Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.prx


  • This topic is locked This topic is locked
2 replies to this topic

#1 Abrunn11

Abrunn11

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 06 April 2010 - 11:40 AM

Member has received some assistance here: http://www.bleepingcomputer.com/forums/t/307565/virtumondeprx/ ~ OB

I found a file virtumode.prx when I ran Malwarebytes and it has been unable to remove it. I searched the site to see if anyone else has had this problem and I did find a person that did. They were able to remove it with the help of you guys and I was hoping to do the same. The person that help them said to download and run ComboBit. I did this and these were the results;

ComboFix 10-04-05.06 - Andy 04/06/2010 11:01:37.1.2 - x86
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2107 [GMT -5:00]
Running from: c:usersAndyCombo.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:install.exe
c:usersAndyAppDataLocalMicrosoftWindowsTemporary Internet FilesH0ggctgJa.jpg
c:usersAndyAppDataLocalMicrosoftWindowsTemporary Internet Filesn2lRwRoc.jpg
c:usersAndyAppDataLocalMicrosoftWindowsTemporary Internet Filesnhn75kli5.jpg
c:usersAndyAppDataLocalMicrosoftWindowsTemporary Internet FilesW6D2r.jpg
c:usersAndyFAVORI~1_favdata.dat
c:usersAndyFavorites_favdata.dat
c:windowssystem32driversnpf.sys
c:windowssystem32driversonlmavxm.sys
c:windowssystem32driversvsfd.sys
c:windowssystem32oem11.inf
c:windowssystem32oem12.inf
c:windowssystem32uninstall.exe
c:windowssystem32zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_onlmavxm
-------Service_hprparc
-------Service_onlmavxm


((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.

