Hijack This Notepad

  1. 26-11-2006  #11
    Ghi5000
    Ghi5000 is offline Newbie

    Re: Hijack This Notepad

    One more infection down, here's the log

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Dorothy Imler\Desktop
    [11/26/2006]
    [12:48:05 AM]

    ---Infection Files Found/Removed---
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\Wave rect balm mpeg.exe
    C:\Documents and Settings\Greg Imler\Local Settings\Temp\532c2e2.exe
    C:\Documents and Settings\Greg Imler\Local Settings\Temp\ce980fe1.exe
    C:\Documents and Settings\Greg Imler\Local Settings\Temp\d3fbfc2a.exe
    C:\Documents and Settings\Greg Imler\Local Settings\Temp\ded2a221.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\bexoweiz.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\ocudqqgf.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\Wave rect balm mpeg.exe
    C:\Documents and Settings\Jeff Imler\Local Settings\Temp\Inside Program.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\2bird.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\4second.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\active first.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Bold comp.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\DATE SAFE.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\dent send.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Does Barb.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Exit Scr.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Fastgrid.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Filebolt.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\FOUR 1.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\greychic.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Grim Move.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\idle bore.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Knob safe.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Open Lite.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Pop this.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\rectflag.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\settingserror.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Skip Ace.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\softroam.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\view error.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\bnaecdrm.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\cwsfvajc.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\fhcucgte.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\hcqjxabq.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\pfemrqsz.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\rylobusj.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\sssjnuii.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\ttdxjdqt.exe
    C:\Documents and Settings\Greg Imler\Application Data\the bash dale\vylqejpc.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\dhtylcbg.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\ehuhcbtu.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\lewchinr.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\poyreslk.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\qpgjhnhs.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\tvxbvqwe.exe
    C:\Documents and Settings\Jeff Imler\Application Data\the bash dale\zaxlsmur.exe
    C:\WINDOWS\tasks\8C7AA0C597717ED1.job
    C:\WINDOWS\tasks\B63790589C8807F0.job
    C:\WINDOWS\tasks\B77E910999210765.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Bvrp Software
    C:\Documents and Settings\All Users\Application Data\Creative
    C:\Documents and Settings\All Users\Application Data\Delfin
    C:\Documents and Settings\All Users\Application Data\Dell
    C:\Documents and Settings\All Users\Application Data\Ieservice
    C:\Documents and Settings\All Users\Application Data\Macrovision
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Msn Messenger 5.0.0527
    C:\Documents and Settings\All Users\Application Data\Msn6
    C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Sbsi
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users.windows\Application Data\Adobe
    C:\Documents and Settings\All Users.windows\Application Data\Aol
    C:\Documents and Settings\All Users.windows\Application Data\Aol Downloads
    C:\Documents and Settings\All Users.windows\Application Data\Apple Computer
    C:\Documents and Settings\All Users.windows\Application Data\Creative
    C:\Documents and Settings\All Users.windows\Application Data\Dell
    C:\Documents and Settings\All Users.windows\Application Data\Dpi -- EMPTY Directory
    C:\Documents and Settings\All Users.windows\Application Data\Microsoft
    C:\Documents and Settings\All Users.windows\Application Data\Msn6
    C:\Documents and Settings\All Users.windows\Application Data\Nview_profiles -- EMPTY Directory
    C:\Documents and Settings\All Users.windows\Application Data\Pcsvc
    C:\Documents and Settings\All Users.windows\Application Data\Quicktime
    C:\Documents and Settings\All Users.windows\Application Data\Settings Hope Htm Soap
    C:\Documents and Settings\All Users.windows\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users.windows\Application Data\Symantec
    C:\Documents and Settings\All Users.windows\Application Data\Viewpoint
    C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Symantec
    C:\Documents and Settings\Default User.windows\Application Data\Microsoft
    C:\Documents and Settings\Dorothy Imler\Application Data\Identities
    C:\Documents and Settings\Dorothy Imler\Application Data\Lavasoft
    C:\Documents and Settings\Dorothy Imler\Application Data\Macromedia
    C:\Documents and Settings\Dorothy Imler\Application Data\Microsoft
    C:\Documents and Settings\Dorothy Imler\Application Data\Mozilla
    C:\Documents and Settings\Dorothy Imler\Application Data\Real
    C:\Documents and Settings\Dorothy Imler\Application Data\Talkback
