Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is the Vundo virus still on laptop?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Is the Vundo virus still on laptop?

Unread postby random/random » August 1st, 2008, 9:20 am

Log in user Beth

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O4 - HKCU\..\Run: [1d0f117a] rundll32.exe "C:\WINDOWS\system32\gmrgocyw.dll",b
O4 - HKCU\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\tpbxafxt.dll",s


Then close all windows except HijackThis and click Fix Checked.

Log into user Matthew

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O4 - HKCU\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\tpbxafxt.dll",s

Then close all windows except HijackThis and click Fix Checked.

Log into user Nicola

Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O4 - HKCU\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\tpbxafxt.dll",s

Then close all windows except HijackThis and click Fix Checked.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post, along with a new HijackThis log and a description of any remaining problems.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Re: Is the Vundo virus still on laptop?

Unread postby Miker » August 1st, 2008, 12:19 pm

Looking at the instructions for Kaspersky Online Scanner, it looks to me as though it has to be run online, rather than downloaded and transferred across to the laptop by CD as I did with Highjackthis and ComboFix. If so, it will be a day or two before I get the opportunity to visit my son's house and run the laptop on the wireless network. In the meantime I could do the Hijackthis runs and post them back to you, or would you rather wait until I can complete all the tasks?
When running Kaspersky, I could turn off Norton Internet Security Auto Protect. Would that suffice?
Miker
Active Member
 
Posts: 12
Joined: July 26th, 2008, 6:30 am

Re: Is the Vundo virus still on laptop?

Unread postby random/random » August 2nd, 2008, 1:57 pm

In the meantime I could do the Hijackthis runs and post them back to you, or would you rather wait until I can complete all the tasks?


You can do the HijackThis runs now.

When running Kaspersky, I could turn off Norton Internet Security Auto Protect. Would that suffice?


That will be fine.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Is the Vundo virus still on laptop?

Unread postby Miker » August 4th, 2008, 3:32 pm

Ran Hijackthis which cleared the offending DLL messages.
I will not now be able to run Kaspersky until early next week when my son returns from his holiday.
Miker
Active Member
 
Posts: 12
Joined: July 26th, 2008, 6:30 am

Re: Is the Vundo virus still on laptop?

Unread postby random/random » August 4th, 2008, 4:23 pm

OK, I'll still be here.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Is the Vundo virus still on laptop?

Unread postby Miker » August 13th, 2008, 3:25 pm

Kaspersky log below.



Wednesday, August 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 13, 2008 17:11:18
Records in database: 1089740


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 76751
Threat name 20
Infected objects 444
Suspicious objects 0
Duration of the scan 01:07:51

File name Threat name Threats count
C:\WINDOWS\system32\llhpfssc.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\qhhsasmv.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\vuapjupj.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\hscmhaor.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\tqqofcne.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\igflvrxd.dll Infected: Trojan.Win32.Monder.gen 1

C:\WINDOWS\system32\cnyfkkyo.dll Infected: Trojan.Win32.Monder.gen 1

C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.45_13.40.42_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1

C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.46_15.12.45_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1

C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.47_10.59.24_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1

C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.48_14.06.10_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1

C:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.49_14.29.42_swiftswitch(update).exe Infected: not-a-virus:AdWare.Win32.EShoper.bg 1

C:\Documents and Settings\DAVID\Application Data\Sun\Java\Deployment\cache\6.0\21\41b4d995-670679e8 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003714.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003718.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003719.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003720.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003721.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003722.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003723.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003725.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003726.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003727.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003728.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003729.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003731.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003732.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003733.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003734.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003735.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003736.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003737.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003738.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003741.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003743.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003745.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003747.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003748.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003749.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003750.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003751.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003752.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003753.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003755.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003756.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003758.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003759.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003760.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003761.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003762.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003763.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003764.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003765.dll Infected: Trojan.Win32.Monder.mu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003766.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003767.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003768.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003769.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003770.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003771.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003772.dll Infected: Trojan.Win32.Monder.mu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003773.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003774.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003775.DLL Infected: Trojan.Win32.Monder.aty 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003776.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aawu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003779.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003780.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003781.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003782.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003783.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003784.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003785.dll Infected: Trojan.Win32.Monder.brk 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003786.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aauk 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003787.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003788.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003789.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003790.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003792.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003793.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003795.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003796.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003797.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003798.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003800.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aawh 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003805.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003806.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003807.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003808.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003809.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003810.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003811.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003813.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003814.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003815.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003816.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003817.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003819.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003820.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003823.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003824.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003825.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003826.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003827.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003828.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aani 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003830.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003831.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003832.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003833.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003834.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003835.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003836.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003837.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003838.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003839.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003840.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003841.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003842.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003843.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003844.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003845.dll Infected: Trojan.Win32.Monder.mu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003847.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003848.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003849.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003850.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003851.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003852.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003853.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003854.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003857.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003858.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003859.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003860.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003861.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003862.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003863.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aawu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003864.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003865.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003866.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003868.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003869.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003870.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003871.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003872.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003873.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003874.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003875.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003876.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abiu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003878.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003879.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003881.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003882.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aazv 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003883.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003884.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003885.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aapt 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003887.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003888.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003890.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003891.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003892.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003893.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003894.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003895.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003897.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003898.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003899.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003900.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003902.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003903.dll Infected: Trojan.Win32.Monder.mu 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003904.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003905.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003906.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003907.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003908.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.abso 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003909.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003911.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003912.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003913.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003914.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003915.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003916.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003917.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003918.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003919.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003921.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003922.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003924.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003925.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003926.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003927.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003928.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003929.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003930.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003931.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003932.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003935.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003936.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003937.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003938.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003940.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003941.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003943.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abde 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003944.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003945.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003946.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003947.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003948.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003949.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003950.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003951.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003952.dll Infected: Trojan.Win32.Obfuscated.auw 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003953.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003954.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003955.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003956.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP3\A0003957.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP10\A0004899.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP10\A0004900.dll Infected: Trojan.Win32.Monder.gen 1

