Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Officer Pupp

2 Posts

4249

August 23rd, 2004 22:00

Help needed to remove Countere / REALsearcher

Hi there,

I've read other people's problems with removing this damnable pest, but i'm reluctant to start "fixing" things based on the answers given to other people!

My problem is essentially the same- a hi-jacked browser window and some offensive additions to my IE favourites folder. Removing them works temporarily but not for long. I have up-to-date SpyBot, AdAware and CWshredder software on board and i've printed out the FAQs and guides i might need in safe mode!

I think i'm ready to go, so i'd truly appreciate any help (and don't be afraid to dumb it riiiight down!)

My HiJackThis log is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 00:04:17, on 24/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\winmm64.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark Oliver\My Documents\miscellaneous\aawsepersonal.exe
C:\Documents and Settings\Mark Oliver\My Documents\miscellaneous\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=geo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=geo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=geo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://countere.com/?b=geo
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=geo
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://countere.com/?a=2&b=geo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://countere.com/?a=2&b=geo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://countere.com/?a=2&b=geo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://countere.com/?a=2&b=geo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btopenworld.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\SecureUp Personal Firewall\WebWatch.EXE
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee\McAfee Shared Components\Shredder\SHRED32.EXE" /q C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\LOCALS~1\LOCALS~1\History\History.SH! C:\DOCUME~1\MARKOL~1\LOCALS~1\TEMPOR~1\Content.SH! C:\DOCUME~1\MARKOL~1\LOCALS~1\History\History.SH!
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093296876578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.4426967593
O16 - DPF: {9F637568-E5F7-4CB2-BD01-818CF6C561F9} (PhotosCtrlUK Class) - http://uk.f1.pg.photos.yahoo.com/ocx/uk/yexplorer1_9uk.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btopenworld.com/templates/btwebcontrol.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BEBFD0B-3D5B-42B5-B28A-F3353689B3ED}: NameServer = 213.1.119.99 213.1.119.100

Thank you in advance!

pskelley

933 Posts

August 23rd, 2004 23:00

A recent post By ChrisRLG:

Lots of the regular posting anti-malware experts on this board have moved to pastures new for various reasons. You may find it better to find another support site to assist you.

Please go to this link and choose one of the websites on the left of the page.
Alliance of Security Analysis Professionals: http://www.a-sap.org/
As you can see they all work together in cleaning malware (Virus, Spyware and adware).

To help you choose from that list

TomCoyotes contains the anti-malware school - Classroom.
SpyWareInfo contains the anti-malware school - BootCamp.
Net-Intergration is the support site of Spybot S&D.
Lavasoft Support is the support site of Ad-aware.
Wilders Security has since stopped hijackthis log support due to the lack of experienced helpers.
Others that I would recommend Zerosrealm, Subratam.org, SpyWare BeWare and ComputerCops, but generally all those on that list will have experts to help you.
Texruss and ChrisRLG are Teachers at The TomCoyote Forum.

There are still some knowledgable people left posting here at Dell, so you may still get help from them.

I wish you all the best at getting your computer clean. Where ever you get help, please update your HJT version before you post.  The latest version is 1.98.2.

pskelley
in training at
TomCoyote and
SpywareInfo
 

Officer Pupp

2 Posts

August 24th, 2004 06:00

Thanks! I'll try there!

Was this post helpful?

View All

No Events found!

Top