Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: bpmon.exe

  1. #1
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default bpmon.exe

    please help tried removing this with superantispyware pro.it worked i rebboted turned off sytem restore rebooted turned it back on,all system restore points had dissapeared and the worm/trojan is back and flashing at me,ran antispyware again but it didnt detect anything.
    so heres a hjl if anyone can help.

    gfile of HijackThis v1.99.1
    Scan saved at 20:44:47, on 01/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\lxcdcoms.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
    C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
    Use "Post Reply" to post the information in the instructions and stay in the same topic.

    HJT is not showing this item, that is why we ask for the online scan results. In this case it sounds like Smitfraud so we will take a look first. You may hold the online scan unless I tell you I need it.

    http://siri.geekstogo.com/SmitfraudFix.php <<< Download Smitfraudfix from here and follow ONLY these instructions:

    1) Search:
    Double-click SmitfraudFix.exe
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consultin...rocessutil.htm

    2) Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.


    3) C:\Program Files\SUPERAntiSpyware\ <<< do you still have this program on the computer?

    Post the information I requested the uninstall list and the C:\rapport.txt from Smitfraudfix.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default bpmon.exe reports

    Adobe Flash Player 9 ActiveX
    Advanced System Optimizer 2.01
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    CA eTrust PestPatrol Anti-Spyware
    Command & Conquer 3
    Command & Conquer Generals
    Command and ConquerTM Generals Zero Hour
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    eBay Toolbar
    GameShadow
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Video Player
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB926239)
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Lexmark 6300 Series
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office XP Professional with FrontPage
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Motherboard Monitor 5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    PowerDVD
    QuickTime
    RealPlayer
    Red Alert Windows 95
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Spybot - Search & Destroy 1.4
    SUPERAntiSpyware Professional
    System Spyware Interrogator
    The Battle for Middle-earth (tm) II
    Turbo Lister 2
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Vista Upgrade Advisor
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinRAR archiver
    Zoo Tycoon: Complete Collection
    Zuma Deluxe RA

    SmitFraudFix v2.173

    Scan done at 18:14:10.29, 02/05/2007
    Run from
    C:\Documents and Settings\gill&ade\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\lxcdcoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dxovx.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles






    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\gill


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

    [HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: National Semiconductor DP83815-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.20.75

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    super antispyware still installed.
    regards

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks, Smitfraud is present, follow these instructions:
    Clean:
    Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    Double-click SmitfraudFix.exe
    Select 2 and hit Enter to delete infect files.
    You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:
    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

    __________________________________________________

    Please tell me why no antivirus program is running in your HJT log? SUPERAntiSpyware is not an antivirus program. I see this in the uninstall list:
    CA eTrust PestPatrol Anti-Spyware which is also only an antispyware program? If you need a free antivirus program, here is a good one you can use:
    http://free.grisoft.com/doc/avg-anti.../lng/us/tpl/v5
    Download, install, update and run a complete system scan and let me know about the results.

    Do you own SUPERAntiSpyware or CA eTrust PestPatrol Anti-Spyware, you need to have a good spyware program running and I will suggest one if needed, but if those are only trials, you will want to uninstall them

    J2SE Runtime Environment 5.0 Update 11 <<< out of date, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    Download the newest version and then uninstall that old version in Add Remove programs.

    Complete all of the above instructions, then post any information I requested, the C:\report.txt from Smitfraudfix and a new HJT log. Let me know how the computer is running now.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default as requester

    did everything you asked
    updated java
    and installed the new antivirus program it detected 88 on drive c and over 13000 on drive g thanks for advice i think its got rid of that virus it doent pop up any more.
    have not noticed increase on performance though.





    SmitFraudFix v2.173

    Scan done at 19:19:08.50, 02/05/2007
    Run from
    C:\Documents and Settings\gill&ade\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

    [HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\dxovx.dll -> Hoax.Win32.Renos.gen.m
    C:\WINDOWS\system32\dxovx.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6055A0C3-2AF7-4E6C-AA05-6886DB816494}: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.20.75


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

  6. #6
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default hjt log

    sorry forgot the hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 09:13:13, on 03/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\lxcdcoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

  7. #7
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thank for returning your information, you said:
    and installed the new antivirus program it detected 88 on drive c and over 13000 on drive g thanks for advice i think its got rid of that virus it doent pop up any more.
    have not noticed increase on performance though.
    Please provide more information. what is 88? what are "over 13000" and since I see no drive but C:\ what is your D drive.
    As far as the performance, you need to describe it, I am removing malware, I can give you some maintanence tips that may or may not help the computer to run better once the malware is gone, but you need to provide information.

    Logfile of HijackThis v1.99.1 Scan saved at 09:13:13, on 03/05/2007

    1) Would you assure me this item is valid: O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    If you do not know, remove it with HJT during the next steps.

