Unidentifyable and Pesky - ttesrp.exe

We have guidelines about posting HJT log that must be followed.

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

 

First the simple part:
207.172.3.8 = [ ns1.dns.rcn.net ] 207.172.3.8 = [ ns2.dns.rcn.net ]
OrgName: RCN Corporation
OrgID: RCN
Address: 105 Carnegie Center
City: Princeton
StateProv: NJ
PostalCode: 08540
Country: US

Do you recognize RCN?

192.168.1.1 is most likely your router

 

Try this:

Enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650
Disable System Restore: http://forums.majorgeeks.com/showthread.php?t=31668
But do not reboot when asked to. We will do that later.

Bring up Task Manager by hitting CTRL-ALT-DEL and click processes. Find and end the following if it exists:

ttesrp.exe

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u C:\WINDOWS\multimpp.dll

then click OK. If a dialog box confirming this action appears, click OK.

Then run HijackThis and put check marks on the following items but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading this in:
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O4 - HKLM\..\Run: [hhdssiby] C:\WINDOWS\System32\ttesrp.exe

Now reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Use Windows Explorer to find and delete:

C:\WINDOWS\multimpp.dll
C:\WINDOWS\System32\ttesrp.exe

Reboot normal mode and come back and tell me how things are working.
If everything is okay enable your system restore.

 

Please start your own thread if we can help you. Also, you want to read privacy policies if spyware is a concern since Spam Arrest does collect information on you and run advertising:

WHAT PERSONAL INFORMATION DO WE COLLECT
Although the majority of information obtained through this Site is business related, we may also collect personal information (i.e., individual information that may be used to personally identify or contact you) from Customers, Senders, and other users of this Site. Collection is done both actively (information you voluntarily submit to us) and passively (information automatically gathered from your computer).

There are paragraphs more after that.....

I prefer a free, spy free spam program like SPAMfighter http://majorgeeks.com/download4316.html

 

It also helps if you add emails, especially on the type of spam email program your using that requires authorization. Case in point, you register for a forum which sends you an email, you should add that website to your trusted zone or the email program should have some sort of override to allow email addresses and domains to be safe. Otherwise it is garbage. Your automated email to me which was to verify your email to complete registration here (through the forums) went to my spam box and almost never saw it. Be careful where you put your email and spam will go down. I have one email I have had for 6 years and it gets no spam at all, whereas emails I use frequently, do get their fair share.

"Hello there, you are recieving this e-mail message because I am recieving so much spam e-mails each and everyday that I now use SpamArrest to cut down on the number I receive each and everyday.

If you would like to take advantage of this service then please go to http://spamarrest.com/affl?121449 . Thanks!

P.S. - Note that you will only have to do this just once.

Just this once, click the link below so I can receive your emails. You won't have to do this again."