C:\System Volume Information\_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP10\A0004904.dll Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\ddcApNDU.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\ddcDtrPj.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\ddcDwxxx.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\mmkmyrgu.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\okpnjsdj.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\qoMeDVOG.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\qoMeETNh.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\qrnvlxok.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\rqRLefGW.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\VundoFix Backups\ssqRIaYS.dll.bad Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1

C:\QooBox\Quarantine\C\WINDOWS\system32\abbsvunx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\abmhtl.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\addgwura.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\agsgemub.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\aibmcgex.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\aotprvow.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\atwlmgtc.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\aufcdjvq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\avdfchmd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\axholb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\axtatkfn.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\beiwjbxs.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bhbgtgfa.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bmbdweuc.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bqpuijff.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bsdcppoi.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bxnreyst.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\bypmoqhm.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\catrbddw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\damcivkb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dhotpfcr.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dkafqfry.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dosnjljv.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dpmqyoxq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dqgbmuha.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dqpixgwx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\drcvfejd.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dvarssgj.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dxwuolnb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\eaupjvuv.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\eiliosxm.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\epbwqfjd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ervalgnl.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\evipvdhg.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\faateult.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fadgpioj.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fdminvfr.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ffgsabht.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fhrtuptf.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fhwrgjdw.dll.vir Infected: Trojan.Win32.Monder.mu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fnoexujv.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fpllmcux.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fvwcmssq.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fxuihdpm.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gbpfssil.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gegjijmr.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gjdgpgee.dll.vir Infected: Trojan.Win32.Monder.mu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gknswquw.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\glaowjox.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gmrgocyw.dll.vir Infected: Trojan.Win32.Monder.aty 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gnefywkb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\goibgacj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aawu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gsokqmmw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\gwqhbkcn.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\haophw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hcwtuvwq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hhuksrux.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hihvnqos.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hncxpffb.dll.vir Infected: Trojan.Win32.Monder.brk 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hqqhqwlp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aauk 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hskuqxth.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hteeiseo.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hvfbtcun.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\icpoedst.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ijafqncq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ijsdqiit.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\iqllhwwf.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ixhineto.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\iygeyigq.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jabrcgci.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jbcueqvx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jiboyxls.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aawh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkql.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jtbrdwcw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\juoqajat.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kewuuytr.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kfdiirvk.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kfxtfloc.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\khvijpuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kllgmcpo.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ktdfdhuk.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\kujydytp.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lahkxrlc.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\levubwtd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lguspmvw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lhcarybi.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ljwqwdoq.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lkjvdmwb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lkofqpjk.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lmbcgqbi.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lqufsyvo.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lsagiywm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aani 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lusggggo.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lvklqesh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lvrvjlip.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mbnwvpnk.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mbyamdip.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mdswtwie.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\meiuhvsy.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mikgiqpo.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mitwtfip.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mixtdgqw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mnognbov.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mpjeyp.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mrdwyifp.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mtfbqdik.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mwpghkaa.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\myaioids.dll.vir Infected: Trojan.Win32.Monder.mu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\myrusq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\myukgpkb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ndtkcsux.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nhwwgbrd.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nigqjhiw.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nlhykuhw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\noeepebv.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ntyjcdyd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\nvskfdup.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\obtuhpjf.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\oealrufo.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ofxujpgu.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ogexqlap.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ogkhjogy.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\oikbhopb.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\oilswhpq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aawu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\olqqlcox.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ooodnllg.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\osmdtlir.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\oysjkmex.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\papbsyvd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pcofdxjb.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pifxfior.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pjhkbouw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pjmgfoek.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pnjatygu.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pqbaxclr.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pubghwgi.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\puqqrlpj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abiu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pvapmtbh.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pxjlwnkw.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qpuosktv.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qquhdssx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aazv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qricthfw.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\qtkbuyny.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rapkhkky.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rckekcuy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aapt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\reuqoqbl.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rshuarmq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rxixiipj.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\salrnmpj.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\shpylskp.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\shyfkosu.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sigfpprh.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sjlgacjf.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\solxwooy.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sreqxh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\srohsbnk.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\swaccdnm.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tarxxgam.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tcskjrrf.dll.vir Infected: Trojan.Win32.Monder.mu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tcxmwgmk.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tfioprkr.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tjejwmvd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tlhsxmvh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tpbxafxt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abso 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tyhciaxo.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ufnvulqh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ufysguie.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ugklbggn.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\uklwfufe.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\umtclrmh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\uniulenc.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\unyfkywf.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\uupatejd.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\uwdfriry.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vctmwnia.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vfbyxhmf.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vnlrhrep.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vrybejhl.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vsdaxsnn.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\vssgyjai.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wefvpfhq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wgcylrex.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\whhgyvdf.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wkmuilvh.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\woerpoka.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wtgrjpcp.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wuuhcstt.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wvphuxja.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xftnatmw.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xhtdpxvg.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xixkmylj.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xmbfqjrl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.abde 1

