH: 18:57:05.17 ===============

File Attachment :
attach.zip 3KB (application/x-zip-compressed)

This file has been downloaded 293 time(s).

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 18005

Posted 11-24-2009 8:55 (GMT +2)

Download http://eric.71.mespages.googlepages.com/LopSD.exe
by Eric_71 and save it to your desktop.

Double-click LopSD.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 2 to choose Option 2 (Fix + Hosts), then press Enter
Wait until the end of the scan have finished.

A report will be generated, post the contents of it in your next reply.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

DarkPrincess
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-24-2009 11:45 (GMT +2)

I had 18 infections in my avast chest a couple of days ago, and now I have around 30.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Susan ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1356 [VPS 091124-0] 4.8.1356 (Not Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:279 Go (Free:170 Go)
D:\ (Local Disk) - NTFS - Total:596 Go (Free:45 Go)
E:\ (USB) - FAT - Total:1875 Mo (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:1863 Go (Free:573 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : ( Tue 11/24/2009|15:32 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[01/08/2009|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/07/2009|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[11/18/2009|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/07/2009|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/08/2009|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Autodesk
[05/11/2009|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[11/21/2009|04:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/24/2009|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/07/2009|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/21/2009|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip

[01/07/2009|05:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/07/2009|05:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/07/2009|05:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[11/23/2009|01:40] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Adobe
[01/07/2009|06:18] C:\DOCUME~1\Susan\APPLIC~1\<DIR> ATI
[01/07/2009|05:59] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Identities
[04/16/2009|03:03] C:\DOCUME~1\Susan\APPLIC~1\<DIR> InstallShield
[01/08/2009|12:32] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Macromedia
[11/21/2009|04:41] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Malwarebytes
[11/18/2009|03:28] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Microsoft
[01/07/2009|06:34] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Mozilla
[01/27/2009|07:03] C:\DOCUME~1\Susan\APPLIC~1\<DIR> OpenOffice.org
[01/08/2009|12:44] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Sun
[02/02/2009|11:17] C:\DOCUME~1\Susan\APPLIC~1\<DIR> U3
[02/01/2009|09:44] C:\DOCUME~1\Susan\APPLIC~1\<DIR> Winamp

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/22/2009 05:48 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/07/2009|08:24] C:\Program Files\<DIR> Adobe
[11/18/2009|03:14] C:\Program Files\<DIR> Alwil Software
[01/08/2009|12:52] C:\Program Files\<DIR> ANI
[01/07/2009|06:05] C:\Program Files\<DIR> ASUS
[01/07/2009|06:16] C:\Program Files\<DIR> ATI Technologies
[01/08/2009|12:44] C:\Program Files\<DIR> Autodesk
[02/10/2009|01:56] C:\Program Files\<DIR> AviSynth 2.5
[01/08/2009|12:52] C:\Program Files\<DIR> Blitzz
[01/07/2009|07:42] C:\Program Files\<DIR> Bonjour
[11/21/2009|04:26] C:\Program Files\<DIR> CCleaner
[11/20/2009|03:41] C:\Program Files\<DIR> Common Files
[01/07/2009|05:50] C:\Program Files\<DIR> ComPlus Applications
[01/27/2009|07:58] C:\Program Files\<DIR> eRightSoft
[01/08/2009|12:43] C:\Program Files\<DIR> InfraRecorder
[04/16/2009|03:05] C:\Program Files\<DIR> InstallShield Installation Information
[01/07/2009|06:11] C:\Program Files\<DIR> Internet Explorer
[11/21/2009|07:00] C:\Program Files\<DIR> Java
[01/08/2009|12:45] C:\Program Files\<DIR> JRE
[11/21/2009|04:41] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[01/07/2009|05:49] C:\Program Files\<DIR> Messenger
[01/07/2009|05:54] C:\Program Files\<DIR> microsoft frontpage
[01/07/2009|05:51] C:\Program Files\<DIR> Movie Maker
[11/24/2009|03:10] C:\Program Files\<DIR> Mozilla Firefox
[01/07/2009|05:48] C:\Program Files\<DIR> MSN
[01/07/2009|05:49] C:\Program Files\<DIR> MSN Gaming Zone
[01/07/2009|05:51] C:\Program Files\<DIR> NetMeeting
[01/07/2009|06:07] C:\Program Files\<DIR> NVIDIA Corporation
[11/21/2009|06:59] C:\Program Files\<DIR> Online Services
[01/08/2009|12:45] C:\Program Files\<DIR> OpenOffice.org 3
[01/07/2009|05:51] C:\Program Files\<DIR> Outlook Express
[01/07/2009|08:07] C:\Program Files\<DIR> QuickTime
[11/18/2009|01:59] C:\Program Files\<DIR> QuickTime Alternative
[01/07/2009|06:02] C:\Program Files\<DIR> Realtek
[04/16/2009|03:05] C:\Program Files\<DIR> Sony
[11/21/2009|07:04] C:\Program Files\<DIR> Trend Micro
[10/08/2009|03:54] C:\Program Files\<DIR> Ultra MP4 Video Converter
[01/07/2009|05:59] C:\Program Files\<DIR> Uninstall Information
[02/01/2009|09:44] C:\Program Files\<DIR> Winamp
[01/07/2009|05:54] C:\Program Files\<DIR> Windows Media Player
[01/07/2009|05:49] C:\Program Files\<DIR> Windows NT
[01/07/2009|05:52] C:\Program Files\<DIR> WindowsUpdate
[11/21/2009|07:17] C:\Program Files\<DIR> WinZip
[01/07/2009|05:54] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/07/2009|07:46] C:\Program Files\Common Files\<DIR> Adobe
[01/08/2009|12:44] C:\Program Files\Common Files\<DIR> Autodesk Shared
[01/07/2009|06:06] C:\Program Files\Common Files\<DIR> InstallShield
[01/07/2009|07:36] C:\Program Files\Common Files\<DIR> Macrovision Shared
[11/18/2009|02:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/07/2009|05:51] C:\Program Files\Common Files\<DIR> MSSoap
[01/07/2009|11:02] C:\Program Files\Common Files\<DIR> ODBC
[01/07/2009|05:51] C:\Program Files\Common Files\<DIR> Services
[01/07/2009|11:02] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/07/2009|05:51] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 38 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 15:34:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:37][D:4]-> C:\DOCUME~1\Susan\LOCALS~1\Temp
[F:18][D:0]-> C:\DOCUME~1\Susan\Cookies
[F:7][D:4]-> C:\DOCUME~1\Susan\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 11/24/2009|15:34 - Option :

