Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log- Monkeybal10


  • This topic is locked This topic is locked
2 replies to this topic

#1 monkeybal10

monkeybal10

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 07 October 2005 - 12:47 PM

This is the new log posted form HJT:

(10/7/05 1:27:20 PM) SPSeHjFix started v1.1.2
(10/7/05 1:27:20 PM) OS: WinXP Service Pack 1 (5.1.2600)
(10/7/05 1:27:20 PM) Language: english
(10/7/05 1:27:20 PM) Win-Path: C:\WINDOWS
(10/7/05 1:27:20 PM) System-Path: C:\WINDOWS\System32
(10/7/05 1:27:20 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(10/7/05 1:27:21 PM) Disinfection started
(10/7/05 1:27:21 PM) Bad-Dll(IEP): (not found)
(10/7/05 1:27:21 PM) Bad-Dll(IEP) in BHO: (not found)
(10/7/05 1:27:21 PM) UBF: 7 - UBB: 6 - UBR: 34
(10/7/05 1:27:21 PM) UBF: 7 - UBB: 6 - UBR: 34
(10/7/05 1:27:21 PM) Bad IE-pages: (none)
(10/7/05 1:27:21 PM) Stealth-String not found
(10/7/05 1:27:21 PM) Not infected->END


This is the report from ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:21:19 PM, 10/7/2005
+ Report-Checksum: 8F21B09F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
[1148] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Cleaned with backup
[1368] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1476] C:\WINDOWS\System32\aw.dll -> TrojanProxy.Agent.df : Error during cleaning
[1864] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[404] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[740] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1996] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[508] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1440] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1484] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1248] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[1544] C:\WINDOWS\System32\intel32.exe -> Trojan.Agent.ff : Cleaned with backup
[1552] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2164] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2316] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2324] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2356] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2372] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[2392] C:\PROGRA~1\COMMON~1\izok\izokm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
[2480] C:\PROGRA~1\COMMON~1\izok\izoka.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
[2752] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[3744] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
[3904] C:\PROGRA~1\COMMON~1\izok\izokl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
[2596] C:\WINDOWS\System32\OLEADM.dll -> Trojan.Agent.ff : Error during cleaning
C:\command.exe -> TrojanDropper.Delf.ev : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\installer_MARKETING35.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0916200519523193906.asw -> Trojan.Agent.ff : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0916200519523194031.asw -> Trojan.Stervis.g : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0916200519523195171.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\izok\izoka.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\izok\izokl.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\izok\izokm.exe -> TrojanDownloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\izok\izokp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINDOWS\mlsprmp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\aw.dll -> TrojanProxy.Agent.df : Error during cleaning
C:\WINDOWS\system32\ccblgll.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINDOWS\system32\ccblgllaeg05.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\epx30106.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\fazi.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\fazindw30104lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\intel32.exe -> Trojan.Agent.ff : Cleaned with backup
C:\WINDOWS\system32\kA1A8TkT.dll -> Backdoor.CmjSpy.bt : Cleaned with backup
C:\WINDOWS\system32\oleadm.dll -> Trojan.Agent.ff : Cleaned with backup
C:\WINDOWS\system32\xozvxpq.exe -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\xozvxpqaeg06.dll -> TrojanDownloader.Lastad.r : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\xuykvgnuymg.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

BC AdBot (Login to Remove)

 


#2 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 08 October 2005 - 10:28 PM

Please do NOT start a new topic for this problem.
Reply only in this thread by clicking the Posted Image button.

It's been about three weeks since your first post. In that periond of time the malware may have multiplied and changed some file names.
It would help to continue the fix sooner and post only in this thread.

Please post a fresh hijackthis log.
Posted Image

#3 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 06 November 2005 - 12:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users