C:\QooBox\Quarantine\C\WINDOWS\system32\xvekslcb.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yaisvaao.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yfoxdfir.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yhreskrd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yiyyfdbd.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ykvxujot.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yospwmbl.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yrmpqeee.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yvvjodji.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ywoyybmx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yxtunyfa.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yyoqsltj.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yyvngkcu.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\znpyjq.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\aevrvfph.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ferwpvhx.dll.vir Infected: Trojan.Win32.Monder.gen 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wmzkoh.dll.vir Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

Hijackthis log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:53, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\IRReceive.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [IRReceive] C:\WINDOWS\system32\IRReceive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?4082c65fcdde43018626f68d2c7630c1
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?4082c65fcdde43018626f68d2c7630c1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b57176.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9153 bytes
Miker
Active Member
 
Posts: 12
Joined: July 26th, 2008, 6:30 am

Re: Is the Vundo virus still on laptop?

Unread postby random/random » August 13th, 2008, 3:59 pm

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\llhpfssc.dll
    C:\WINDOWS\system32\qhhsasmv.dll
    C:\WINDOWS\system32\vuapjupj.dll
    C:\WINDOWS\system32\hscmhaor.dll
    C:\WINDOWS\system32\tqqofcne.dll
    C:\WINDOWS\system32\igflvrxd.dll
    C:\WINDOWS\system32\cnyfkkyo.dll
    C:\Documents and Settings\All Users\Application Data\SwiftSwitch
    C:\Documents and Settings\DAVID\Application Data\Sun\Java\Deployment\cache\6.0\21\41b4d995-670679e8
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Is the Vundo virus still on laptop?

Unread postby Miker » August 14th, 2008, 5:03 pm

Log of OTMoveIt2 below.


C:\WINDOWS\system32\llhpfssc.dll NOT unregistered.
C:\WINDOWS\system32\llhpfssc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\qhhsasmv.dll
C:\WINDOWS\system32\qhhsasmv.dll NOT unregistered.
C:\WINDOWS\system32\qhhsasmv.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vuapjupj.dll
C:\WINDOWS\system32\vuapjupj.dll NOT unregistered.
C:\WINDOWS\system32\vuapjupj.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hscmhaor.dll
C:\WINDOWS\system32\hscmhaor.dll NOT unregistered.
C:\WINDOWS\system32\hscmhaor.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tqqofcne.dll
C:\WINDOWS\system32\tqqofcne.dll NOT unregistered.
C:\WINDOWS\system32\tqqofcne.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\igflvrxd.dll
C:\WINDOWS\system32\igflvrxd.dll NOT unregistered.
C:\WINDOWS\system32\igflvrxd.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\cnyfkkyo.dll
C:\WINDOWS\system32\cnyfkkyo.dll NOT unregistered.
C:\WINDOWS\system32\cnyfkkyo.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\link 1 2 9 0\Notes moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\link 1 2 9 0\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\link 1 2 9 0 moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Default\Notes moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Default\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles\Default moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch\Profiles moved successfully.
C:\Documents and Settings\All Users\Application Data\SwiftSwitch moved successfully.
C:\Documents and Settings\DAVID\Application Data\Sun\Java\Deployment\cache\6.0\21\41b4d995-670679e8 moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll NOT unregistered.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_213744
Miker
Active Member
 
Posts: 12
Joined: July 26th, 2008, 6:30 am

Re: Is the Vundo virus still on laptop?

Unread postby random/random » August 15th, 2008, 5:55 am

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Image

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general use and could cause damage if used inappropriately.

  • Double click OTMoveIt2.exe to launch it.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt2
  • Now delete OTMoveIt2.exe (if still present)

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  1. Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  2. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  3. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  4. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  5. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  6. Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  7. Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  8. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: Is the Vundo virus still on laptop?

Unread postby NonSuch » August 20th, 2008, 8:13 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware