Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ps guard highjack


  • This topic is locked This topic is locked

#16
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi monkeyboyblues

Please run the following online spyware scan , this needs to be done with internet explorer.
Save the spyware log when done, you will then see a option to run a Panda virus scan to click on the virus scan when that to has completed post both logs.
Along with a new HijackThis log.

http://www.pandasoft..._principal.htm#

Thank You

Kc :tazz:
  • 0

Advertisements


#17
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
kc,

thanks again for your help.

^^^^^^^^here's the panda spyware log:


Incident Status Location

Adware:adware/sbsoft Reported Windows Registry
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Earthlink\6.0\meagleshmat@earthlink.net\Cookies\monkeyboyblues@2o7[1].txt
Spyware:Cookie/SexList Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[counter16.sextracker.com/]
Spyware:Cookie/PayCounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Atlas DMT Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/PointRoll Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Cookies\monkeyboyblues@ask[1].txt
Spyware:Cookie/Com.com Reported C:\WINDOWS\Cookies\monkeyboyblues@com[2].txt
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Cookies\monkeyboyblues@2o7[2].txt
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Cookies\monkeyboyblues@doubleclick[1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Cookies\monkeyboyblues@servedby.advertising[1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Cookies\monkeyboyblues@advertising[2].txt
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Earthlink\6.0\meagleshmat@earthlink.net\Cookies\monkeyboyblues@2o7[1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/SexList Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[counter16.sextracker.com/]
Spyware:Cookie/PayCounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Atlas DMT Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/PointRoll Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.bluestreak.com/]

^^^^^^^here's the panda virus scan log:

Incident Status Location

Adware:adware/sbsoft No disinfected Windows Registry
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe

^^^^^^^here's the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:17 PM, on 9/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPFW.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\ARUPLD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -noauth
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoft...r_principal.htm (file missing)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

Edited by monkeyboyblues, 02 September 2005 - 08:09 PM.

  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi monkeyboyblues

* Download the Registry Search Tool.
* Unzip the contents of RegSrch.zip to a convenient location.
* Double-click on RegSrch.vbs.
* If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
* In the "Enter search string (case insensitive) and click OK..." box paste this string:
Iwantsearch
* Click "OK" to search the registry for that string.
* Wait for a few minutes while it completes the search.
* Click "OK" to open the results in WordPad.
* Copy and paste the entire results into your next post.
[/list]
Kc :tazz:
  • 0

#19
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
kc,


i did the registry search and it
said no cases of "Iwantsearch"
found.

:tazz:
  • 0

#20
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi monkeyboyblues

Your system is CLEAN

Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.
Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html
Spybot Tutorial
Disable Spybot Tutorial

Winpatrol Free

Ad-Aware SE Personal Edition Free
AdAware Tutorial

Turn of system restore
Disabling or enabling Windows XP System Restore
WIndows ME
Defrag your hard drive. Turn system restore back on and create a new restore point.

Tony Klien: So how did I get infected in the first place

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here

It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.
http://www.mozilla.o...oducts/firefox/

2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .
You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp Windows (Offline Installation)

After doing all these, your system will be thoroughly protected from future threats.

Have a nice Day.

Kc :tazz:
  • 0

#21
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
hello kc,

i'm still getting the intrusive popups
though.
and i still have to keep copying
my wininet.dll file in ms-dos everytime
i boot.

thanks,

monkeyboyblues
  • 0

#22
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi monkeyboyblues

In the following link are instructions on how to register a dll file.

http://support.micro...kb;EN-US;249873

Kc :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP