VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1[2]34 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 21:51:40 08/03/04 Tue
Author: Boozer
Subject: Prosearching.com hijack

I somehow picked up the prosearching.com hijacker and now am having
trouble getting rid of it. I no longer see the icons it deposits on
the desktop or the favorites it adds. I also do not see the toolbar
that was once underneath my google toolbar. Here's the problem. I
have spywareguard and at start up, it pops up with the message stating
my IE homepage has been changed to prosearching.com. I am able to
revert to my old page but the message is just annoying. I've tried
spyware and adware removers and they don't work.

Any help is greatly appreciated.

Here is the hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:22:56 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe
C:\Program Files\ScanSoft\PaperPort\PPWebCap.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\KERB\SideCar.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\KERB\krbcc32s.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.iastate.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.iastate.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.qddtlhlzkremketqkmubpu.com/2rN4zmQXp35COGHz/LJMISEFkf7oWiiaKg6xS0bxRS7c2I5tlCYDgGzUZumaUW8M.html
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} -
C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan -
{BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee
Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [first enc] C:\PROGRA~1\Proxy Dog\Axischin.exe
O4 - HKLM\..\Run: [Love Sign Rect Creative] C:\Documents and
Settings\All Users\Application Data\byte dog love sign\meetbold.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
Money\System\Money Express.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program
Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe"
/STARTMONITOR
O4 - HKCU\..\Run: [PPWebCap] C:\Program
Files\ScanSoft\PaperPort\PPWebCap.exe
O4 - HKCU\..\Run: [Weather] C:\Program
Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program
Files\Visioneer OneTouch\WiseUpdt.exe
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk =
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
O4 - Global Startup: SideCar.lnk = C:\KERB\SideCar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~5\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 -
http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) -
http://207.188.7.103/127261dfcc6aa7c69716/netzip/RdxIE.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {73973630-3F6B-4112-972E-F9CB01365C1F} (PalInstl Class) -
http://www.paltalk.com/paltalk2/Download/InstlWiz.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam
Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C}
(CWDL_DownLoadControl Class) -
http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class)
- http://cs1b.instantservice.com/jars/customerxsigned227.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37285.239375
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B}
(WebResponseAttachments Control) -
https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam
Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A9A4919-CFAD-4A63-B045-8598CDE6FFEA}:
NameServer = 65.171.119.251,65.171.115.253

[ Next Thread | Previous Thread | Next Message | Previous Message ]
[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.