prosearching (RESOLVED)

**laraejan** · 16-04-2006

OK, here's my hijackthis log (and just when I think I know what I am doing...). Thank you, in advance, for your help.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\LaRae & Cory\My Documents\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RadarSync 2006] "C:\Program Files\RadarSync 2006\RSClient.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143517108406
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

**VopThis** · 16-04-2006

You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

Create a new folder in your C: Drive.
Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
Run HJT from there (and revise your shortcut accordingly).

You cut off the first 4 lines of the hijackThis log - please ensure you submit the whole log next time, please.

Please disable the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.

Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files

Click OK or Enter

Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days. We are not installing the guard because it might interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**laraejan** · 16-04-2006

Created new folder for HiJackThis and moved appropriate programs into it, then ran Ewido, here is the report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:50:24 PM, 4/15/2006
+ Report-Checksum: 4E5B5625

+ Scan result:

:mozilla.6:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.51:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.69:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.91:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.105:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.110:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.114:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.115:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.116:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.124:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.142:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.144:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.155:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.168:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.173:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.174:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.175:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.263:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.324:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.330:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.348:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.349:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.366:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.374:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.375:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.376:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.382:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.383:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.384:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.385:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.386:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.387:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.388:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.389:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.391:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.392:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.393:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.394:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.402:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Spinbox : Cleaned with backup
:mozilla.407:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.408:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.409:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.424:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.425:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.426:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.431:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.432:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.433:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.434:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.435:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.436:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.437:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.438:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.446:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.558:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.559:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.567:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.568:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.569:C:\Documents and Settings\LaRae & Cory\Application Data\Mozilla\Firefox\Profiles\xuvnww46.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\LaRae & Cory\Local Settings\Temp\win372.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup

::Report End

**VopThis** · 16-04-2006

POST A REVISED HIJACKTHIS LOG for review:
Please post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**laraejan** · 17-04-2006

Looks like prosearching is still here. The hijackthis log ran moments ago:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:48 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RadarSync 2006] "C:\Program Files\RadarSync 2006\RSClient.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143517108406
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Thanks for all your time and help on this!

**VopThis** · 17-04-2006

Did you run the READ FIRST Procedures found here:
http://www.d-a-l.com/help/showthread.php?t=32403

One of the tools, SpyBot, detects some or all of the related removal items under scrutiny - 2020Search (CWS.googlems) which is almost always found with Prosearching.

Did you disable 'TeaTimer' prior to fixing the HijackThis items (see post #2 - still showing in latest log)?

Download the latest version of CWSHredder to your desktop from here:
http://cwshredder.net/bin/CWShredder.exe

Run this application, initially, ONLY to search for UPDATES.
You may have to do this on another PC - it simply downloads the latest EXE and overwrites the current one (512K).

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

NOW, run CWShredder
-Click on the: ‘Fix’ button
-Follow the prompts, and press OK

FIX the returning items again and POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**laraejan** · 17-04-2006

OK, followed everything to the "t" (even uninstalled then reinstalled SpyBot making sure TeaTimer was not included) and the last HijackThis log looks clean. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:57 AM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RadarSync 2006] "C:\Program Files\RadarSync 2006\RSClient.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143517108406
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Let me know if I need to fix anything else. Thank you!

**VopThis** · 17-04-2006

Your main issues appear to be resolved unless you have something else to report.

However, you probably should remove the following additional item from HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

One of the steps below (step #7 - HOST file) will forever make www.2020search-DOT-com and many other rogue sites inaccessible for browsing.

To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.

ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

FOLDER LOCATION: c:\System Volume Information\_restore….

To Turn OFF System Restore.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Click Apply.

REBOOT.

To Turn ON System Restore.

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
Create new System Restore points.

(Windows ME)

FOLDER LOCATION: c:\_RESTORE\TEMP\….

See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
- http://www.securityfocus.com/news/11273
  If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.
Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
In addition to using Ad-aware, consider using another free malware scanning/removal program :
Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx
Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
*** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
- If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
- IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
  http://www.spywarewarrior.com/uiuc/resource.htm
A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
- Run the HiJackThis tool and select ‘Open the Misc Tools section’.
- Next select ‘Open host file manager’ button.
- Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
- Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
  
  EXCERPT:
  
  #start of lines added by WinHelp2002
  # [Misc A - Z]
  127.0.0.1 phpadsnew.abac.com
  127.0.0.1 a.abnad.net
  127.0.0.1 e.abnad.net
  127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
  .
  .
  .
  #end of lines added by WinHelp2002

*Remember just like your primary anti-virus software, it is important to:
Keep all of these programs up-to-date, and

Use them on a regular basis.

prosearching (RESOLVED)

prosearching (RESOLVED)

Similar Threads

Prosearching problem (Resolved)

Help me remove Prosearching.com PLEASE (Resolved)

Prosearching.com issues (Resolved)

Please help with prosearching.com. Log included (Resolved)

Prosearching got me too, please help. (Resolved)