I've been working at this for several weeks, and although I've gotten my system stable at several points, still have these same problems popping up, seemingly out of nowhere... The ones I've seen the most are ClickSearchClick (Soooo annoying!) DOAsearch, CoolWWWSearch.Yexe, Websearch, and Agobot. I've utilized several anti spyware and anti virus programs, including Ad-Aware, Spybot, Microsoft Anti-Spyware, Spyware Blaster, Stinger, Sophos, Avast, and McAfee 2005, with all current definitions. PSGuard showed up, but I can't find a trace of it at this point, although it still might be kicking around... Any help would be greatly appreciated. Here is my current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:44:37 AM, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\PeoplePC\ISP6130\Browser\PPShared.exe
C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SVCHOST.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Brownstar\Desktop\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll (file missing)
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [IRC Client] updated.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6130\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{61822398-0912-4D35-8601-0E1D996DA29F}\SECURITY.EXE
O4 - HKLM\..\RunServices: [IRC Client] updated.exe
O4 - HKCU\..\Run: [IRC Client] updated.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://www.lavasoft.de
O15 - Trusted Zone: http://my.pcc.edu
O15 - Trusted Zone: http://webct.pcc.edu
O15 - Trusted Zone: http://www.pcc.edu
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121055360685
O17 - HKLM\System\CCS\Services\Tcpip\..\{2822DFDA-D0EE-4717-BB89-BA8049E5C7E8}: NameServer = 204.157.3.13 205.137.48.5
O20 - Winlogon Notify: iexplore - s01mY.dll (file missing)
O21 - SSODL: System - {E4D9F09A-4315-417C-BC5D-B30534672C4A} - vr_sys.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe
Ryan C Brown
[email protected]
Portland, OR
Edited by brownstar, 11 July 2005 - 02:48 AM.