Trojan generic 18

Avg Anti-virus and anti-spyware 9.0
August 6, 2010 at 20:21:53
Specs: Windows XP
I have received a trojan generic 18 through the program Antivir Solutions Pro, I have used malwarebytes (in safe mode w/ networking to download it) and it removed about 14 infected files and I kept them to be sure that the computer would work fine. After one day there was a problem with google chrome, it redirects constantly and is generally confused. I deleted the files infected and the redirecting stopped, there was however still a problem with a RUN.DLL wnswp.dll to be exact, and so i ran avg to see if there were more, avg picked up four additional files and then has been doing so everyday since, for the last four days. These trojan generic 18 files are popping like mad and though deleted and not seeming to do any real harm now, no google redirect or program issues, I still feel that there is a problem with the c:\documents&settings\temp\ ukdoi its the same file that is infected and says in avg "inaccessible", also there is some exploit phoenix kit or rougue exploit (871); what should I do? I am lost. Thank you for your ideas and time in advance.

See More: Trojan generic 18

Report •


#1
August 7, 2010 at 08:12:26
1- Did you do a full Malwarebytes scan in regular mode?
2- Di you try Trojan Remover?
3- Did you try Hitman Pro?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
August 8, 2010 at 06:25:29
Yes, I have tried a full scan on malwarebytes, no I haven't tried either of those two other programs, however I will try them and post results. Thanks heaps...

Report •

#3
August 16, 2010 at 13:10:52
I have used these programs now both trojan remover and hitman pro 3.5 and the run.dll error keeps reappearing. Thus far this has not completely worked for me, and I am still being attacked even offline by these same trojan 18 files, furthermore the original malware antivirus program is now a security suite malware that keeps coming back even after being deleted by all of these programs. I still need help apparently, again thank you in advance for your time and advice.

Report •

Related Solutions

#4
August 16, 2010 at 14:16:49
combofix should work for you:
http://www.bleepingcomputer.com/com...
Follow the guide closely on the website.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
August 16, 2010 at 18:08:26
ok I used combofix, obviously I have no idea if it worked or not;

here are the results:

