943,912 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Prosearching.com HIJACKED my Internet Explorer
Ad:
Permalink
Aug 13th, 2004
0

Prosearching.com HIJACKED my Internet Explorer

Expand Post »
hi sorry to bother but i have a bit of a problem.
i came home one day and i found this prosearching.com installed on my desktop and internet explorer bar. and i tried everything to rid of it. but nothing has work.
i did wat someone told me to do and download Hijack so i did.
here is my log.
Logfile of HijackThis v1.98.2
Scan saved at 5:35:32 PM, on 8/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/...p://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzma...T01m9NQc01.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {AB035CB7-6D5E-7FBD-5079-D1A4C258ECA1} - C:\PROGRA~1\WAITTO~1\aim third.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [bias inter] C:\PROGRA~1\TIMEFR~1\BAGS SPAM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://204.157.0.204:8000/Java/cs4fs095.cab
O16 - DPF: ChatSpace Full Java Client 2.1.0.95L - http://204.157.0.204:8000/Java/cs4fsl095.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.218 - http://64.85.20.249/Java/cfs31218.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://wiredreality.chatspace.com:80...a/cfs31235.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab
O16 - DPF: ChatSpace Java Client 2.1.0.89 - http://64.85.20.76/Java/cs4ms089.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8342/Java/cs4ms090.cab
O16 - DPF: ChatSpace Java Client 2.1.0.95 - http://38.117.5.94:8031/Java/cs4ms095.cab
O16 - DPF: ChatSpace Java Client 3.1.0.212 - http://12.215.75.156/Java/cms31212.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {502D6B75-E970-47B7-A4CB-A09CC799EFE6} (PP3D Control) - http://pp.pl2.com/AX/pp3dActiveX.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...er/install.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/...ol/h2hpool.cab

if anyone would gladly give me there time in helping me with this situation i would be more than happy.

thank u.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
aslpunkr is offline Offline
3 posts
since Aug 2004
Permalink
Aug 14th, 2004
0

Re: Prosearching.com HIJACKED my Internet Explorer

wat would be cool. is someone actually helped me.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
aslpunkr is offline Offline
3 posts
since Aug 2004
Permalink
Aug 14th, 2004
0

help with HIJACK LOG

help with this HIJACK LOG.

Logfile of HijackThis v1.98.2
Scan saved at 9:25:27 PM, on 8/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Daniel\My Documents\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzma...T01m9NQc01.jsp
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [pwsockxd] C:\WINDOWS\System32\pwsockxd.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [_UnwiseDMO] cmd.exe /c del C:\WINDOWS\System32\ATPartners.dll
O4 - HKLM\..\RunOnce: [_UnwiseDMO_] cmd.exe /c del C:\WINDOWS\System32\im64.dll
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://204.157.0.204:8000/Java/cs4fs095.cab
O16 - DPF: ChatSpace Full Java Client 2.1.0.95L - http://204.157.0.204:8000/Java/cs4fsl095.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {502D6B75-E970-47B7-A4CB-A09CC799EFE6} (PP3D Control) - http://pp.pl2.com/AX/pp3dActiveX.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...er/install.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/...ol/h2hpool.cab
Reputation Points: 10
Solved Threads: 0
Newbie Poster
aslpunkr is offline Offline
3 posts
since Aug 2004
Permalink
Aug 14th, 2004
0

Re: help with HIJACK LOG

This one indicates that you are using msconfig to kill some programs please go to msconfig and set it to Normal startup and restart computer and then run hijack angain and post a new log .
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

................................

Also a trip to windows updates is needed for critical updates and Service Packs WINDOWS UPDATES

Also you don't say what kind of problems you are having .
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is online now Online
12,725 posts
since Aug 2003
Permalink
Aug 15th, 2004
0

Re: Prosearching.com HIJACKED my Internet Explorer

Reboot into safe mode following the instructions here & Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...tp://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzm...UT01m9NQc01.jsp

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {AB035CB7-6D5E-7FBD-5079-D1A4C258ECA1} - C:\PROGRA~1\WAITTO~1\aim third.exe

O4 - HKLM\..\Run: [bias inter] C:\PROGRA~1\TIMEFR~1\BAGS SPAM.exe

Delete the following manually;

C:\PROGRA~1\WAITTO~1-folder
C:\PROGRA~1\TIMEFR~1-folder

Reboot normally.
Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Aug 15th, 2004
0

Re: Prosearching.com HIJACKED my Internet Explorer

I have merged your two threads & deleted the other two. Please do not post more than one thread for the same problem.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Is my laptop infested?
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Hijack Log





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC