Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bloodhound.W32.EP + W32.Desktophijack [RESOLVED]

Started by cyberdyne , Aug 02 2005 02:56 PM

  • This topic is locked This topic is locked

#1
cyberdyne
Posted 02 August 2005 - 02:56 PM

cyberdyne

    Member

  • Member
  • PipPipPip
  • 105 posts
Hi guys,
Any help greatly appreciated with this.
Thank you AGAIN.

*Note:
If Crustyoldbloke should deal with this:
MACHINE NUMBER THREE :)
Thank you.


HJT Log:
======

Logfile of HijackThis v1.99.1
Scan saved at 9:48:12 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\intmonp.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\MickAndLisa\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp4824.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEEE967C-0DAC-4328-AA0A-CFC19E046E0B}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Guest_usetobe_*
Posted 02 August 2005 - 03:13 PM

Guest_usetobe_*
  • Guest
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicks...es.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicks...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicks...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp4824.tmp

Ensure no windows open except HJT and click fix checked

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#3
cyberdyne
Posted 03 August 2005 - 04:57 AM

cyberdyne

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Thanks for your help usetobe.

New Logs:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:32 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.218

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\MickAndLisa\Desktop\nic\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



=====================


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:37:35 AM, 8/3/2005
+ Report-Checksum: 204A4832

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
C:\WINDOWS\SYSTEM32\intel32.zip/intel32.exe -> Trojan.Small.eu : Error during cleaning
C:\undo\backup.cab/\Device\Harddisk0\Partition1\WINDOWS\system\ACTMOVIE.EXE -> Worm.Finaldo.a : Error during cleaning
C:\Documents and Settings\MickAndLisa\Desktop\backups\backup-20050727-170305-354.dll -> Trojan.Puper.m : Cleaned with backup
C:\Documents and Settings\MickAndLisa\Desktop\nic\backups\backup-20050803-095928-975.dll -> Trojan.Puper.m : Cleaned with backup
C:\Documents and Settings\MickAndLisa\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002606.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002607.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002608.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002615.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002616.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002617.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002632.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002636.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002653.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002654.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002655.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002673.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002676.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002686.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002687.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002688.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002701.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002702.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002703.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002710.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002711.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002712.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002719.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002720.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002721.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002728.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002729.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002731.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002738.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002739.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP14\A0002741.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002763.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002764.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002766.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002773.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002775.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002777.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002791.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002792.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002793.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002821.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002822.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002823.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002831.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002833.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002835.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002840.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002841.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002842.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002861.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002863.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002869.exe -> Trojan.Favadd.ae : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002880.exe -> Trojan.Puper.ab : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002881.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002882.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002897.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002900.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002901.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002907.exe -> Trojan.Favadd.ae : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002920.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002921.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002923.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002929.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002930.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002931.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002938.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002939.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002940.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002966.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002967.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002968.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002996.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0002997.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003004.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003005.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003024.exe -> Trojan.Favadd.af : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003030.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003031.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003045.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003389.exe -> TrojanDownloader.Zlob.u : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003693.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003847.exe -> Trojan.Small.eu : Cleaned with backup
C:\System Volume Information\_restore{FA7169A6-AF12-4B06-9080-96CAABE1B377}\RP15\A0003855.exe -> Trojan.Puper.w : Cleaned with backup


::Report End


============================





smitRem log file
version 2.2

by noahdfear

The current date is: Wed 08/03/2005
The current time is: 10:02:05.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

PSGuard spyware remover
PSGuard spyware remover.lnk
Online Dating.lnk
quick launch PSGuard spyware remover.lnk


~~~ Favorites ~~~

adult
cars
sexual life
shopping
job search.url
poker.url
Online Gambling.url
online dating.url
Black Jack Online.url
Online Pharmacy\Adipex.url
Black Jack Online.url
Home Loan.url
Network Security.url
Online Dating.url
Online Pharmacy.url
Remove Spyware.url
Spam Filters.url
Take It Here - Free * TGP.url
Web Detective.url
Online Gambling folder
Online Pharmacy folder


~~~ system32 folder ~~~

oleext.dll
wppp.html
oleadm.dll
intel32.exe
intmonp.exe
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles


~~~ Windows directory ~~~

sites.ini
popuper.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~


==========================

*EDIT:
NEW EWIDO SCAN REPORT:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:33:09 PM, 8/3/2005
+ Report-Checksum: 6CD7E2EF

+ Scan result:

No infected objects found.


::Report End

Edited by cyberdyne, 03 August 2005 - 05:37 AM.

  • 0

#4
Guest_usetobe_*
Posted 03 August 2005 - 05:42 AM

Guest_usetobe_*
  • Guest
From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#5
cyberdyne
Posted 03 August 2005 - 05:46 AM

cyberdyne

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Thanks very much matey - much appreciated :tazz:
  • 0

#6
Guest_usetobe_*
Posted 03 August 2005 - 05:58 AM

Guest_usetobe_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP