 |  |  |  |  |  |  |  |
clearing out this gargabe >prosearching.com/ searchbar.html
 |
Hi
I am quite fed up with spyware , this time : http://prosearching.com/searchbar.html
(IŽd wish to have a valid email to call a bit of names to such [Moderator's edit: Please keep it clean, we ask that our members not use profanity in these forums- thanks]
is there any safe tutorial on how to get rid of IE hijacking (cwshredder has got 2 links where there are explanations on how to uninstall java virtual machine and others items which allow hijacking )
In this meantime , perhaps any of you could assist me to clear my system out of this rubbish (what the h e l l is that : C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE)
Here youŽve got the Logfile :
HijackThis v1.97.7
Scan saved at 1:00:59, on 23/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
D:\12GHOSTS\12SRVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\ADMUNCHER\ADMUNCH.EXE
C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\CHATBROWSER4.0\CB_4001.EXE
C:\ARQUIVOS DE PROGRAMAS\SYSAI\SYSAI.EXE
D:\!DOWNLOAD\!_HIJACK_CLEAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Multi Media Marketing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.uol.com.br/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBATREADER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ad Muncher] D:\ADMUNCHER\ADMUNCH.EXE /bt
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
O4 - HKLM\..\RunServices: [12Ghosts TrayProtect] D:\12GHOSTS\12srvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\color.css
I am quite fed up with spyware , this time : http://prosearching.com/searchbar.html
(IŽd wish to have a valid email to call a bit of names to such [Moderator's edit: Please keep it clean, we ask that our members not use profanity in these forums- thanks]
is there any safe tutorial on how to get rid of IE hijacking (cwshredder has got 2 links where there are explanations on how to uninstall java virtual machine and others items which allow hijacking )
In this meantime , perhaps any of you could assist me to clear my system out of this rubbish (what the h e l l is that : C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE)
Here youŽve got the Logfile :
HijackThis v1.97.7
Scan saved at 1:00:59, on 23/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
D:\12GHOSTS\12SRVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\ADMUNCHER\ADMUNCH.EXE
C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\CHATBROWSER4.0\CB_4001.EXE
C:\ARQUIVOS DE PROGRAMAS\SYSAI\SYSAI.EXE
D:\!DOWNLOAD\!_HIJACK_CLEAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Multi Media Marketing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.uol.com.br/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBATREADER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ad Muncher] D:\ADMUNCHER\ADMUNCH.EXE /bt
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
O4 - HKLM\..\RunServices: [12Ghosts TrayProtect] D:\12GHOSTS\12srvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\color.css
Last edited by DMR; Apr 23rd, 2004 at 4:29 pm.
•
•
Join Date: Feb 2002
Posts: 12,040
Reputation: 
Solved Threads: 127
I'm moving this to our one-day old Security forum 
for all your hijacking needs 
for all your hijacking needs •
•
Join Date: Feb 2004
Posts: 10,003
Reputation:
Solved Threads: 757
Hi. Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
Reboot into safe mode following the instructions here & navigate to & delete
C:\ARQUIVOS DE PROGRAMAS\SYSAI< this one
C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG< this one
C:\WINDOWS\TEMP< entire contents of folder
Reboot normally & you should be good.
Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
Reboot into safe mode following the instructions here & navigate to & delete
C:\ARQUIVOS DE PROGRAMAS\SYSAI< this one
C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG< this one
C:\WINDOWS\TEMP< entire contents of folder
Reboot normally & you should be good.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 10,003
Reputation:
Solved Threads: 757
Also remove this with hijack this & remove the folder whilst in safe mode too.
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
C:\ARQUIV~1\MIXMAI~1< this one in safe mode.
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
C:\ARQUIV~1\MIXMAI~1< this one in safe mode.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 10,003
Reputation:
Solved Threads: 757
A few tips to stay relatively clean.
Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.'
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Check out the "So how did I get infected to start with..." thread here
Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.'
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Check out the "So how did I get infected to start with..." thread here
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- JoeOneEye- prosearching.com problem (Viruses, Spyware and other Nasties)
- hijackthis log(help with prosearching) (Viruses, Spyware and other Nasties)
- prosearching.com/ passthrough/index (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Tc1 Post List.... hijackthis results
- Next Thread: Virus, Adware, or just explorer causing malfunctions-res://mshp.dll/http_404.htm
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
