Solved: SurfControl nvr installed! WTH!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
I did some research on SurfControl. It is a legit program actually. Then why the hell was it installed on my computer without my knowlege. I am the only one that uses the computer and I have heard that people are concidering it spyware (a keylogger type to be specific). I've tried several antispyware programs like Adaware, Spyware Doctor, XoftSpy, Aluria LiteScanner, you name it. Would a HijackThis log work or is there a way to remove it without one? I have a screenshot of a site being blocked by SurfControl. It blocks about everything! Blagasfhgsdflgh! (n) ;) Help me please.


A member in need,
Reaper :eek:
 

Attachments

Joined
Jan 17, 2004
Messages
553
Is it in your add/remove programs list? If so, just uninstall it. If not, do a search for it and delete it that way. If you can't find it, try a search in safe mode.
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:57:35 AM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\R2D2SO~1\R2D2KE~1\KAUTHS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.10.27.12:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\system32\CtxPopup.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [WebExRemoteAccessAgent] C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.brdatahost.com
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.34/greenback/greenback-ob-assets.cab
O16 - DPF: HushEncryptionEngine - https://mailserver3.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.1.34/flinger/flinger-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peaks/peaks-ob-assets.cab
O16 - DPF: Win32 Classes -
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.34/whackdown/whackdown-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106845336792
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
Ahhhh.....my post was on the second page. I need help on this please. :)
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
I'm trying to get this answered, at least tell me where I can go to get this resolved, I can't check email on the PC or play games. It is unbearable, lol. :cool:
 
Joined
Jul 26, 2002
Messages
46,349
Open Hijack This and click on the "Open Misc Tools Section" button then click the "Open Uninstall Manager" button. Click "Save List" Copy and paste that list here.
 
Joined
Jul 26, 2002
Messages
46,349
Also run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\system32\CtxPopup.dll

O16 - DPF: Win32 Classes -

O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe


Restart your computer.


go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
There's nothing suspicous to me, but just in case:

Ad-Aware SE Personal
Adobe Reader 7.0
All To WMA Converter 1.77
Aluria LiteScanner
AOL Instant Messenger
AVG Free Edition
CCleaner (remove only)
Clean Ram 1.10 - Free
CuteFTP 7 Home
Error Messages for Windows
eVoice Player 1.0
FrontLook Page Effects ( Sampler ) Files
FrontLook Page Effects Core Files
Game Maker 6.0
GMail Drive Shell Extension
Google Gmail Notifier
HijackThis 1.99.1
iTunes
Macromedia Shockwave Player
Microsoft Office 2000 Disc 2
Microsoft Office FrontPage 2003
Microsoft Office XP Professional with FrontPage
Microsoft PhotoDraw 2000
Microsoft Plus! Portable Audio Devices
Microsoft Works 4.5
Microsoft Works Setup Launcher
MyWebEx PC
Need For Speed III
PDF reDirect (remove only)
QuickTime
RegEm
Shareaza version 2.1.0.0
SmartFTP Client
Spyware Doctor 3.2
Tweak UI
Virtual Desktop Toolbox
Web CEO 5.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB890175
WinZip
XoftSpy

I am working on the second suggestion and I am doing it right after this post so I'll post again telling you if it worked (y) thanks
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
I deleted the things you asked and no lick. I still get blocks! :confused:

Thx for continuing to help.
 
Joined
Jul 26, 2002
Messages
46,349
I don't see anything in the Add/Remove list.

Open Hijack This. Click on the "Config" button in the lower right corner. Now click on "Misc Tools" then under "Generate Startup List" put a check by "List also minor sections (full)", "List empty sections (Complete)" and "Calculate MD5 of files if possible". Now click on the "Generate Startup List" button and copy and paste the contents of the list back here in a reply.

In the meantime, I'll see if I can find any info on how to remove this.
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
Here you go, thanks for taking the time to help :D

The log had too many characters to post on the forum so I attached it.
 

Attachments

Joined
Jul 26, 2002
Messages
46,349
I don't see anything there either.

Does that SurfControl block all websites or just certain ones?

Also, do you use a proxy server?
 

TheReaper

Thread Starter
Joined
Jan 22, 2005
Messages
121
You solved it! Thanks flrman1. I guess a proxy server I was using to download a game had it cached so I left it on by accident. Now it's unfiltered! Thank you, thank you, thank you! (y)

Reaper
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top