samscram
asked on
hOW DO I UNINSTALL, DOWNLOAD ACELERATOR PLUS
Several years ago I downloaded and used DAP but uninstalled it with the Windows 98 SE add/remove utility, over a year ago.
However, when I attempt some downloads an information window comes up which reads:
"DAP could not be loaded. Please press "back"
button on the browser."
When I press OK a gray screen appears with the message:
"Download Accelerator has added the link to queues.
Press "Back" button to return to normal mode"
This aborts the download.
I've attempted to download both Spybot and PestPatrol to eliminate DAP but each time I try the "DAP notice" appears which aborts the download. I've tried downloading from several sites, including Spybot, Tucows, PC Magazine but the same thing happens each time.
I've read that DAP has elements that some consider to be spyware.
I want to resolve the issue. I have Ad-Aware 6.0 personal and 5.0 Plus but they don't consider DAP to be spyware or adware and don't remove it.
Any suggestions?
However, when I attempt some downloads an information window comes up which reads:
"DAP could not be loaded. Please press "back"
button on the browser."
When I press OK a gray screen appears with the message:
"Download Accelerator has added the link to queues.
Press "Back" button to return to normal mode"
This aborts the download.
I've attempted to download both Spybot and PestPatrol to eliminate DAP but each time I try the "DAP notice" appears which aborts the download. I've tried downloading from several sites, including Spybot, Tucows, PC Magazine but the same thing happens each time.
I've read that DAP has elements that some consider to be spyware.
I want to resolve the issue. I have Ad-Aware 6.0 personal and 5.0 Plus but they don't consider DAP to be spyware or adware and don't remove it.
Any suggestions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
samscram,
Then unresgiter the following
programfilesdir+\dap\cabex .dll
programfilesdir+\dap\dapbh o.dll
programfilesdir+\dap\dapie .dll
programfilesdir+\dap\dapie bar.dll
programfilesdir+\dap\dapns .dll
programfilesdir+\dap\dapop .dll
programfilesdir+\dap\mfc42 .dll
programfilesdir+\dap\msvcr t.dll
programfilesdir+\dap\redre gistration .dll
programfilesdir+\dap\zlib. dll
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Delete Registry Items
The registry is a hierarchical configuration database maintained by Windows and your applications. The database is stored on disk, and a copy in memory is created when you boot.
Most applications, including pests you want to remove, will modify the registry in some way, adding their own entries and changing some previous entries. Complete removal of an application includes registry edits.
The registry can be edited with Regedit.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Kill Running Processes
Many programs cannot be deleted if they are currently running. Use Task Manager to stop any process that is running. (In Windows 2000 and XP, Task Manager lists all processes; in earlier versions of Windows, only visible processes will be listed.) Invoke Task Manager via Ctrl-Alt-Del. In NT/2000/XP, choose the Processes tab to list all programs. Find the exe of interest, highlight it, and end it.
Background: Windows can run many programs at the same time, but with just a single CPU, can only perform one task at a time. In your computer, Windows gives the illusion that several programs are running in parallel by switching rapidly from one to the next, giving each a time-slice of the CPU. But if any program hangs, Windows may get stuck on that task, and be unable to switch to the other running programs, causing everything to hang.
A task or process is a program (such as an exe file) that is being executed or run. When a program is started, Windows loads it into memory (RAM), adds it to an internal list of running processes, and provides the process with the memory and other resources it needs. Windows tracks what processes are using what resources, and when one of these processes is terminated, Windows can usually return its resources to the general pool, for redistribution to other processes.
Example: For some pests such as CommonName, if you edit the registry while one of their processes is running, that process will "repair" the registry, undoing your work. In the case of CommonName, you must first kill the 'winnet.exe' process (otherwise, it will keep setting itself up to run automatically). In Task Manager, choose 'winnet.exe' and end the process.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Remove AutoStart
The registry contains defines several procedures for automatically starting software when you boot your machine. One of these is in HKEY_LOCAL_MACHINE at \Software\Microsoft\Window s\CurrentV ersion\Run . You may use RegEdit to find this key. Do not delete the entire branch -- just the key over on the right-hand side of your screen.
Example: Many pests such as CommonName will start running when you boot. To prevent CommonName from automatically restarting, go to the key HKEY_LOCAL_MACHINE\Softwar e\Microsof t\Windows\ CurrentVer sion\Run. There will be a value here titled 'Zenet' or 'Winnet'. Delete it and reboot the machine immediately.
For more info on AutoStarting methods used by pests, click here.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Remove Files and Directories
Many programs create one or more directories, at the time of installation, for the convenient organization of their files. Such directories are logical containers. Complete removal of a pest may require removal of files in various locations, and may require removal of one or more directories.
Both Files and Directories may be found and removed using Windows Explorer:
Right-click on the Start button (lower left of your screen).
Choose Explore.
Locate the file or directory of interest and highlight it.
Right-click to invoke the popup menu, and choose Delete.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
UnRegister DLLs
You can use the Regsvr32 tool (Regsvr32.exe) to register and unregister object linking and embedding (OLE) controls such as dynamic-link library (DLL) or ActiveX Controls (OCX) files that are self-registerable.