2010-04-06 16:05 . 2010-04-06 16:05 -------- d-----w- c:usersDefaultAppDataLocaltemp
2010-04-05 21:25 . 2010-04-05 21:25 4255072 ----a-w- c:programdataavg9updatebackupavgcorex.dll
2010-04-05 21:21 . 2010-04-05 21:21 -------- d-----w- C:$AVG
2010-04-05 21:21 . 2010-04-05 21:21 -------- d-----w- c:programdataavg9
2010-04-05 17:35 . 2010-04-06 15:32 -------- d-----w- c:usersAndyAppDataLocalXobni
2010-04-05 17:35 . 2010-04-05 17:36 -------- d-----w- c:program filesXobni
2010-04-05 17:35 . 2010-04-05 17:36 -------- d-----w- c:usersAndyAppDataLocalOpenCandy
2010-04-05 17:35 . 2010-04-05 17:35 264106 ----a-w- c:usersAndyAppDataRoamingOpenCandyDdlmgr2Xobni.exe
2010-04-03 13:22 . 2010-04-06 16:06 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-04-03 13:22 . 2010-04-06 15:56 -------- d-----w- c:programdataSpybot - Search & Destroy
2010-04-03 13:21 . 2010-04-06 15:30 -------- d-----w- c:programdatapiyimoje
2010-04-03 13:21 . 2010-04-06 15:30 -------- d-----w- c:programdataniwohuyi
2010-04-03 13:21 . 2010-04-03 16:32 -------- d-----w- c:programdatamezijaso
2010-04-03 13:20 . 2010-04-03 13:20 -------- d-----w- c:programdatavevufose
2010-04-03 13:20 . 2010-04-06 16:06 -------- d-----w- c:programdatapupumona
2010-04-03 13:20 . 2010-04-06 15:30 -------- d-----w- c:programdatadujiwumu
2010-04-03 13:20 . 2010-04-03 13:20 -------- d-----w- c:programdatawemorolu
2010-04-03 13:20 . 2010-04-03 13:20 -------- d-----w- c:programdatamejodevu
2010-04-03 13:20 . 2010-04-03 13:20 -------- d-----w- c:programdatabifeyozu
2010-04-03 12:19 . 2010-04-06 15:30 -------- d-----w- c:programdatawovideza
2010-04-03 12:19 . 2010-04-03 12:19 -------- d-----w- c:programdatawokidaro
2010-04-03 12:19 . 2010-04-03 12:19 -------- d-----w- c:programdataridihumu
2010-04-03 12:19 . 2010-04-03 12:19 -------- d-----w- c:programdatamarehisa
2010-04-03 12:19 . 2010-04-03 12:19 -------- d-----w- c:programdatakevuvogi
2010-04-02 22:32 . 2010-04-02 22:32 -------- d-----w- c:usersAndyAppDataRoamingMalwarebytes
2010-04-02 22:29 . 2010-03-30 05:46 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-02 22:29 . 2010-04-03 15:56 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-04-02 22:29 . 2010-04-02 22:29 -------- d-----w- c:programdataMalwarebytes
2010-04-02 22:29 . 2010-03-30 05:45 20824 ----a-w- c:windowssystem32driversmbam.sys
2010-04-02 22:01 . 2010-04-02 22:01 -------- d-----w- c:programdatagulugire
2010-04-02 22:00 . 2010-04-03 17:22 -------- d-----w- c:programdatakohuhuse
2010-04-02 22:00 . 2010-04-03 16:32 -------- d-----w- c:programdataposazewa
2010-04-02 22:00 . 2010-04-02 22:00 -------- d-----w- c:programdatakoyajuwa
2010-04-02 22:00 . 2010-04-02 22:00 -------- d-----w- c:programdatabesenanu
2010-04-02 22:00 . 2010-02-16 15:31 84912 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004naveng.sys
2010-04-02 22:00 . 2010-02-16 15:31 371248 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004eeCtrl.sys
2010-04-02 22:00 . 2010-02-16 15:31 2747440 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004cceraser.dll
2010-04-02 22:00 . 2010-02-16 15:31 259440 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004ecmsvr32.dll
2010-04-02 22:00 . 2010-02-16 15:31 177520 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004naveng32.dll
2010-04-02 22:00 . 2010-02-16 15:31 1647984 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004navex32a.dll
2010-04-02 22:00 . 2010-02-16 15:31 1324720 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004navex15.sys
2010-04-02 22:00 . 2010-02-16 15:31 102448 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-e20100402.004ERASER.sys
2010-04-02 21:55 . 2010-04-06 15:30 -------- d-----w- c:programdataravopope
2010-04-02 21:55 . 2010-04-06 15:30 -------- d-----w- c:programdataralititi
2010-04-02 21:55 . 2010-04-06 15:30 -------- d-----w- c:programdatalugiviwi
2010-03-31 05:05 . 2010-03-31 05:05 -------- d-----w- c:program filesSafari
2010-03-31 05:04 . 2010-03-31 05:04 79144 ----a-w- c:programdataApple ComputerInstaller CacheSafari 5.31.22.7SetupAdmin.exe
2010-03-26 14:03 . 2010-03-29 11:16 -------- d-----w- C:Slideshow
2010-03-16 04:47 . 2010-03-16 04:47 620032 ----a-w- c:usersAndyAppDataRoamingOpenCandyXobni_Installed.exe
2010-03-16 04:47 . 2010-03-16 04:47 5693448 ----a-w- c:usersAndyAppDataRoamingOpenCandyXobni_OC_1.exe
2010-03-12 01:42 . 2010-03-12 01:42 -------- d-----w- c:programdataWindowsSearch
2010-03-09 23:32 . 2010-04-04 00:01 -------- d-----w- c:program filesCommon FilesSymantec Shared
2010-03-09 23:32 . 2010-02-16 15:31 371248 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubeeCtrl.sys
2010-03-09 23:32 . 2010-02-16 15:31 102448 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubERASER.sys
2010-03-09 23:32 . 2010-02-16 15:31 84912 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubnaveng.sys
2010-03-09 23:32 . 2010-02-16 15:31 2747440 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubcceraser.dll
2010-03-09 23:32 . 2010-02-16 15:31 259440 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubecmsvr32.dll
