Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
Like many others I have the same problem with this spyware it creates
pop-up ads, and its really annoying...


ComboFix 07-11-08.3 - Carlos De Jesus 2007-11-14 11:12:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1176 [GMT -5:00]
Running from: C:\Documents and Settings\Michelle Martinie\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Michelle Martinie\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Michelle Martinie\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Michelle Martinie\Favorites\Online Security Guide.lnk
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\targets.gz
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\d3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\f22
C:\WINDOWS\system32\fsvqwddi.dll
C:\WINDOWS\system32\hfmptmsb.dll
C:\WINDOWS\system32\nokwcwrf.dllbox
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\oxqfwkhi.dll
C:\WINDOWS\system32\p8
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pdvigwhq.ini
C:\WINDOWS\system32\qhwgivdp.dll
C:\WINDOWS\system32\qvspmiwd.dll
C:\WINDOWS\SYSTEM32\rqtss.bak2
C:\WINDOWS\SYSTEM32\rqtss.ini
C:\WINDOWS\SYSTEM32\rqtss.ini2
C:\WINDOWS\SYSTEM32\rqtss.tmp
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\v1
C:\WINDOWS\system32\xehgldai.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 11:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 08:14 85,056 --a------ C:\WINDOWS\SYSTEM32\lotpiyhj.dll
2007-11-14 08:08 81,472 --a------ C:\WINDOWS\SYSTEM32\qrnplbwi.dll
2007-11-14 08:06 71,232 --a------ C:\WINDOWS\SYSTEM32\dttupbvh.exe
2007-11-13 16:31 80,448 --a------ C:\WINDOWS\SYSTEM32\hbbnpyut.dll
2007-11-13 16:27 71,232 --a------ C:\WINDOWS\SYSTEM32\crrnukwp.exe
2007-11-13 15:32 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-11-13 15:32 138,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2007-11-13 15:26 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-13 15:26 <DIR> d-------- C:\Program Files\Crawler
2007-11-13 15:26 <DIR> d-------- C:\Documents and Settings\Michelle Martinie\Application Data\Spyware Terminator
2007-11-13 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-13 13:08 80,448 --a------ C:\WINDOWS\SYSTEM32\cwfungkl.dll
2007-11-13 13:06 144,480 --a------ C:\WINDOWS\SYSTEM32\xehgldai.dll
2007-11-13 13:05 144,480 --a------ C:\WINDOWS\SYSTEM32\uiactywe.dll
2007-11-13 12:58 71,232 --a------ C:\WINDOWS\SYSTEM32\kuwftsmg.exe
2007-11-13 08:03 144,480 --a------ C:\WINDOWS\SYSTEM32\rohvmoaw.dll
2007-11-09 10:39 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-09 10:36 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2007-11-09 10:33 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-09 10:23 <DIR> d-------- C:\Program Files\Windows Live
2007-11-09 10:23 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-09 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-02 16:22 <DIR> d-------- C:\Documents and Settings\Michelle Martinie\Application Data\DeepBurner
2007-11-02 13:50 <DIR> d-------- C:\Program Files\Astonsoft
2007-11-02 13:46 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-10-31 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-31 15:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-31 15:14 <DIR> d-------- C:\Program Files\CCleaner
2007-10-29 16:47 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-10-29 16:46 815,480 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-10-29 16:46 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-10-29 16:46 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-10-29 16:46 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-10-29 16:46 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-10-29 16:46 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-10-29 15:38 <DIR> d-------- C:\Program Files\Alwil Software
2007-10-29 14:58 <DIR> d-------- C:\Program Files\PowerISO
2007-10-29 11:01 <DIR> d-------- C:\kav
2007-10-29 10:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\Mz02r
2007-10-29 10:32 <DIR> d-------- C:\TEMP\mZOr
2007-10-29 09:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-26 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-26 09:39 <DIR> d--hs---- C:\WINDOWS\TWljaGVsbGUgTWFydGluaWU
2007-10-26 09:39 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-23 17:06 585,728 --a------ C:\WINDOWS\WLXPGSS.SCR
2007-10-19 11:17 <DIR> d-------- C:\Program Files\zSuite
2007-10-18 11:31 51,224 --a------ C:\WINDOWS\SYSTEM32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 15:22 --------- d-----w C:\Program Files\Reflection
2007-11-13 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflection
2007-11-09 15:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-09 15:32 --------- d-----w C:\Program Files\MSN Messenger
2007-11-09 13:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-29 21:42 --------- d-----w C:\Documents and Settings\Michelle Martinie\Application Data\Azureus
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-25 16:25 --------- d-----w C:\Program Files\Symantec
2007-10-25 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-25 16:12 --------- d-----w C:\Program Files\Azureus
2007-10-24 21:41 --------- d-----w C:\Program Files\Zune
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-13 19:31 69,064 -c--a-w C:\Documents and Settings\Michelle Martinie\Application Data\GDIPFONTCACHEV1.DAT
2006-11-08 14:48 1,303 ----a-w C:\Documents and Settings\Michelle Martinie\Application Data\waver_2.95.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7acbaf22-78dc-405f-a072-30fc52bff624}]
2007-11-14 08:08 81472 --a------ C:\WINDOWS\system32\qrnplbwi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 13:06 144480 --a------ C:\WINDOWS\system32\xehgldai.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\xehgldai.dll [2007-11-13 13:06 144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-02-28 19:13]
"nwiz"="nwiz.exe" [2003-02-28 19:13 C:\WINDOWS\SYSTEM32\nwiz.exe]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 12:52]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-07-25 16:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-17 10:17]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 00:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-13 15:30]
"28db3e75"="C:\WINDOWS\system32\lotpiyhj.dll" [2007-11-14 08:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-10-24 16:53]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\Michelle Martinie\Start Menu\Programs\Startup\
Psi.lnk - C:\Program Files\Psi\psi.exe [2006-01-11 08:54:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-18 11:26:05]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nokwcwrf]
nokwcwrf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomllih]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xehgldai]
xehgldai.dll 2007-11-13 13:06 144480 C:\WINDOWS\SYSTEM32\xehgldai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michelle Martinie^Start Menu^Programs^Startup^Database Viewer.lnk]
path=C:\Documents and Settings\Michelle Martinie\Start Menu\Programs\Startup\Database Viewer.lnk
backup=C:\WINDOWS\pss\Database Viewer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michelle Martinie^Start Menu^Programs^Startup^Help.lnk]
path=C:\Documents and Settings\Michelle Martinie\Start Menu\Programs\Startup\Help.lnk
backup=C:\WINDOWS\pss\Help.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

