complex.behavior

Members

View Profile See their activity

Posts
3
Joined
April 5, 2010
Last visited
April 11, 2010

Reputation

0 Neutral

Help requested

complex.behavior replied to complex.behavior's topic in Resolved Malware Removal Logs

OK, so antivirus is kept up to date...any idea how I was infected and/or what I need to do differently? I put the combofix.exe on a USB drive...could that be infected too?
- April 6, 2010
- 5 replies
Help requested

complex.behavior replied to complex.behavior's topic in Resolved Malware Removal Logs

I am not able to navigate to malwarebytes.org from the infected computer. Downloaded ComboFix to a USB and moved it to the desktop. Ran it. Rcvd the "as-is" agreement, agreed and was given an error: The contents of the ComboFix package has been comprimised. Please download a fresh copy from bleepingcompuer...You ay be infected with the file patching virus "Virut" After clicking OK, ComboFix is removed from the desktop. I was able to navigate to bleeping computer and following the 2nd "here" download link, but rcvd the same results.
- April 6, 2010
- 5 replies
Help requested

complex.behavior posted a topic in Resolved Malware Removal Logs

DDS log below. GMER resulted in blue screen (fatal system error) DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Owner at 15:43:30.62 on Mon 04/05/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: H - No File uWindows: load=c:\windows\fonts\services.exe uWindows: run=c:\windows\fonts\services.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {e24536b6-7480-414b-a55c-673cf142e843} - wefeyubi.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe" uRun: [autofmtxp.exe] c:\docume~1\owner\locals~1\temp\autofmtxp.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/agcn/josefina/index.php?section=music" mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController mRun: [uSBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [rmosnq] RUNDLL32.EXE c:\windows\system32\msyblkya.dll,w mRun: [asvfmsdd] c:\documents and settings\networkservice\local settings\application data\vyenmwgko\nyixtfstssd.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam .exe" /runcleanupscript mRun: [figopulihe] Rundll32.exe "dewulale.dll",s mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [innoSetupRegFile.0000000001] "c:\windows\is-E5G0L.exe" /REG dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe dRun: [asvfmsdd] c:\documents and settings\networkservice\local settings\application data\vyenmwgko\nyixtfstssd.exe dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\multim~1.lnk - c:\program files\mmtaskbar\MultiMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{3e5562ed-69ab-4cec-91e2-64e18ec5acc6}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-system: DisableRegistryTools = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://voaccess/Citrix/MetaFrame/ICAWEB/en/ica32/wficat.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/51.28/uploader2.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150803702709 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mci.webex.com/client/wbs25-vzbprodins/webex/ieatgpc.cab Filter: text/html - {d8e79542-dd33-496d-99b7-070d6a60c414} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: app_dll.dll,yafodini.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: bomimaven - {03c5896c-383f-4629-b3ca-da80702c7f2d} - c:\windows\system32\lofajawi.dll SSODL: vegodutil - {2f7cfc20-00d1-48b4-a628-743b3beb0d5f} - c:\windows\system32\hekonala.dll SSODL: zenituyaz - {283a131c-08ff-43a3-8a9e-fc1aaf152870} - c:\windows\system32\defupabo.dll SSODL: samavokiw - {3c59fb78-13d8-4301-82fe-7088556e65a2} - c:\windows\system32\zofufelo.dll STS: jugezatag: {03c5896c-383f-4629-b3ca-da80702c7f2d} - c:\windows\system32\lofajawi.dll STS: mujuzedij: {2f7cfc20-00d1-48b4-a628-743b3beb0d5f} - c:\windows\system32\hekonala.dll STS: mujuzedij: {283a131c-08ff-43a3-8a9e-fc1aaf152870} - c:\windows\system32\defupabo.dll STS: tokatiluy: {3c59fb78-13d8-4301-82fe-7088556e65a2} - c:\windows\system32\zofufelo.dll LSA: Notification Packages = scecli yafodini.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\rwohddzt.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== ============== File Associations =============== scrfile="%1" %* =============== Created Last 30 ================ 2010-04-05 19:42:42 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-04-05 19:31:37 724480 ----a-w- c:\windows\is-E5G0L.exe 2010-04-05 19:31:37 309 ----a-w- c:\windows\is-E5G0L.lst 2010-04-05 19:31:37 10498 ----a-w- c:\windows\is-E5G0L.msg 2010-04-05 16:28:33 94720 ----a-w- c:\documents and settings\owner\rundll32.exe 2010-04-05 15:29:05 4 ----a-w- c:\program files\716218.dat 2010-04-05 15:02:20 0 d-----w- C:\EmergencyUtils 2010-04-05 15:01:29 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2010-04-02 13:14:47 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-04-02 13:14:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-04-01 12:28:53 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-04-01 12:25:31 344 ----a-w- c:\windows\is-DJNQ5.lst 2010-04-01 12:25:31 10498 ----a-w- c:\windows\is-DJNQ5.msg 2010-04-01 12:14:57 344 ----a-w- c:\windows\is-US47P.lst 2010-04-01 12:14:57 10498 ----a-w- c:\windows\is-US47P.msg 2010-04-01 01:27:08 0 d-----w- c:\windows\system32\GroupPolicy 2010-04-01 01:25:28 44032 ----a-w- c:\windows\system32\so.bin 2010-04-01 01:24:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-01 01:24:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-01 01:24:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-01 01:24:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-04-01 01:23:22 0 ----a-w- c:\windows\SC.INS 2010-03-31 02:37:59 94720 ----a-w- c:\documents and settings\owner\rundll32 .exe 2010-03-21 22:01:13 0 d-----w- c:\docume~1\owner\applic~1\HandBrake 2010-03-17 05:05:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll ==================== Find3M ==================== 2010-04-05 02:58:17 88960 ----a-w- c:\windows\system32\drivers\nvatabus.sys 2010-03-17 05:05:46 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-17 05:05:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2002-07-26 22:02:06 178176 ----a-w- c:\program files\UNWISE.EXE 2010-01-05 00:43:33 107520 --sha-w- c:\windows\system32\matanega.exe 1601-01-01 00:03:28 709 --sha-w- c:\windows\system32\vafujeho.exe ============= FINISH: 15:44:37.51 ===============
- April 5, 2010
- 5 replies

Sign In

complex.behavior

Posts

Joined

Last visited

Reputation

Help requested

Help requested

Help requested

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information