2010-03-09 23:32 . 2010-02-16 15:31 177520 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubnaveng32.dll
2010-03-09 23:32 . 2010-02-16 15:31 1647984 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubnavex32a.dll
2010-03-09 23:32 . 2010-02-16 15:31 1324720 ----a-w- c:programdataSymantecDefinitionsSymcDatavirusdefs-2.5-eBinHubnavex15.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 16:14 . 2009-11-19 22:45 243598 ----a-w- c:programdatanvModes.dat
2010-04-06 16:00 . 2010-04-06 16:00 3908251 ----a-r- c:usersAndyCombo.exe
2010-04-06 14:43 . 2009-11-24 16:14 -------- d-----w- c:usersAndyAppDataRoamingPrimoPDF
2010-04-06 14:30 . 2006-11-02 12:35 -------- d-----w- c:program filesWindows Sidebar
2010-04-06 14:30 . 2006-11-02 12:35 -------- d-----w- c:program filesWindows Defender
2010-04-06 14:30 . 2010-02-08 20:05 -------- d-----w- c:usersAndyAppDataRoaminggtk-2.0
2010-04-06 14:30 . 2010-01-12 19:11 -------- d-----w- c:program filesTether
2010-04-06 14:30 . 2009-11-24 01:30 -------- d-----w- c:program filesiTunes
2010-04-06 14:30 . 2009-11-23 16:32 -------- d-----w- c:programdataMcAfee Security Scan
2010-04-06 14:30 . 2009-11-20 17:50 -------- d-----w- c:program filesGoogle
2010-04-06 14:30 . 2009-11-20 15:36 -------- d-----w- c:programdataavg8
2010-04-06 14:30 . 2009-11-19 21:42 -------- d-----w- c:program filesDellTPad
2010-04-06 14:30 . 2009-11-24 01:04 -------- d-----w- c:program filesBonjour
2010-04-06 14:30 . 2009-11-24 01:01 -------- d-----w- c:program filesCommon FilesApple
2010-04-05 21:21 . 2009-11-20 15:36 12464 ----a-w- c:windowssystem32avgrsstx.dll
2010-04-05 21:21 . 2009-11-20 15:36 29512 ----a-w- c:windowssystem32driversavgmfx86.sys
2010-04-05 21:21 . 2009-11-20 15:36 242696 ----a-w- c:windowssystem32driversavgtdix.sys
2010-04-05 21:21 . 2009-11-20 15:36 216200 ----a-w- c:windowssystem32driversavgldx86.sys
2010-04-05 21:21 . 2009-11-20 15:36 52872 ----a-w- c:windowssystem32driversavgrkx86.sys
2010-04-05 21:21 . 2009-11-20 15:36 -------- d-----w- c:program filesAVG
2010-04-05 17:40 . 2009-11-23 19:05 -------- d-----w- c:usersAndyAppDataRoamingOpenCandy
2010-03-21 01:03 . 2009-11-24 01:30 -------- d-----w- c:usersAndyAppDataRoamingApple Computer
2010-03-21 01:03 . 2010-03-21 01:03 0 ---ha-w- c:windowssystem32driversMsft_User_WpdMtpDr_01_00_00.Wdf
2010-03-21 01:02 . 2009-11-24 01:01 -------- d-----w- c:programdataApple
2010-03-12 20:53 . 2009-11-20 17:49 -------- d-----w- c:programdataNOS
2010-03-09 23:32 . 2010-02-26 12:30 -------- d-----w- c:programdataSymantec
2010-03-02 17:03 . 2010-03-02 17:03 -------- d-----w- c:usersAndyAppDataRoamingSkyGolf
2010-03-02 17:02 . 2010-03-02 17:02 -------- d-----w- c:program filesSkyGolf
2010-02-26 20:58 . 2010-02-26 20:58 -------- d-----w- c:program filesMicrosoft Silverlight
2010-02-26 12:30 . 2010-02-26 12:30 -------- d-----w- c:programdataNorton
2010-02-26 12:30 . 2010-02-26 12:30 -------- d-----w- c:program filesNorton Security Scan
2010-02-26 12:30 . 2010-02-26 12:30 -------- d-----w- c:programdataNortonInstaller
2010-02-26 12:30 . 2010-02-26 12:30 -------- d-----w- c:program filesNortonInstaller
2010-02-25 01:41 . 2010-02-25 01:41 249856 ------w- c:windowsSetup1.exe
2010-02-25 01:41 . 2010-02-25 01:41 73216 ----a-w- c:windowsST6UNST.EXE
2010-02-19 19:15 . 2009-11-19 21:31 101728 ----a-w- c:usersAndyAppDataLocalGDIPFONTCACHEV1.DAT
2010-02-08 20:02 . 2010-02-08 20:02 -------- d-----w- c:program filesGIMP-2.0
2010-01-30 14:07 . 2010-01-30 14:08 509552 ----a-w- c:programdataGoogleGoogle ToolbarUpdategtb8A40.tmp.exe
2010-01-20 19:29 . 2006-11-02 10:25 665600 ----a-w- c:windowsinfdrvindex.dat
2010-01-12 18:32 . 2010-01-12 18:32 26694 ----a-r- c:usersAndyAppDataRoamingMicrosoftInstaller{55EAE18D-83F1-4526-86B9-05FD89725AAF}BlackBerry.exe
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:windowssystem32msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:windowssystem32msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:program filesDellTPadApoint.exe" [2008-12-21 200704]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:windowssystem32nvHotkey.dll" [2009-06-16 92704]
"Kaseya Agent Service Helper"="c:program filesTeamLogic ITAgentKaUsrTsk.exe" [2008-09-04 229376]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2009-09-04 935288]
"Broadcom Wireless Manager UI"="c:program filesDellDW WLAN CardWLTRAY.exe" [2009-10-02 4685824]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:program filesJavajre6binjusched.exe" [2009-12-17 149280]
"SysTrayApp"="c:program filesIDTWDMsttray.exe" [2009-04-10 483428]
"CaddieSyncLauncher"="c:program filesSkyGolfSkyCaddie DesktopCaddieSyncLauncher.exe" [2009-11-19 95744]
"Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2010-03-30 1086856]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
McAfee Security Scan.lnk - c:program filesMcAfee Security Scan1.0.150SSScheduler.exe [2009-7-27 199184]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:windowsSystem32avgrsstx.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvc]
"VistaSp2"=hex(cool.gif:20,13,89,fd,07,9a,ca,01