--------------------\\ Scan completed at 15:34:44

DarkPrincess
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-25-2009 4:54 (GMT +2)

It was meant to be autorun.inf in the first post. I have unicycles on the brain.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 18005

Posted 11-25-2009 6:25 (GMT +2)

Ok. Let´s see a combolog ->

Please download Combofix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

DarkPrincess
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-25-2009 6:46 (GMT +2)

ComboFix 09-11-24.02 - Susan 11/24/2009 22:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2874 [GMT -6:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091124-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-24 21:32 . 2009-11-24 21:34 -------- d-----w- C:\Lop SD
2009-11-22 11:47 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-22 11:47 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-22 11:47 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-22 11:47 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 11:47 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-22 11:47 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-22 11:47 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-22 11:47 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-22 11:46 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-22 01:21 . 2009-11-22 01:21 2991 ----a-w- C:\attach.zip
2009-11-22 01:17 . 2009-11-22 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-22 01:04 . 2009-11-22 01:04 -------- d-----w- c:\program files\Trend Micro
2009-11-21 10:41 . 2009-11-21 10:41 -------- d-----w- c:\documents and settings\Susan\Application Data\Malwarebytes
2009-11-21 10:41 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-21 10:41 . 2009-11-21 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-21 10:41 . 2009-11-21 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-21 10:41 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 10:26 . 2009-11-21 10:26 -------- d-----w- c:\program files\CCleaner
2009-11-20 21:42 . 2009-11-20 21:42 -------- d-----w- c:\windows\system32\LogFiles
2009-11-19 01:15 . 2009-11-19 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 01:15 . 2009-11-19 01:15 152576 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-18 09:28 . 2009-11-18 09:28 -------- d-----w- c:\documents and settings\Susan\Local Settings\Application Data\Identities
2009-11-18 09:14 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-18 09:14 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-11-18 09:14 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Alwil Software
2009-11-18 07:53 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-18 07:53 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 03:28 . 2009-01-28 01:03 1 ----a-w- c:\documents and settings\Susan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-22 01:00 . 2009-01-08 06:44 -------- d-----w- c:\program files\Java
2009-10-08 09:54 . 2009-10-08 09:47 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2006-05-03 09:06 . 2009-01-28 01:59 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-01-28 01:59 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_21.44.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-22 11:49 . 2009-11-22 11:49 16384 c:\windows\Temp\Perflib_Perfdata_838.dat
+ 2009-11-22 11:48 . 2009-11-22 11:48 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
- 2001-08-23 12:00 . 2009-11-18 08:25 64236 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-11-22 00:59 64236 c:\windows\system32\perfc009.dat
+ 2009-01-08 01:06 . 2009-11-22 11:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-08 01:06 . 2009-01-08 01:06 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-22 01:17 . 2009-11-22 01:17 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}\IconCD95F6617.exe
- 2001-08-23 12:00 . 2009-11-18 08:25 411422 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-11-22 00:59 411422 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-11-22 11:37 . 2009-11-22 11:37 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-11-22 01:17 . 2009-11-22 01:17 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}\IconCD95F66110.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-11-22 01:17 . 2009-11-22 01:17 1541120 c:\windows\Installer\d9667.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe boot" [X]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"Blitzz BWI715"="c:\program files\Blitzz\BWI715\WLANmon.exe" [2004-02-17 663552]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2003-08-21 32768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2009 5:47 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2009 5:47 AM 20560]
R3 BWI715;BWI715 Wireless Network Adapter Service;c:\windows\system32\drivers\BWI715.sys [1/8/2009 12:56 AM 344096]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [4/16/2009 3:05 PM 39048]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\z4gmtsmu.default\
FF - prefs.js: browser.search.selectedEngine - GoodSearch
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuide.exe UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 22:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2880)
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
.
Completion time: 2009-11-24 22:44
ComboFix-quarantined-files.txt 2009-11-25 04:43
ComboFix2.txt 2009-11-20 21:47

Pre-Run: 183,378,612,224 bytes free
Post-Run: 183,346,814,976 bytes free

- - End Of File - - E15A718EEC91B9797944BB33A8F9AB35

DarkPrincess
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 12-1-2009 9:59 (GMT +2)

Hello again,

A friend suggest that I reformat Windows because of how great the infection is on my machine. What would you recommend?

Forum Information

Currently it is Monday, May 21, 2012 10:39 PM (GMT +2)
There are a total of 82.921 posts in 18.688 threads.
In the last 3 days there were 2 new threads and 3 reply posts. View Active Threads