Prosearching.com HIJACKED my Internet Explorer

Question

aslpunkr 0 Newbie Poster

20 Years Ago

hi sorry to bother but i have a bit of a problem.
i came home one day and i found this prosearching.com installed on my desktop and internet explorer bar. and i tried everything to rid of it. but nothing has work.
i did wat someone told me to do and download Hijack so i did.
here is my log.
Logfile of HijackThis v1.98.2
Scan saved at 5:35:32 PM, on 8/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/index.html?http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzma.com/67Z74iV_M0dKmVHS/mZeVmlHS9iTaA5G9eX07hMaR6pKbJbA9Ye3ZUT01m9NQc01.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {AB035CB7-6D5E-7FBD-5079-D1A4C258ECA1} - C:\PROGRA~1\WAITTO~1\aim third.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [bias inter] C:\PROGRA~1\TIMEFR~1\BAGS SPAM.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://204.157.0.204:8000/Java/cs4fs095.cab
O16 - DPF: ChatSpace Full Java Client 2.1.0.95L - http://204.157.0.204:8000/Java/cs4fsl095.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.218 - http://64.85.20.249/Java/cfs31218.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://wiredreality.chatspace.com:8000/Java/cfs31235.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab
O16 - DPF: ChatSpace Java Client 2.1.0.89 - http://64.85.20.76/Java/cs4ms089.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8342/Java/cs4ms090.cab
O16 - DPF: ChatSpace Java Client 2.1.0.95 - http://38.117.5.94:8031/Java/cs4ms095.cab
O16 - DPF: ChatSpace Java Client 3.1.0.212 - http://12.215.75.156/Java/cms31212.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {502D6B75-E970-47B7-A4CB-A09CC799EFE6} (PP3D Control) - http://pp.pl2.com/AX/pp3dActiveX.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/marsrover/install.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v49/h2hpool/h2hpool.cab

if anyone would gladly give me there time in helping me with this situation i would be more than happy.

thank u.

windows-virus

3 Contributors
5 Replies
284 Views
1 Day Discussion Span
Latest Post 20 Years Ago Latest Post by crunchie

caperjack 875 I hate 20 Questions

20 Years Ago

This one indicates that you are using msconfig to kill some programs please go to msconfig and set it to Normal startup and restart computer and then run hijack angain and post a new log .
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

................................

Also a trip to windows updates is needed for critical updates and Service Packs WINDOWS UPDATES

Also you don't say what kind of problems you are having .

crunchie 990 Most Valuable Poster

20 Years Ago

Reboot into safe mode following the instructions here & Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...tp://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzm...UT01m9NQc01.jsp

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O2 - BHO: (no name) - {AB035CB7-6D5E-7FBD-5079-D1A4C258ECA1} - C:\PROGRA~1\WAITTO~1\aim third.exe

O4 - HKLM\..\Run: [bias inter] C:\PROGRA~1\TIMEFR~1\BAGS SPAM.exe

Delete the following manually;

C:\PROGRA~1\WAITTO~1-folder
C:\PROGRA~1\TIMEFR~1-folder

Reboot normally.
Click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

aslpunkr 0 Newbie Poster · Answer 1 · 2004-08-14T09:36:43+00:00

wat would be cool. is someone actually helped me.

aslpunkr 0 Newbie Poster · Answer 2 · 2004-08-14T11:17:01+00:00

help with this HIJACK LOG.

Logfile of HijackThis v1.98.2
Scan saved at 9:25:27 PM, on 8/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Daniel\My Documents\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oxzuaipdxudjotfmpmfbtmzma.com/67Z74iV_M0dKmVHS/mZeVmlHS9iTaA5G9eX07hMaR6pKbJbA9Ye3ZUT01m9NQc01.jsp
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [pwsockxd] C:\WINDOWS\System32\pwsockxd.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [_UnwiseDMO] cmd.exe /c del C:\WINDOWS\System32\ATPartners.dll
O4 - HKLM\..\RunOnce: [_UnwiseDMO_] cmd.exe /c del C:\WINDOWS\System32\im64.dll
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://204.157.0.204:8000/Java/cs4fs095.cab
O16 - DPF: ChatSpace Full Java Client 2.1.0.95L - http://204.157.0.204:8000/Java/cs4fsl095.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {502D6B75-E970-47B7-A4CB-A09CC799EFE6} (PP3D Control) - http://pp.pl2.com/AX/pp3dActiveX.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wildgames/marsrover/install.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v49/h2hpool/h2hpool.cab

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2004-08-15T09:47:26+00:00

I have merged your two threads & deleted the other two. Please do not post more than one thread for the same problem.