Solved: SurfControl nvr installed! WTH!

[TheReaper]

I did some research on SurfControl. It is a legit program actually. Then why the hell was it installed on my computer without my knowlege. I am the only one that uses the computer and I have heard that people are concidering it spyware (a keylogger type to be specific). I've tried several antispyware programs like Adaware, Spyware Doctor, XoftSpy, Aluria LiteScanner, you name it. Would a HijackThis log work or is there a way to remove it without one? I have a screenshot of a site being blocked by SurfControl. It blocks about everything! Blagasfhgsdflgh! Help me please.


A member in need,
Reaper

 

[bosshogg151]

Is it in your add/remove programs list? If so, just uninstall it. If not, do a search for it and delete it that way. If you can't find it, try a search in safe mode.

 

[Cheeseball81]

Post the Hijack This log.

 

[TheReaper]

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:57:35 AM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\R2D2SO~1\R2D2KE~1\KAUTHS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.10.27.12:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\system32\CtxPopup.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [WebExRemoteAccessAgent] C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.brdatahost.com
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.2.1.34/greenback/greenback-ob-assets.cab
O16 - DPF: HushEncryptionEngine - https://mailserver3.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.1.34/flinger/flinger-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.2.1.34/peaks/peaks-ob-assets.cab
O16 - DPF: Win32 Classes -
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.1.34/whackdown/whackdown-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106845336792
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

 

[TheReaper]

Ahhhh.....my post was on the second page. I need help on this please.

 

[TheReaper]

I'm trying to get this answered, at least tell me where I can go to get this resolved, I can't check email on the PC or play games. It is unbearable, lol.

 

[Flrman1]

Open Hijack This and click on the "Open Misc Tools Section" button then click the "Open Uninstall Manager" button. Click "Save List" Copy and paste that list here.

 

[Flrman1]

Also run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: CIEObject Object - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - C:\WINDOWS\system32\CtxPopup.dll

O16 - DPF: Win32 Classes -

O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0002.exe

Restart your computer.


go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

 

[TheReaper]

There's nothing suspicous to me, but just in case:

Ad-Aware SE Personal
Adobe Reader 7.0
All To WMA Converter 1.77
Aluria LiteScanner
AOL Instant Messenger
AVG Free Edition
CCleaner (remove only)
Clean Ram 1.10 - Free
CuteFTP 7 Home
Error Messages for Windows
eVoice Player 1.0
FrontLook Page Effects ( Sampler ) Files
FrontLook Page Effects Core Files
Game Maker 6.0
GMail Drive Shell Extension
Google Gmail Notifier
HijackThis 1.99.1
iTunes
Macromedia Shockwave Player
Microsoft Office 2000 Disc 2
Microsoft Office FrontPage 2003
Microsoft Office XP Professional with FrontPage
Microsoft PhotoDraw 2000
Microsoft Plus! Portable Audio Devices
Microsoft Works 4.5
Microsoft Works Setup Launcher
MyWebEx PC
Need For Speed III
PDF reDirect (remove only)
QuickTime
RegEm
Shareaza version 2.1.0.0
SmartFTP Client
Spyware Doctor 3.2
Tweak UI
Virtual Desktop Toolbox
Web CEO 5.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB890175
WinZip
XoftSpy

I am working on the second suggestion and I am doing it right after this post so I'll post again telling you if it worked thanks

 

[TheReaper]

I deleted the things you asked and no lick. I still get blocks!

Thx for continuing to help.

 

[Flrman1]

I don't see anything in the Add/Remove list.

Open Hijack This. Click on the "Config" button in the lower right corner. Now click on "Misc Tools" then under "Generate Startup List" put a check by "List also minor sections (full)", "List empty sections (Complete)" and "Calculate MD5 of files if possible". Now click on the "Generate Startup List" button and copy and paste the contents of the list back here in a reply.

In the meantime, I'll see if I can find any info on how to remove this.

 

[TheReaper]

Here you go, thanks for taking the time to help

The log had too many characters to post on the forum so I attached it.

 

[Flrman1]

I don't see anything there either.

Does that SurfControl block all websites or just certain ones?

Also, do you use a proxy server?

 

[TheReaper]

You solved it! Thanks flrman1. I guess a proxy server I was using to download a game had it cached so I left it on by accident. Now it's unfiltered! Thank you, thank you, thank you!

Reaper

 

[Flrman1]

You're welcome!