    C:\Documents and Settings\Dorothy Imler\Application Data\Viewpoint
    C:\Documents and Settings\Greg Imler\Application Data\Acccore
    C:\Documents and Settings\Greg Imler\Application Data\Adobe
    C:\Documents and Settings\Greg Imler\Application Data\Aim
    C:\Documents and Settings\Greg Imler\Application Data\Anvil Studio
    C:\Documents and Settings\Greg Imler\Application Data\Apple Computer
    C:\Documents and Settings\Greg Imler\Application Data\Funkitron
    C:\Documents and Settings\Greg Imler\Application Data\Google
    C:\Documents and Settings\Greg Imler\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Greg Imler\Application Data\Identities
    C:\Documents and Settings\Greg Imler\Application Data\Ieeb -- EMPTY Directory
    C:\Documents and Settings\Greg Imler\Application Data\Intertrust
    C:\Documents and Settings\Greg Imler\Application Data\Lavasoft
    C:\Documents and Settings\Greg Imler\Application Data\Leadertech
    C:\Documents and Settings\Greg Imler\Application Data\Macromedia
    C:\Documents and Settings\Greg Imler\Application Data\Microsoft
    C:\Documents and Settings\Greg Imler\Application Data\Move Rdr Funk -- EMPTY Directory
    C:\Documents and Settings\Greg Imler\Application Data\Mozilla
    C:\Documents and Settings\Greg Imler\Application Data\Msn6
    C:\Documents and Settings\Greg Imler\Application Data\Openoffice.org2
    C:\Documents and Settings\Greg Imler\Application Data\Real
    C:\Documents and Settings\Greg Imler\Application Data\Sun
    C:\Documents and Settings\Greg Imler\Application Data\Talkback
    C:\Documents and Settings\Greg Imler\Application Data\Ventrilo
    C:\Documents and Settings\Greg Imler\Application Data\Viewpoint
    C:\Documents and Settings\Greg Imler\Application Data\{12ee7a5e-0674-42f9-a76b-000000004d00} -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\Adobe
    C:\Documents and Settings\Jeff Imler\Application Data\Aim
    C:\Documents and Settings\Jeff Imler\Application Data\Apple Computer
    C:\Documents and Settings\Jeff Imler\Application Data\A?sembly
    C:\Documents and Settings\Jeff Imler\Application Data\F?nts
    C:\Documents and Settings\Jeff Imler\Application Data\Google
    C:\Documents and Settings\Jeff Imler\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\Identities
    C:\Documents and Settings\Jeff Imler\Application Data\Ieeb -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\Lavasoft -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\Macromedia
    C:\Documents and Settings\Jeff Imler\Application Data\Microsoft
    C:\Documents and Settings\Jeff Imler\Application Data\Move Rdr Funk -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\Mozilla
    C:\Documents and Settings\Jeff Imler\Application Data\Msn6
    C:\Documents and Settings\Jeff Imler\Application Data\M?crosoft.net
    C:\Documents and Settings\Jeff Imler\Application Data\Openoffice.org2
    C:\Documents and Settings\Jeff Imler\Application Data\Real
    C:\Documents and Settings\Jeff Imler\Application Data\Sun
    C:\Documents and Settings\Jeff Imler\Application Data\S?curity
    C:\Documents and Settings\Jeff Imler\Application Data\S?mantec
    C:\Documents and Settings\Jeff Imler\Application Data\S?mbols
    C:\Documents and Settings\Jeff Imler\Application Data\S?stem32
    C:\Documents and Settings\Jeff Imler\Application Data\Talkback
    C:\Documents and Settings\Jeff Imler\Application Data\The Bash Dale
    C:\Documents and Settings\Jeff Imler\Application Data\Viewpoint
    C:\Documents and Settings\Jeff Imler\Application Data\W?nsxs
    C:\Documents and Settings\Jeff Imler\Application Data\{12ee7a5e-0674-42f9-a76b-000000004d00} -- EMPTY Directory
    C:\Documents and Settings\Jeff Imler\Application Data\?dobe
    C:\Documents and Settings\Jeff Imler\Application Data\?pppatch
    C:\Documents and Settings\Jeff Imler\Application Data\??mbols
    C:\Documents and Settings\Jeff Imler\Application Data\?ssembly
    C:\Documents and Settings\Jeff Imler\Application Data\??crosoft
    C:\Documents and Settings\Jeff Imler\Application Data\?asks
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
    C:\Documents and Settings\Owner\Application Data\Identities
    C:\Documents and Settings\Owner\Application Data\Microsoft
    C:\Documents and Settings\Owner\Application Data\Symantec
    C:\Documents and Settings\Pete Imler\Application Data\Acccore
    C:\Documents and Settings\Pete Imler\Application Data\Adobe
    C:\Documents and Settings\Pete Imler\Application Data\Aim
    C:\Documents and Settings\Pete Imler\Application Data\Apple Computer
    C:\Documents and Settings\Pete Imler\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Pete Imler\Application Data\Identities
    C:\Documents and Settings\Pete Imler\Application Data\Ieeb -- EMPTY Directory
    C:\Documents and Settings\Pete Imler\Application Data\Lavasoft
    C:\Documents and Settings\Pete Imler\Application Data\Leadertech
    C:\Documents and Settings\Pete Imler\Application Data\Macromedia
    C:\Documents and Settings\Pete Imler\Application Data\Microsoft
    C:\Documents and Settings\Pete Imler\Application Data\Move Rdr Funk -- EMPTY Directory
    C:\Documents and Settings\Pete Imler\Application Data\Mozilla
    C:\Documents and Settings\Pete Imler\Application Data\Msn6
    C:\Documents and Settings\Pete Imler\Application Data\Musicmatch
    C:\Documents and Settings\Pete Imler\Application Data\Openoffice.org2
    C:\Documents and Settings\Pete Imler\Application Data\Real
    C:\Documents and Settings\Pete Imler\Application Data\Sun
    C:\Documents and Settings\Pete Imler\Application Data\Talkback
    C:\Documents and Settings\Pete Imler\Application Data\The Bash Dale
    C:\Documents and Settings\Pete Imler\Application Data\Ventrilo
    C:\Documents and Settings\Pete Imler\Application Data\Viewpoint
    C:\Documents and Settings\Pete Imler\Application Data\{12ee7a5e-0674-42f9-a76b-000000004d00} -- EMPTY Directory

