Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Continual problems w- ClickSearchClick, Agobot,etc


  • This topic is locked This topic is locked

#1
brownstar

brownstar

    New Member

  • Member
  • Pip
  • 3 posts
Greetings-

I've been working at this for several weeks, and although I've gotten my system stable at several points, still have these same problems popping up, seemingly out of nowhere... The ones I've seen the most are ClickSearchClick (Soooo annoying!) DOAsearch, CoolWWWSearch.Yexe, Websearch, and Agobot. I've utilized several anti spyware and anti virus programs, including Ad-Aware, Spybot, Microsoft Anti-Spyware, Spyware Blaster, Stinger, Sophos, Avast, and McAfee 2005, with all current definitions. PSGuard showed up, but I can't find a trace of it at this point, although it still might be kicking around... Any help would be greatly appreciated. Here is my current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:44:37 AM, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\PeoplePC\ISP6130\Browser\PPShared.exe
C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SVCHOST.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Brownstar\Desktop\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [IRC Client] updated.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6130\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SECURITY.EXE
O4 - HKLM\..\RunServices: [IRC Client] updated.exe
O4 - HKCU\..\Run: [IRC Client] updated.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://www.lavasoft.de
O15 - Trusted Zone: http://my.pcc.edu
O15 - Trusted Zone: http://webct.pcc.edu
O15 - Trusted Zone: http://www.pcc.edu
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121055360685
O17 - HKLM\System\CCS\Services\Tcpip\..\{2822DFDA-D0EE-4717-BB89-BA8049E5C7E8}: NameServer = 204.157.3.13 205.137.48.5
O20 - Winlogon Notify: iexplore - s01mY.dll (file missing)
O21 - SSODL: System - {E4D9F09A-4315-417C-BC5D-B30534672C4A} - vr_sys.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe

Ryan C Brown
uncle_istvan2@yahoo.com
Portland, OR

Edited by brownstar, 11 July 2005 - 02:48 AM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
brownstar

brownstar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the reply, but I think I got 'er all fixed up now...

I had to replace wininet.dll to get rid of Alernod.b.dll, which I was finally able to detect after getting the most current definitions for my McAfee 2k5... Everything seems stable at this point, and has been so for many days.

Any future problems, I'll definatly use this place as a resource.

Thanks again!
rbrown
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP