forgetmenotorelse
asked on
Question for LucF...
LucF,
I do have similar problem which i posted yesterday. However its in Windows XP. I can't anymore download any files from the net but i can browse any web sites. I believe that this is also a Spyware. From time to time, this particular site would appear, http://daosearch.com/free.php?id=186.
I already run hijackthis and Ad-aware SE but still i can't download files. My browsing to internet is slow compare to other pc in the network.
Is there any tool to uninstall this particular spyware?
Thanks..
Regards,
Nald
I do have similar problem which i posted yesterday. However its in Windows XP. I can't anymore download any files from the net but i can browse any web sites. I believe that this is also a Spyware. From time to time, this particular site would appear, http://daosearch.com/free.php?id=186.
I already run hijackthis and Ad-aware SE but still i can't download files. My browsing to internet is slow compare to other pc in the network.
Is there any tool to uninstall this particular spyware?
Thanks..
Regards,
Nald
ASKER
Sorry for the late reply...
this is logfile of HijackThis v1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 4:47:49 PM, on 4/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VetMsg NT.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\CA\ETRUST~1\ET RUST~1\Vet Tray.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti on.exe
C:\WINDOWS\System32\Servic es\{C3C261 C2-EF96-43 8B-88CA-64 972E0350FB }\SVCHOST. EXE
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuaucl t.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.ex e
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Installers\hijack\Hijac kThis.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\PROGRA~1\Yahoo!\COMPAN~ 1\Installs \cpn\ycomp 5_5_7_0.dl l
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\PROGRA~1\Yahoo!\COMPAN~ 1\Installs \cpn\ycomp 5_5_7_0.dl l
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh eck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET RUST~1\Vet Tray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJ PMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME KRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI NTLGNT\ImS cInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI NTLGNT\TIN TSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI NTLGNT\TIN TSETP.EXE /IMEName
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Janeth\LOCALS~ 1\Temp\kee p.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti on.exe"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Servic es\{C3C261 C2-EF96-43 8B-88CA-64 972E0350FB }\SVCHOST. EXE
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools rv32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon .exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools rv32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch .htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict .htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict .htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0521. dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0521. dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5 95F0A5519F F} (MsnMessengerSetupDownload Control Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{9 6DF6069-89 1D-4E4C-A2 6A-83169B7 68457}: NameServer = 202.78.97.2,202.78.97.3,20 2.78.97.41
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsg NT.exe
this is logfile of HijackThis v1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 4:47:49 PM, on 4/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VetMsg
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\CA\ETRUST~1\ET
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
C:\WINDOWS\System32\Servic
C:\WINDOWS\System32\ctfmon
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuaucl
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.ex
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Installers\hijack\Hijac
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJ
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PI
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TI
O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Janeth\LOCALS~
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetecti
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Servic
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spools
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\WINDOWS\System32\VetMsg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay... I was so busy attending important matters...
LucF thanks for the comment...
Regards,
Nald
LucF thanks for the comment...
Regards,
Nald
You're welcome ;)
LucF
LucF
As far as I know there's no specific tool to remove this browser hijacker.
So, please do the following without rebooting the computer inbetween:
1) Run a full systemscan with Ad-aware (make sure to update before running) and delete everything it finds.
2) Run a full systemscan with Spybot Search and Destroy (again, make sure to update)
3) Make sure you have the latest version of Hijackthis (1.99.1 at the moment), run it, click scan and save log.
4) Post the full logfile you get at http://www.hijackthis.de and click analize.
5) Don't start with deleting anything yourself yet, instead click the "save analys" at the bottom of that page.
6) Post the link to the analys here and I'll take a look at it.
(All download links can be found at http:Q_20975384.html)
LucF