ps guard highjack

kc,

thanks again for your help.

^^^^^^^^here's the panda spyware log:

Incident Status Location

Adware:adware/sbsoft Reported Windows Registry
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\monkeyboyblues@2o7[1].txt
Spyware:Cookie/SexList Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[counter16.sextracker.com/]
Spyware:Cookie/PayCounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Atlas DMT Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/PointRoll Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Cookies\monkeyboyblues@ask[1].txt
Spyware:Cookie/Com.com Reported C:\WINDOWS\Cookies\monkeyboyblues@com[2].txt
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Cookies\monkeyboyblues@2o7[2].txt
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Cookies\monkeyboyblues@doubleclick[1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Cookies\monkeyboyblues@advertising[2].txt
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Earthlink\6.0\[email protected]\Cookies\monkeyboyblues@2o7[1].txt
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Doubleclick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/SexList Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[counter16.sextracker.com/]
Spyware:Cookie/PayCounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Atlas DMT Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7.net Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Ask Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/cs.sexcounter Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/PointRoll Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Reported C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\3iq5dc2d.default\cookies.txt[.bluestreak.com/]

^^^^^^^here's the panda virus scan log:

Incident Status Location

Adware:adware/sbsoft No disinfected Windows Registry
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe

^^^^^^^here's the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:17 PM, on 9/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPFW.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\ARUPLD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -noauth
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoft...r_principal.htm (file missing)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

Edited by monkeyboyblues, 02 September 2005 - 08:09 PM.

Hi monkeyboyblues

Your system is CLEAN

Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.
Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html
Spybot Tutorial
Disable Spybot Tutorial

Winpatrol Free

Ad-Aware SE Personal Edition Free
AdAware Tutorial

Turn of system restore
Disabling or enabling Windows XP System Restore
WIndows ME
Defrag your hard drive. Turn system restore back on and create a new restore point.

Tony Klien: So how did I get infected in the first place

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here

It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.
http://www.mozilla.o...oducts/firefox/

2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .
You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp Windows (Offline Installation)

After doing all these, your system will be thoroughly protected from future threats.

Have a nice Day.

Kc :tazz:

#16
Guest_thatman_*

Posted 02 September 2005 - 12:05 PM

Advertisements

#17
monkeyboyblues

Posted 02 September 2005 - 08:03 PM

#18
Guest_thatman_*

Posted 03 September 2005 - 01:59 AM

#19
monkeyboyblues

Posted 03 September 2005 - 07:26 AM

#20
Guest_thatman_*

Posted 05 September 2005 - 11:15 AM

#21
monkeyboyblues

Posted 05 September 2005 - 04:26 PM

#22
Guest_thatman_*

Posted 07 September 2005 - 09:45 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

ps guard highjack

#16 Guest_thatman_* Posted 02 September 2005 - 12:05 PM

Advertisements

#17 monkeyboyblues Posted 02 September 2005 - 08:03 PM

#18 Guest_thatman_* Posted 03 September 2005 - 01:59 AM

#19 monkeyboyblues Posted 03 September 2005 - 07:26 AM

#20 Guest_thatman_* Posted 05 September 2005 - 11:15 AM

#21 monkeyboyblues Posted 05 September 2005 - 04:26 PM

#22 Guest_thatman_* Posted 07 September 2005 - 09:45 AM