Found Adware and Trojan Please CK Logs

trisha · Jan 2, 2011

This is my friend's computer. She has been having trouble with it off and on for a few months. IE was crashing repeatedly. The only way I was able to fix the problem was to uninstall IE8 and then reinstall it.

A couple of days ago my friend sent an e-mail out to a distribution list. Each person on that dl got spammed with the e-mail about 10-15 times. The e-mail involved contained a video. The persons spammed did not need to open the video to trigger the event.

I ran all of the Read and Run First applications.

SuperAntiSpyware found several files infected with AdWare and one Trojan. I quaranteened the files in question.

MalwareBytes was clean.

I could not get ComboFix to run. When I was first installing it, it gave a warning that I had to uninstall AVG and that it was dangerous to the computer to continue. So I uninstalled AVG and rebooted the computer. I then tried to run ComboFix again. It said there was a newer version so I let that version be installed.

The program stalled during the process of creating a new Restore Point. I have tried rebooting the computer and re-running ComboFix without success.

trisha · Jan 2, 2011

I got ComboFix to run. Log is attached.

dr.moriarty · Jan 3, 2011

Hello, trisha

Please be patient while I review your logs and workup a fix.

dr.moriarty · Jan 3, 2011

Questions: Did you not get a prompt to run HJT? It is not in your logs.
Once we've finished the cleaning, do you intend to re-install AVG10?... if not, there are leftovers to remove.

Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Documents and Settings\Administrator\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Step 1:
Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KILLALL::

File::
C:\Documents and Settings\Administrator\Y9Y9

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]

RegLock::
[HKEY_USERS\S-1-5-21-842925246-1979792683-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e0,ed,fd,1b,7c,1e,4c,82,09,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e0,ed,fd,1b,7c,1e,4c,82,09,ea,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,27,da,c8,ba,49,9a,49,a8,74,01,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
Click to expand...

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 2:
Using Windows Explorer - Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

C:\WINDOWS\Temp
C:\Documents and Settings\Administrator\Local Settings\TEMP
Click to expand...

Step 3:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 4:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator). BE SURE to click on "Accept" twice to get HijackThis' license to actually accept.

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

trisha · Jan 3, 2011

dr.moriarty said: ↑

Questions: Did you not get a prompt to run HJT? It is not in your logs.
Click to expand...

There was a prompt but when I clicked on the button the window went away. I ran Analyse.exe and will attach log.

Once we've finished the cleaning, do you intend to re-install AVG10?... if not, there are leftovers to remove.
Click to expand...

I intend to install AVG 11. I am having a problem running the script with ComboFix. It keeps saying it cannot run because I have AVG installed. I have checked Add/Remove programs and it is not there.

I also received another error message when trying to run the script. It said something about there was a problem with pev.exe and the program had to close.

Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Documents and Settings\Administrator\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.
Click to expand...

I understand and will take care of it.

Step 1:
Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 2:
Using Windows Explorer - Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
Click to expand...

Done

Step 3:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!
Click to expand...

Done

Step 4:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator). BE SURE to click on "Accept" twice to get HijackThis' license to actually accept.
Click to expand...

Done

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

trisha · Jan 3, 2011

Here is the new log you requested.

I need to tell you that last night I attempted to create different user accounts. I ended up losing the desktop or area I submitted the trouble ticket for which was Administrator.

I ended up rolling back today to January 2 to the time I removed AVG. This was after the logs had been submitted.

Now I am back with the original desktop/area of Administrator. I hope this makes sense.

I know I should not have done this.

Anyway...

dr.moriarty · Jan 3, 2011

trisha said:

I intend to install AVG 11. I am having a problem running the script with ComboFix. It keeps saying it cannot run because I have AVG installed. I have checked Add/Remove programs and it is not there.
Click to expand...

ComboFix will not run at all if AVG is installed and according to your latest logs, you have already installed AVG2011, yet some AVG10 entries show in HJT.

* Uninstall all AVG programs and then please download the AVG Remover(32bit) from the below link > run it and re-boot > run it again. Do NOT re-install it until we have finished our cleaning!

AVG Remover

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (file missing)
Click to expand...

After clicking Fix, exit HJT

Step 2:
Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KILLALL::

File::
C:\WINDOWS\system32\drivers\AVG(2)
C:\Documents and Settings\Administrator\Y9Y9

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]

RegLock::
[HKEY_USERS\S-1-5-21-842925246-1979792683-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e0,ed,fd,1b,7c,1e,4c,82,09,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,e0,ed,fd,1b,7c,1e,4c,82,09,ea,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,27,da,c8,ba,49,9a,49,a8,74,01,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
Click to expand...