    2) Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. We will use this later.

    3) AVG Anti-Spyware: Deactivate the Resident Shield
    - Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
    - To do this, click "Change State" to the right of the Resident Shield option in the main window.
    - You will clearly see the status change to Inactive if you have done this correctly.

    4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    (remove unless you set the HomePage to blank)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    (remove unless you are positive it is safe)

    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    5) Follow the instructions in this link to run AVG Anti-Spyware (make sure you update it first) and delete or at least quarantine anything it finds. Save the scan report to post.
    http://forums.security-central.us/showthread.php?t=3165

    6) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Restart the computer and post any information I requested, the AVG Anti-Spyware scan results and a new HJT log.

    Thanks

    (AVG Anti-Spyware...if it removes a load of stored cookies on that D drive, edit them out before posting the log. I do not need to see them as long as you deleted them)
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  8. #8
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default report

    cannot send the avg report as everytime i try to paste it the sytem becomes non responsive maybe its to big.did everything on your list.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:11:01, on 03/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxcdcoms.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Documents and Settings\gill&ade\Desktop\films\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I need to see the scan report from AVG Anti-Spyware, make sure you have edited out any cookies it located then break it into posts that you can post.

    also, you are now running MSConfig (System Configuration Untility) in Selective Startup mode. Please return it to Normal Mode until we are done working together, then you can return to SS mode to save your resources.
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    Please also provide the information I requested at the beginning of my last post.

    Thanks
    Last edited by pskelley; 2007-05-03 at 20:47. Reason: add instructions
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Junior Member
    Join Date
    May 2007
    Posts
    11

    Default please read the bottom

    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 17:55:05 03/05/2007

    + Scan result:



    G:\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : Cleaned.
    G:\RECYCLER\NPROTECT\00036787.EXE -> Adware.BugDoctor : Cleaned.
    G:\RECYCLER\NPROTECT\00036788.EXE -> Adware.BugDoctor : Cleaned.
    G:\RECYCLER\NPROTECT\00036789.CHM -> Adware.BugDoctor : Cleaned.
    G:\Windows.old\Program Files\Bug Doctor\Bug Doctor Help.chm -> Adware.BugDoctor : Cleaned.
    G:\Windows.old\Program Files\Bug Doctor\BugDoctor.exe -> Adware.BugDoctor : Cleaned.
    G:\Windows.old\Program Files\Bug Doctor\BugDoctorLiveUpdate.exe -> Adware.BugDoctor : Cleaned.
    G:\Windows.old\Program Files\Picasa\pinstall.dll -> Adware.LookMe : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0014903.exe -> Backdoor.Eter.a : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001521.exe -> Dropper.Delf.xo : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0014902.exe -> Dropper.Small : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001461.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001462.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001463.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001464.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001465.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001466.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001467.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001468.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001469.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001470.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001471.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001472.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001473.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001474.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001475.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001476.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001477.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001478.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001479.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001480.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001481.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001482.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001483.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001484.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001485.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001486.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001487.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001488.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001489.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001490.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001491.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001492.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001493.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001494.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001495.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001496.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001497.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001498.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001499.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001500.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001501.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001502.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001503.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001504.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001505.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001506.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001507.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001508.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001509.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001510.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001511.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001512.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001513.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001514.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001515.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001516.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001517.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001518.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001519.exe -> Dropper.VB.lu : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001520.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001522.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001523.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001524.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001525.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001526.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001527.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001528.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001529.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001530.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001531.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001532.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001533.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003147.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003148.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003149.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003150.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003151.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003839.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003840.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003841.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003842.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003843.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003844.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003845.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003846.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003847.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003848.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003849.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003850.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003851.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003852.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0003853.exe -> Dropper.VB.lu : Cleaned.
    GG:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005571.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005572.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005573.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005574.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005575.exe -> Dropper.VB.lu : Cleaned.
    G:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0005576.exe -> Dropper.VB.lu : Cleaned.
    this listed goes upto if you see the last 4 digits 14901
    then these are listed
    C:\Documents and Settings\gill&ade\Cookies\gill&ade@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\gill&ade\Cookies\gill&ade@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\gill&ade\Cookies\gill&ade@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\gill&ade\Cookies\gill&ade@e-2dj6wfmiqhajeho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\gill&ade\Cookies\gill&ade@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/td.exe -> Worm.Agent.v : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/zgo.exe -> Worm.Agent.v : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001457.exe -> Worm.Agent.v : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001458.exe -> Worm.Agent.v : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001455.exe/run.exe -> Worm.VB.njc : Cleaned.
    C:\System Volume Information\_restore{B06F1418-AA07-4388-B1CD-B97103C510B8}\RP9\A0001456.exe -> Worm.VB.njc : Cleaned.


    ::Report end

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •