forgetmenotorelse
asked on
Question for LucF...
LucF,
I do have similar problem which i posted yesterday. However its in Windows XP. I can't anymore download any files from the net but i can browse any web sites. I believe that this is also a Spyware. From time to time, this particular site would appear, http://daosearch.com/free.php?id=186.
I already run hijackthis and Ad-aware SE but still i can't download files. My browsing to internet is slow compare to other pc in the network.
Is there any tool to uninstall this particular spyware?
Thanks..
Regards,
Nald
I do have similar problem which i posted yesterday. However its in Windows XP. I can't anymore download any files from the net but i can browse any web sites. I believe that this is also a Spyware. From time to time, this particular site would appear, http://daosearch.com/free.php?id=186.
I already run hijackthis and Ad-aware SE but still i can't download files. My browsing to internet is slow compare to other pc in the network.
Is there any tool to uninstall this particular spyware?
Thanks..
Regards,
Nald
ASKER
Sorry for the late reply...
this is logfile of HijackThis v1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 4:47:49 PM, on 4/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VetMsg
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\CA\ETRUST~1\ET
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
C:\WINDOWS\System32\Servic
C:\WINDOWS\System32\ctfmon
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuaucl
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.ex
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Installers\hijack\Hijac
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJ
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Janeth\LOCALS~
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Servic
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsg
this is logfile of HijackThis v1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 4:47:49 PM, on 4/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VetMsg
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\CA\ETRUST~1\ET
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
C:\WINDOWS\System32\Servic
C:\WINDOWS\System32\ctfmon
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuaucl
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.ex
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Installers\hijack\Hijac
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJ
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Janeth\LOCALS~
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Servic
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay... I was so busy attending important matters...
LucF thanks for the comment...
Regards,
Nald
LucF thanks for the comment...
Regards,
Nald
You're welcome ;)
LucF
LucF
As far as I know there's no specific tool to remove this browser hijacker.
So, please do the following without rebooting the computer inbetween:
1) Run a full systemscan with Ad-aware (make sure to update before running) and delete everything it finds.
2) Run a full systemscan with Spybot Search and Destroy (again, make sure to update)
3) Make sure you have the latest version of Hijackthis (1.99.1 at the moment), run it, click scan and save log.
4) Post the full logfile you get at http://www.hijackthis.de and click analize.
5) Don't start with deleting anything yourself yet, instead click the "save analys" at the bottom of that page.
6) Post the link to the analys here and I'll take a look at it.
(All download links can be found at http:Q_20975384.html)
LucF