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 3:
Using Windows Explorer - Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

C:\WINDOWS\Temp
C:\Documents and Settings\Administrator\Local Settings\TEMP
Click to expand...

Step 4:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 5:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

trisha · Jan 5, 2011

dr.moriarty said: ↑

* Uninstall all AVG programs and then please download the AVG Remover(32bit) from the below link > run it and re-boot > run it again. Do NOT re-install it until we have finished our cleaning!
Click to expand...

There were no visible AVG programs to uninstall. I downloaded and ran the AVG Remover tool several times. When I went to run ComboFix it still told me I had AVG 2011 installed on the system. It said it would not run, and then said it would run at my own risk so I let it run. Log is attached.

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT
Click to expand...

Done Entry 03 was not included in the Fix choices. Only Entry #2 that you mentioned.

Step 2:
Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
Click to expand...

Done, see above for problems with running ComboFix.

Step 3:
Using Windows Explorer - Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
Click to expand...

The only files/folders available in those locations were dated the current date.

Step 4:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!
Click to expand...

Done

Step 5:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.
Click to expand...

Done...log attached

She is no longer sending out spam mail. Her computer does boot slow and IE8 still intermittently hangs.

trisha · Jan 5, 2011

Just wanted to add this information.

I installed Avast because this computer was running with no antivirus since removing AVG. You said not to install it again until we were finished with the cleaning.

Anyway, Avast found two more viri

Win32: Malware-gen

This was found on Drive C in System Restore

Date last changed: July 13, 2009

This was found on Drive E in System Restore Backup Drive

Date last changed: September 3, 2009

Win32: PUP-gen

This was found on Drive C in System Restore

Date last changed: July 13, 2009

I told Avast to put the files in the chest.

trisha · Jan 5, 2011

Sorry, this was not an intentiional bump. I am not familar with forums. I didn't realize replying to my thread would bump it to the top of the page. I thought beginning a new thread produces the bump. Again, sorry.

dr.moriarty · Jan 6, 2011

Note: Malware detected in restore points will be dealt with in our final instructions, when we toggle the restore points to flush them.

*We have a few AVG left-overs to remove -

Step 1:
Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
Click to expand...

After clicking Fix, exit HJT.

Step 3:
Now we need to use ComboFix.

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!

If it is not on your Desktop, the below will not work.

Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.

If ComboFix tells you it needs to update to a new version, make sure you allow it to update.

Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

KILLALL::

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

Driver::
AVG Security Toolbar Service
AVGIDSDriver
AVGIDSFilter
AVGIDSShim

File::
c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
C:\Documents and Settings\Administrator\Y9Y9

Folder::
C:\RECYCLER(2)
c:\documents and settings\All Users\Application Data\AVG10
C:\$AVG
c:\program files\AVG
C:\WINDOWS\system32\drivers\AVG(2)
Click to expand...

Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe

At this point, you MUST EXIT ALL BROWSERS NOW before continuing!

You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.

Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Follow the prompts.

When it finishes, a log will be produced named c:\combofix.txt

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 4:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

trisha · Jan 16, 2011

Here are the logs requested. When running ComboFix it was telling me it still detected AVG 2011. I went ahead and let ComboFix run anyway. I removed the files references you said to remove using HiJackThis.

This is the first chance I have been able to get back to my friend's computer and that is why it has taken me so long to reply.

trisha · Jan 16, 2011

I only see the ComboFix.txt file. I uploaded MGlogs.zip as well but do not see it. I have tried to upload the file again and the system says it is already uploaded. I even tried to rename the file but the upload was rejected with the same error message.

dr.moriarty · Jan 16, 2011

Trisha

Please re-run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file. This will result in a new set of logs.

dr.m

trisha · Jan 19, 2011

Here ya go.

dr.moriarty · Jan 28, 2011

My apologies for missing your last reply!

I no longer see any references to AVG. Are you having any remaining malware issues?

dr.m

Log in or Sign up

Found Adware and Trojan Please CK Logs

trisha Corporal

Attached Files:

rrepeallog.txt

MGlogs.zip

mbam-log-2011-01-02 (18-30-25).txt

SUPERAntiSpyware Scan Log - 01-02-2011 - 18-08-48.log

trisha Corporal

Attached Files:

ComboFix.txt

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

trisha Corporal

trisha Corporal

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member

trisha Corporal

Attached Files:

ComboFix.txt

MGlogs.zip

avgremover.zip

trisha Corporal

trisha Corporal

dr.moriarty Malware Super Sleuth Staff Member

trisha Corporal

Attached Files:

ComboFixlog.txt

trisha Corporal

dr.moriarty Malware Super Sleuth Staff Member

trisha Corporal

Attached Files:

MGlogs.zip

dr.moriarty Malware Super Sleuth Staff Member