S0 AvgRkx86;avgrkx86.sys;c:windowsSystem32Driversavgrkx86.sys [2010-04-05 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32Driversavgldx86.sys [2010-04-05 216200]
S1 AvgTdiX;AVG Network Redirector;c:windowssystem32Driversavgtdix.sys [2010-04-05 242696]
S2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt.inf_820ff26aaestsrv.exe [2009-02-13 81920]
S2 avg9wd;AVG WatchDog;c:program filesAVGAVG9avgwdsvc.exe [2010-04-05 308064]
S2 KaseyaAgent;Kaseya Agent;c:program filesTeamLogic ITAgentAgentMon.exe [2008-09-30 610304]
S2 KaseyaAVService;Kaseya Security Service;c:program filesTeamLogic ITAgentKasAVSrv.exe [2010-02-28 221184]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32DRIVERSe1y6032.sys [2008-04-04 224384]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:windowssystem32DRIVERSOA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:windowssystem32DRIVERSOA001Vid.sys [2009-03-08 280096]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KAPFA
.
Contents of the 'Scheduled Tasks' folder

2010-04-05 c:windowsTasksNorton Security Scan for Andy.job
- c:program filesNorton Security ScanEngine2.7.3.34Nss.exe [2010-02-26 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: boxerjam.comwww
TCP: {7CAA6DD1-5290-4B87-BF05-BAA15BD4DDBA} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-tenusakub - c:progra~2pupumonapupumona.dll
AddRemove-SLABCOMM - c:windowssystem32uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 11:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:windowssystem32wbemPerformanceWmiApRpl_new.ini 25494 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:windowssystem32nvvsvc.exe
c:windowsSystem32DriverStoreFileRepositorystwrt.inf_820ff26aSTacSV.exe
c:windowssystem32nvvsvc.exe
c:program filesDellDW WLAN CardWLTRYSVC.EXE
c:program filesDellDW WLAN Cardbcmwltry.exe
c:windowssystem32WLANExt.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesFlip VideoFlipShareFlipShareService.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
c:program filesTetherTBService.exe
c:program filesRealVNCVNC4WinVNC4.exe
c:program filesRealVNCVNC4winvnc4.exe
c:program filesXobniXobniService.exe
c:program filesAVGAVG9avgam.exe
c:program filesAVGAVG9avgnsx.exe
c:windowssystem32wbemunsecapp.exe
c:program filesAVGAVG9avgrsx.exe
c:program filesAVGAVG9avgchsvx.exe
c:program filesAVGAVG9avgcsrvx.exe
c:windowsSystem32rundll32.exe
c:program filesDellTPadApMsgFwd.exe
c:program filesDellTPadHidFind.exe
c:program filesWindows Media Playerwmpnetwk.exe
c:program filesDellTPadApntex.exe
.
**************************************************************************
.
Completion time: 2010-04-06 11:16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-06 16:16

