system
February 25, 2004, 9:56pm
1
Our 4 year old son managed to download some software for a search engine site called prosearching.com . You wouldn’t believe the crap that was loaded onto our system. I’ve deleted most of it, but the bloody task bar of theirs pops up onto pur system everytime we sign on. It must be hidden in a file under a non-related name. Has anyone else had this experience?
Thanks!
system
February 25, 2004, 10:40pm
2
Hi,
install ad-aware, spybot and cwshredder… update them, scan and let them fix the items found… repeat the scan/fix
if the problem is still not solved then, post a log of hijackthis here
Download-links available via the board search
system
March 3, 2004, 2:55am
3
Woot! I found it, search your hard drive for acid.exe, this is the offending file. It is always in use, so you cannot delete it and hijack this cannot remove it. I have 2 partitions, so I booted into the other and searched and removed it. You can probably remove it from dos as well or possibly from safe mode. Good luck.
system
March 7, 2004, 10:48am
4
I’ve tried Spybot and CWShredder. Neither one gets rid of prosearching.com . I don’t have a file on my hard drive named acid.exe or acid.anthing. This thing is driving me crazy. Besides dropping offinsive junk on my desktop, I can’t get rid of their pop-up everytime I launch my browser. Help!!!
raman
March 7, 2004, 1:42pm
5
You could post a Hijackthis log here, to see which file is causing it.
Download: http://www.lurkhere.com/~nicefiles/hijackthis1977.zip
Just press scan and then save log. Copy the content of the upcoming Editor here
system
March 8, 2004, 10:13am
6
Here’s the Log file. I have asked HijackThis to fix the item listed (R0) that mentions prosearching, but it comes back every time I re-start.
Logfile of HijackThis v1.97.7
Scan saved at 4:00:57 AM, on 3/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETRATINGS\PREMETER\PRMT.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\VGA CHIN ROAM\OKAY GRID.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough/index.html?http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_6.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: (no name) - {5CEF09B0-36E9-C424-D63E-DE62E1B6EE0B} - C:\PROGRAM FILES\ADMINCAMPCHIC\GLUEJUNK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_6.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: gplcopy - {324BD193-25AA-C5BE-6CB2-DE523C203F6E} - C:\PROGRAM FILES\ADMINCAMPCHIC\GLUEJUNK.DLL
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\PREMETER\PRMT.EXE
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM..\Run: [tons up] C:\PROGRA~1\VGACHI~1\Okay grid.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_6.cab
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialTempSetup1.0.0.6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37952.0085069444
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.movie-browser.com/tl4000.dll
raman
March 8, 2004, 10:55am
7
You should get Spybot from http://www.safer-networking.org/
and Adaware from www.lavasoft.de
Install and update both. After that start your PC in save mode and let clean your pc by using these tools. Normaly the problem should be gone. If not, please post a new log.
BTW: don´t forget to update your Windows and IE via www.windowsupdate.com
system
March 10, 2004, 10:57am
8
All of the above done. Sypbot Search and destroy, Adaware, HijackThis, CWShredder, in Safe mode, standing on my head, etc. Everytime I restart, my Home page is "http://prosearching.com/passthrough/index.html?http://www.yahoo.com/ .
raman
March 10, 2004, 11:05am
9
Did you update Spybot and adaware? And please post an actual Hijackthis log, to see what they fix and what is still left over.
system
March 11, 2004, 1:56am
10
Ya think I’m making this stuff up??? What do you mean by posting and “actual” Hijackthis log??? OK. Here’s another one, fresh off the press.
Logfile of HijackThis v1.97.7
Scan saved at 7:56:03 PM, on 3/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\VGA CHIN ROAM\OKAY GRID.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\NETDDE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_6.DLL (file missing)
O3 - Toolbar: gplcopy - {324BD193-25AA-C5BE-6CB2-DE523C203F6E} - C:\PROGRAM FILES\ADMINCAMPCHIC\GLUEJUNK.DLL (file missing)
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM..\Run: [tons up] C:\PROGRA~1\VGACHI~1\Okay grid.exe
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_6.cab
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialTempSetup1.0.0.6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37952.0085069444
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.movie-browser.com/tl4000.dll
system
March 11, 2004, 2:32am
11
OK. I thank you for your attempted help. I appreciate your promt response. Maybe someone will be able to solve this one.
raman
March 11, 2004, 4:43am
12
Please fix this:
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_6.DLL (file missing)
O3 - Toolbar: gplcopy - {324BD193-25AA-C5BE-6CB2-DE523C203F6E} - C:\PROGRAM FILES\ADMINCAMPCHIC\GLUEJUNK.DLL (file missing)
O4 - HKLM..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM..\Run: [tons up] C:\PROGRA~1\VGACHI~1\Okay grid.exe
and update your Windows and IE via www.windwosupdate.com
system
March 11, 2004, 2:55pm
13
I am having the very same problem. We have updated our Norton, spybot, adaware and nothing is giving us anything back on it. I hate the toolbar thing and all the pop-ups. I can’t get anything done. PLEASE let me know if anyone finds a solution.
system
March 11, 2004, 10:29pm
15
I have the same problem as well. No matter what I do it keeps sending me to “http://prosearching.com/passthrough/index.html?www.google.ca ”
I got rid of it for a day, but then once again, I restarted my computer and its back. Its almost like a clingy worm. Its really getting annoying. And I don’t know who put it on my computer but when I find out there going to get my foot up there butt! Can someone please find out what we’re talking about and get rid of it? Nothing works. >:(
system
March 11, 2004, 11:36pm
16
http://lop.com/help.html#how
I found it here scroll to bottom and follow instructions. It is not on my toolbar anymore ;D ;D
system
March 11, 2004, 11:45pm
17
IE-SPYADS is good, its freeware that adds a huge list of sites to IE restricted sites zone, prosearching.com is included… Updated frequently too.
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD
Spyware blaster is good to, but the above has loads more sites.
system
March 12, 2004, 10:52pm
18
I have the prosearch problem…help
system
March 17, 2004, 10:21am
19
Thank you its gone. this company needs to be sorted for sending this crap 8)
system
March 17, 2004, 6:34pm
20
well, thanks to this info now I know what I can do to fix this problem … My computer is 1 week old today and I already have this shit on it! I am sorry that everyone had to deal with this crap too, but because you did now I can fix mine.