|
| ||
| hijackthis log(help with prosearching) ad-aware does not get rid of this hijack. here is the log file: C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FORKCO~1\Daletray.exe C:\PROGRA~1\AIM\aim.exe C:\WINDOWS\system32\winproc32.exe C:\Program Files\Avant Browser\iexplore.exe C:\Documents and Settings\Daniel\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html O2 - BHO: (no name) - {5A216122-3C76-EE4B-C376-7B01E34E885B} - C:\PROGRA~1\BUILDP~1\Pile bold.dll O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program Files\SurfAssistant.com\saiemod.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: thisbrowsemapi - {67C18388-5F87-4CDC-77F4-2F597BA623A6} - C:\PROGRA~1\BUILDP~1\Pile bold.dll O4 - HKLM\..\Run: [WorkFlo] F:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe /admincheck O4 - HKLM\..\Run: [ATTBroadbandUpdate] C:\Program Files\AT&T\BBClient\Programs\SAUpdate.exe O4 - HKLM\..\Run: [RECT BASE] C:\PROGRA~1\FORKCO~1\Daletray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm O9 - Extra button: AIM (HKLM) O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//yourhard/main.chm::/load.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab any help on this matter would be greatly appreciated. |
| ||
| Re: hijackthis log(help with prosearching) That is only a partial log. Plz post the whole log next time you're here. :) 1st of all stop the following process in Task Manager: winproc32.exe you may have to try several times. Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' : R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=cr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html O2 - BHO: (no name) - {5A216122-3C76-EE4B-C376-7B01E34E885B} - C:\PROGRA~1\BUILDP~1\Pile bold.dll O2 - BHO: (no name) - {5DAFD089-24B1-4c5e-BD42-8CA72550717B} - C:\Program Files\SurfAssistant.com\saiemod.dll O3 - Toolbar: thisbrowsemapi - {67C18388-5F87-4CDC-77F4-2F597BA623A6} - C:\PROGRA~1\BUILDP~1\Pile bold.dll O4 - HKLM\..\Run: [RECT BASE] C:\PROGRA~1\FORKCO~1\Daletray.exe O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//yourhard/main.chm::/load.exe Reboot into safe mode following the instructions here & navigate to & delete C:\PROGRA~1\BUILDP~1< folder C:\Program Files\SurfAssistant.com< folder C:\PROGRA~1\FORKCO~1< folder C:\WINDOWS\system32\winproc32.exe< file Reboot normally. Download CWShredder from here & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates. Reboot after doing this & post another log please. |
| All times are GMT -4. The time now is 4:36 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC