Pupper.Dll

[Google90]

Yerr im running on a windows xp home edition and this noob called puper.dll is bugging me

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 10:22:25 PM, on 6/29/2006

 

Platform: Windows XP SP1 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\System32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\System32\atmclk[Caution: Executable File]

 

C:\WINDOWS\System32\dcomcfg[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

C:\windows\system\hpsysdrv[Caution: Executable File]

 

C:\WINDOWS\System32\hphmon05[Caution: Executable File]

 

C:\HP\KBD\KBD[Caution: Executable File]

 

C:\WINDOWS\System32\VTTimer[Caution: Executable File]

 

C:\WINDOWS\LTMSG[Caution: Executable File]

 

C:\Program Files\Multimedia Card Reader\shwicon2k[Caution: Executable File]

 

C:\WINDOWS\ALCXMNTR[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsescn[Caution: Executable File]

 

C:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Ares\Ares[Caution: Executable File]

 

C:\Program Files\MySpace\IM\MySpaceIM[Caution: Executable File]

 

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576[Caution: Executable File]

 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService[Caution: Executable File]

 

C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File]

 

C:\Program Files\interMute\SpamSubtract\SpamSub[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\WINDOWS\System32\HPZipm12[Caution: Executable File]

 

C:\PROGRA~1\McAfee.com\PERSON~1\Mp[bleep]ent[Caution: Executable File]

 

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\Program Files\AIM\aim[Caution: Executable File]

 

c:\progra~1\mcafee.com\vso\mcvsftsn[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Documents and Settings\Owner\Desktop\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 199.80.126.3:3128

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

 

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp

 

O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp

 

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp100.tmp

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (file missing)

 

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: Executable File]

 

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05[Caution: Executable File]

 

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05[Caution: Executable File]

 

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: Executable File]

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r

 

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: Executable File]

 

O4 - HKLM\..\Run: [VTTimer] VTTimer[Caution: Executable File]

 

O4 - HKLM\..\Run: [LTMSG] LTMSG[Caution: Executable File] 7

 

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: Executable File]

 

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k[Caution: Executable File]

 

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR[Caution: Executable File]

 

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr[Caution: Executable File]" /checktask

 

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld[Caution: Executable File]

 

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent[Caution: Executable File]

 

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate[Caution: Executable File]

 

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray[Caution: Executable File]

 

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter[Caution: Executable File]" -osboot

 

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares[Caution: Executable File]" -h

 

O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin[Caution: Executable File]"

 

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM[Caution: Executable File]

 

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File]

 

O4 - Startup: Organize.lnk = ?

 

O4 - Startup: PowerReg Scheduler V3[Caution: Executable File]

 

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub[Caution: Executable File]

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File]

 

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576[Caution: Executable File]

 

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: Executable File]

 

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent[Caution: Executable File]

 

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

 

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

 

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

 

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File]

 

O9 - Extra button: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)

 

O9 - Extra 'Tools' menuitem: IESideBar - {DFEFF09F-785E-4191-8E5D-A7650A1C4F9A} - shdocvw.dll (file missing)

 

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab

 

O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21d29de6a4e ... xIE601.cab

 

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

 

O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/sec ... cepack.cab

 

O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEAB} (BHO Class) - http://plugin.secureservicepack.com/Sec ... ePack3.cab

 

O16 - DPF: {FF167DC2-4AC2-4BCF-BFCA-2829C243CF30} (BHO Class) - http://plugin.secureservicepack.com/Upgrade5[Caution: Executable File]

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

 

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: McAfee WSC Integration (McDetect[Caution: Executable File]) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect[Caution: Executable File]

 

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield[Caution: Executable File]

 

O23 - Service: McAfee Task Scheduler (McTskshd[Caution: Executable File]) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd[Caution: Executable File]

 

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr[Caution: Executable File]) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr[Caution: Executable File]

 

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService[Caution: Executable File]

 

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12[Caution: Executable File]

 

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File]

 

 

 

 

 

 

Help?

 

 

 

I also get crap like this on my taskbar and as a popup

[TheDecline]

Sorry to say, but McAfee is crap. You need something like NOD32.

 

 

 

Here's how to fix your problem though http://forums.mcafeehelp.com/viewtopic.php?t=65072

[Albosky]

Sigh , uninformed users always try to blame the Antivirus

 

 

 

I bet a single topic regarding an infection could at least one user for each of the popular antivirus to state that it sucks.

 

 

 

Try researching the subject a bit furthur then linking a topic you found on google. Puper will not be cleaned by AVG, Norton, Avast, Housecall, Panda, or just about any other scanner out there. Some dont even detect it.

 

 

 

That specific downloader is one of the single most complicated to remove as it uses just about every trick in the book regarding file permissions and ownership known to the NTFS file system.

 

 

 

 

 

You're going to have to take ownership of the file while logged in as Administrator and disallow permissions to every other Usergroup. Boot into Safe Mode and you should be able to remove it (another option is to boot into the recovery console and remove it from the command line.

 

 

 

THEN , visit windowsupdate , XP SP1 and IE6 SP1 have so many known vulnerabilities, you're just asking for problems :)

[TheDecline]

Sigh , uninformed users always try to blame the Antivirus

 

 

 

I bet a single topic regarding an infection could at least one user for each of the popular antivirus to state that it sucks.

 

 

 

 

 

 

And if you knew as much as you'd like to think you do, you'd know McAfee is $hit.

[Albosky]

I'm going to let the censor evasion slide in hopes that you can respond with a eductated response as to WHY McAfee is ****.

 

 

 

Else , just stop replying to posts in this forum.

 

 

 

I can tell you from experience McAfee does what its designed to do , all 5 of my current systems run McAfee Security Suite and in the 14 or so years I have had an internet connection at home , not a single Virus, Trojan , Worm , or any other type of malicious application has ever been able to run on my system.

 

 

 

 

 

"as much as I'd like to "think" I do" , lol , I wont even respond to that ....

[monkfish101]

as much as i don't like mcafee i agree that it's how you use the program not what the program is (within the big named scanners anyway (i use avast just for the record))