Help me removing prosearching.com

hai,

for the past two days my system is suffering with prosearching.com. my home page gets changed to prosearching.com. there are two items created in the desktop. they are Remove spyware and online games. prosearching.com site is added to the favourites with the name VIP porn site. if i delete the favourite item and desktop item and changed the home page of the internet explorer, everything gets changed to above said pattern.

the following is the log file.


Logfile of HijackThis v1.99.1
Scan saved at 18:27:16, on 2006/05/09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Hidemaru\Hidemaru.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ofcdog.exe
C:\OfficeScan NT\pccntupd.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\as pnet_wp.exe
C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe
C:\Program Files\Microsoft Visual Studio\VSS\win32\SSEXP.EXE
C:\Program Files\Microsoft Visual Studio\VSS\win32\SSEXP.EXE
E:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\senthilrajan\Local Settings\Temp\HijackThis.exe

O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Tray Pilot Lite] "e:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTick...cab?refid=5071
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB1EA8EC-8A39-40DA-B0DE-2A98B09C328D}: NameServer = 10.171.5.5,0.0.0.0
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrvc32 - C:\WINDOWS\SYSTEM32\winrvc32.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe

please help me remove this. it is very urgent

Sonnu

Does prosearching hijacks continue to reoccur?


Have you knowing setup the following entries or know what any of these sites are for?


Verify that the following entry is from your ISP or other known source:





Download the latest version of CWSHredder to your desktop from here:
http://cwshredder.net/bin/CWShredder.exe

Run this application, initially, ONLY to search for UPDATES.
You may have to do this on another PC - it simply downloads the latest EXE and overwrites the current one (512K).





Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).


Next, run CWShredder
-Click on the: ‘Fix’ button
-Follow the prompts, and press OK



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.