Pre-Run: 179,971,538,944 bytes free
Post-Run: 183,018,049,536 bytes free

- - End Of File - - A7AF34CEDC22E8DEB5CBAED13574F711


I am hoping that someone can look at this and help me out.

Thanks,

My SAS results;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/06/2010 at 09:24 PM

Application Version : 4.35.1002

Core Rules Database Version : 4776
Trace Rules Database Version: 2588

Scan type : Complete Scan
Total Scan Time : 00:47:31

Memory items scanned : 343
Memory threats detected : 0
Registry items scanned : 6995
Registry threats detected : 0
File items scanned : 99738
File threats detected : 44

Adware.Vundo/Variant-Senorita
C:PROGRAMDATABESENANUBESENANU.DLL
C:PROGRAMDATAMAREHISAMAREHISA.DLL
C:PROGRAMDATAPUPUMONAPUPUMONA.DLL

Trojan.Agent/Gen-Nullo[Short]
C:PROGRAMDATADUJIWUMUDUJIWUMU.DLL
C:PROGRAMDATANIWOHUYINIWOHUYI.DLL
C:PROGRAMDATAPIYIMOJEPIYIMOJE.DLL
C:PROGRAMDATAWOVIDEZAWOVIDEZA.DLL

Adware.Vundo/Variant-[Fixed]
C:PROGRAMDATAGULUGIREGULUGIRE.DLL
C:PROGRAMDATAKEVUVOGIKEVUVOGI.DLL
C:PROGRAMDATAMEJODEVUMEJODEVU.DLL

Adware.Vundo/Variant
C:PROGRAMDATAWEMOROLUWEMOROLU.DLL
C:PROGRAMDATAWOKIDAROWOKIDARO.DLL

Trojan.RootKit/Gen
C:QooboxQuarantineCWindowsSystem32driversONLMAV~1.VIR

Adware.Tracking Cookie
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ad.wsod[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ad.yieldmanager[10].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ad.yieldmanager[6].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ad.yieldmanager[8].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ads.nba[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ads.nba[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@ads.pointroll[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@content.yieldmanager[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@content.yieldmanager[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@content.yieldmanager[3].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@content.yieldmanager[4].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@content.yieldmanager[6].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@doubleclick[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@invitemedia[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@invitemedia[3].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@media6degrees[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[3].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[4].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[5].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[6].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@mywebsearch[7].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@richmedia.yahoo[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@specificclick[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@specificmedia[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@www.burstbeacon[2].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@www.burstnet[1].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@www.burstnet[3].txt
C:UsersAndyAppDataRoamingMicrosoftWindowsCookiesLowandy@www.gamestracker[2].txt
C:WindowsSystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiessystem@ad.primopdf[2].txt



There are still a couple of issues that I believe are related.

#1: I have to manually start my print spooler even though it is on automatic start and it keeps shutting off.
#2: When I try to print from my architectural software to a pdf using Primo I get a "spooler subsystem app has stopped working" warning and it will not make a pdf.
I have 2 printers hooked up to me computer and I can print from both of them, after I start the print spooler of course.

Edited by boopme, 07 April 2010 - 07:34 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:31 AM

Posted 09 April 2010 - 07:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:31 AM

Posted 15 April 2010 - 04:19 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users