ComboFix 10-08-16.03 - LauraandMike 08/16/2010 19:01:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2107 [GMT -6:00]
Running from: c:\documents and settings\LauraandMike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LauraandMike\Application Data\29A8EF13F6AB40CE4BBA4D3293718BD9
c:\documents and settings\LauraandMike\Application Data\29A8EF13F6AB40CE4BBA4D3293718BD9\enemies-names.txt
c:\documents and settings\LauraandMike\Application Data\29A8EF13F6AB40CE4BBA4D3293718BD9\local.ini
c:\documents and settings\LauraandMike\Application Data\29A8EF13F6AB40CE4BBA4D3293718BD9\lsrslt.ini
c:\documents and settings\LauraandMike\Local Settings\Application Data\{CE151F35-C14E-4071-8B28-F06E570459DD}
c:\documents and settings\LauraandMike\Local Settings\Application Data\{CE151F35-C14E-4071-8B28-F06E570459DD}\chrome.manifest
c:\documents and settings\LauraandMike\Local Settings\Application Data\{CE151F35-C14E-4071-8B28-F06E570459DD}\chrome\content\_cfg.js
c:\documents and settings\LauraandMike\Local Settings\Application Data\{CE151F35-C14E-4071-8B28-F06E570459DD}\chrome\content\overlay.xul
c:\documents and settings\LauraandMike\Local Settings\Application Data\{CE151F35-C14E-4071-8B28-F06E570459DD}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\uqeqitih.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-16 23:49 . 2010-08-16 23:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-16 23:40 . 2010-07-27 01:13 3683248 ----a-w- c:\documents and settings\LauraandMike\Application Data\Simply Super Software\Trojan Remover\yld4.exe
2010-08-16 23:40 . 2010-08-16 23:40 -------- d-----w- c:\windows\LastGood
2010-08-16 23:31 . 2010-08-16 23:31 -------- d-----w- c:\program files\MSXML 4.0
2010-08-16 22:53 . 2010-08-16 23:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-16 22:10 . 2010-08-16 23:37 -------- d--h--w- c:\windows\$hf_mig$
2010-08-16 19:16 . 2010-08-16 19:16 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-08-16 19:06 . 2010-08-16 23:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-16 19:05 . 2010-08-16 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-16 19:05 . 2010-08-16 19:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-16 18:57 . 2010-08-16 23:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-16 18:56 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-16 18:56 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-16 18:56 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-16 18:56 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-16 18:56 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-16 18:56 . 2010-08-16 18:56 -------- d-----w- c:\program files\Trojan Remover
2010-08-16 18:56 . 2010-08-16 18:56 -------- d-----w- c:\documents and settings\LauraandMike\Application Data\Simply Super Software
2010-08-16 18:56 . 2010-08-16 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-08-04 22:58 . 2010-08-04 22:58 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 22:58 . 2010-08-04 22:57 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 19:19 . 2010-08-04 19:19 -------- d-----w- c:\documents and settings\LauraandMike\Application Data\Malwarebytes
2010-08-04 19:18 . 2010-08-04 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 19:18 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 19:18 . 2010-08-04 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 19:18 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 18:50 . 2010-08-04 18:50 120 ----a-w- c:\windows\Mcoyesidacibiso.dat
2010-08-04 18:50 . 2010-08-04 18:50 0 ----a-w- c:\windows\Cnuhejoxiredo.bin
2010-08-04 18:48 . 2010-08-04 18:48 -------- d-----w- C:\$AVG
2010-08-04 18:48 . 2010-08-04 19:23 -------- d-----w- c:\documents and settings\LauraandMike\Local Settings\Application Data\vmjovyecf
2010-08-04 18:48 . 2010-08-16 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-04 16:52 . 2010-08-04 16:52 503808 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1348d5f4-n\msvcp71.dll
2010-08-04 16:52 . 2010-08-04 16:52 499712 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1348d5f4-n\jmc.dll
2010-08-04 16:52 . 2010-08-04 16:52 348160 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1348d5f4-n\msvcr71.dll
2010-08-04 16:52 . 2010-08-04 16:52 61440 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-168e7709-n\decora-sse.dll
2010-08-04 16:52 . 2010-08-04 16:52 12800 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-168e7709-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 00:52 . 2010-03-02 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-17 00:32 . 2009-11-09 17:20 -------- d-----w- c:\documents and settings\LauraandMike\Application Data\uTorrent
2010-08-16 23:39 . 2009-11-09 17:21 -------- d-----w- c:\program files\uTorrent
2010-08-07 04:40 . 2010-03-13 17:51 0 ----a-w- c:\documents and settings\LauraandMike\Local Settings\Application Data\prvlcl.dat
2010-08-04 23:07 . 2010-05-19 19:45 -------- d-----w- c:\program files\CCleaner
2010-08-04 20:56 . 2010-07-01 02:12 -------- d-----w- c:\program files\Yahoo!
2010-07-15 15:09 . 2010-03-02 15:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:09 . 2010-07-15 15:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:08 . 2010-03-02 15:20 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 03:24 . 2010-07-04 03:24 -------- d-----w- c:\program files\Lexmark_iListener
2010-07-04 03:24 . 2010-07-04 03:24 -------- d-----w- c:\program files\Lexmark
2010-07-02 16:27 . 2010-07-02 16:27 433928 ----a-w- c:\documents and settings\All Users\SPL225.tmp
2010-07-01 02:12 . 2010-07-01 02:12 -------- d-----w- c:\documents and settings\LauraandMike\Application Data\Yahoo!
2010-06-17 20:33 . 2010-06-17 20:33 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-02 14:55 . 2010-03-02 15:20 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 16:52 . 2010-05-26 16:52 503808 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-528568fa-n\msvcp71.dll
2010-05-26 16:52 . 2010-05-26 16:52 499712 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-528568fa-n\jmc.dll
2010-05-26 16:52 . 2010-05-26 16:52 348160 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-528568fa-n\msvcr71.dll
2010-05-26 16:52 . 2010-05-26 16:52 61440 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76f520dd-n\decora-sse.dll
2010-05-26 16:52 . 2010-05-26 16:52 12800 ----a-w- c:\documents and settings\LauraandMike\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-76f520dd-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\LauraandMike\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-16 327472]
"Google Update"="c:\documents and settings\LauraandMike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-30 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-10-27 987136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-14 45056]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-16 6289216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 15:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\Chem3D\\Chem3D.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemFinder\\CFWord11.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9195:UDP"= 9195:UDP:LexPrintListener UDP
"9195:TCP"= 9195:TCP:LexPrintListener TCP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/2/2010 9:20 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/2/2010 9:20 AM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:09 AM 308136]
R2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe -k LexPrintListener [8/3/2004 6:56 PM 14336]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 9:29 AM 29178224]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 10:39 AM 283904]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [8/10/2009 3:09 PM 99248]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 6:28 AM 43392]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [7/31/2009 12:24 PM 17408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
*Deregistered* - hitmanpro35

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LexPrintListener REG_MULTI_SZ LexPrintListener
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1003Core.job
- c:\documents and settings\LauraandMike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 17:43]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1003UA.job
- c:\documents and settings\LauraandMike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 17:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LauraandMike\Application Data\Mozilla\Firefox\Profiles\jd67dtea.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101048100&s=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\LauraandMike\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-bipro - wnswp.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 19:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-16 19:04:29
ComboFix-quarantined-files.txt 2010-08-17 01:04

Pre-Run: 423,346,683,904 bytes free
Post-Run: 423,386,906,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 3BD4F40B1546BD80A94950DA4674D2BD


Report •


Ask Question