  3. 26-11-2006  #12
    Neal
    Neal is offline Dedicated Member
    Excellent work there.


    That is quite a little tool there listing sub folders like it did, identified other problems we will go after next.



    Go here to learn how to show hidden files/folders:

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

    Re-hide after we are done


    These two lines below we need to delete those sub folders, the scan indicates that they could possibly still have files in them. Those folders are in the Application Data folder.



    C:\Documents and Settings\Jeff Imler\Application Data\The Bash Dale
    C:\Documents and Settings\All Users.windows\Application Data\Settings Hope Htm Soap


    Also it appears there is:

    1. Delfin
    2. viewpoint
    3. Purityscan/clickspring

    on your computer, so...



    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.


    New hijackthis log also please.
  4. 28-11-2006  #13
    Ghi5000
    Ghi5000 is offline Newbie
    NoLop! Log by Skate_Punk_21

    Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

    Fix running from: C:\Documents and Settings\Pete Imler\Desktop
    [11/27/2006]
    [9:45:41 PM]

    ---Infection Files Found/Removed---
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\2bird.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\4second.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\active first.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Bold comp.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\DATE SAFE.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\dent send.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Does Barb.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Exit Scr.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Fastgrid.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Filebolt.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\FOUR 1.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\greychic.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Grim Move.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\idle bore.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Knob safe.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Open Lite.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Pop this.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\rectflag.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\settingserror.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\Skip Ace.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\softroam.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\settings hope htm soap\view error.exe
    C:\WINDOWS\tasks\8C7AA0C597717ED1.job
    C:\WINDOWS\tasks\B63790589C8807F0.job
    C:\WINDOWS\tasks\B77E910999210765.job

    Beginning Removal...
    Rebooting...
  5. 28-11-2006  #14
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.
    Thanks for that.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Computer sometimes doesn't shutdown/restart/logout | Need Help »