R2 AsfAlrt;AsfAlrt;\??\C:\WINDOWS\System32\drivers\AsfAlrt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 16:24:25 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-14 16:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{24D16F5D-A996-4531-BB4E-5B0395FEADC4}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 11:27:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 11:30:40 - machine was rebooted
.
--- E O F ---

========================================================


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.8.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{A4730EBE-43A6-443e-9776-36915D323AD3}
Adware:adware/sidestep Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Michelle Martinie\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Michelle Martinie\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Michelle Martinie\Desktop\ComboFix.exe[nircmd.cfexe]
Virus:W32/Radoppan.AI Disinfected C:\Documents and Settings\Michelle Martinie\Local Settings\Application Data\Microsoft\Windows Live Mail\Msn (x2talk)\Inbox\2D7F4418-00000272.eml
Virus:Trj/Downloader.MDW Not disinfected C:\qoobox\Quarantine\C\Program Files\ISM2\cringupd.exe.vir[ISMPack8.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\qhwgivdp.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\sstqr.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\crrnukwp.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\dttupbvh.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\kuwftsmg.exe

==============
Please let me know if you need anything else
 

·
Registered
Joined
·
3,025 Posts
Hello,

Please carry out the following instructions if you wish to continue:


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

----------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
--------------------------------------------------------------

Please include the following in your next reply:

C:\vundofix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt <- Attached please
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top