RegSvr32.exe has the following command-line options:
Regsvr32 [/u] [/n] [/i[:cmdline]] dllname
/u - Unregister server<BR/>
/i - Call DllInstall passing it an optional [cmdline]; when used with /u calls dll uninstall
/n - do not call DllRegisterServer; this option must be used with /i
When you use Regsvr32.exe, it attempts to load the component and call its DLLSelfRegister function. If this attempt is successful, Regsvr32.exe displays a dialog indicating success. If the attempt is unsuccessful, Regsvr32.exe returns an error message, which may include a Win32 error code.
PL
Then unresgiter the following
programfilesdir+\dap\cabex
programfilesdir+\dap\dapbh
programfilesdir+\dap\dapie
programfilesdir+\dap\dapie
programfilesdir+\dap\dapns
programfilesdir+\dap\dapop
programfilesdir+\dap\mfc42
programfilesdir+\dap\msvcr
programfilesdir+\dap\redre
programfilesdir+\dap\zlib.
--------------------------
Delete Registry Items
The registry is a hierarchical configuration database maintained by Windows and your applications. The database is stored on disk, and a copy in memory is created when you boot.
Most applications, including pests you want to remove, will modify the registry in some way, adding their own entries and changing some previous entries. Complete removal of an application includes registry edits.
The registry can be edited with Regedit.
--------------------------
Kill Running Processes
Many programs cannot be deleted if they are currently running. Use Task Manager to stop any process that is running. (In Windows 2000 and XP, Task Manager lists all processes; in earlier versions of Windows, only visible processes will be listed.) Invoke Task Manager via Ctrl-Alt-Del. In NT/2000/XP, choose the Processes tab to list all programs. Find the exe of interest, highlight it, and end it.
Background: Windows can run many programs at the same time, but with just a single CPU, can only perform one task at a time. In your computer, Windows gives the illusion that several programs are running in parallel by switching rapidly from one to the next, giving each a time-slice of the CPU. But if any program hangs, Windows may get stuck on that task, and be unable to switch to the other running programs, causing everything to hang.
A task or process is a program (such as an exe file) that is being executed or run. When a program is started, Windows loads it into memory (RAM), adds it to an internal list of running processes, and provides the process with the memory and other resources it needs. Windows tracks what processes are using what resources, and when one of these processes is terminated, Windows can usually return its resources to the general pool, for redistribution to other processes.
Example: For some pests such as CommonName, if you edit the registry while one of their processes is running, that process will "repair" the registry, undoing your work. In the case of CommonName, you must first kill the 'winnet.exe' process (otherwise, it will keep setting itself up to run automatically). In Task Manager, choose 'winnet.exe' and end the process.
--------------------------
Remove AutoStart
The registry contains defines several procedures for automatically starting software when you boot your machine. One of these is in HKEY_LOCAL_MACHINE at \Software\Microsoft\Window
Example: Many pests such as CommonName will start running when you boot. To prevent CommonName from automatically restarting, go to the key HKEY_LOCAL_MACHINE\Softwar
For more info on AutoStarting methods used by pests, click here.
--------------------------
Remove Files and Directories
Many programs create one or more directories, at the time of installation, for the convenient organization of their files. Such directories are logical containers. Complete removal of a pest may require removal of files in various locations, and may require removal of one or more directories.
Both Files and Directories may be found and removed using Windows Explorer:
Right-click on the Start button (lower left of your screen).
Choose Explore.
Locate the file or directory of interest and highlight it.
Right-click to invoke the popup menu, and choose Delete.
--------------------------
UnRegister DLLs
You can use the Regsvr32 tool (Regsvr32.exe) to register and unregister object linking and embedding (OLE) controls such as dynamic-link library (DLL) or ActiveX Controls (OCX) files that are self-registerable.
RegSvr32.exe has the following command-line options:
Regsvr32 [/u] [/n] [/i[:cmdline]] dllname
/u - Unregister server<BR/>
/i - Call DllInstall passing it an optional [cmdline]; when used with /u calls dll uninstall
/n - do not call DllRegisterServer; this option must be used with /i
When you use Regsvr32.exe, it attempts to load the component and call its DLLSelfRegister function. If this attempt is successful, Regsvr32.exe displays a dialog indicating success. If the attempt is unsuccessful, Regsvr32.exe returns an error message, which may include a Win32 error code.
PL
Then REMOVE these Reg Keys
HKEY_CLASSES_ROOT\clsid\{0 000cc75-ac f3-4cac-a0 a9-dd3868e 06852}
HKEY_CLASSES_ROOT\clsid\{0 096cc0a-62 3c-4829-ad 9c-19af0dc 9d8fe}
HKEY_CLASSES_ROOT\clsid\{2 35d7a27-de 65-49f0-bf cf-d5c3bc3 b2e67}
HKEY_CLASSES_ROOT\clsid\{6 2999427-33 fc-4baf-9c 9c-bce6bd1 27f08}
HKEY_CLASSES_ROOT\dapiebar .cbarevent er
HKEY_CLASSES_ROOT\dapiebar .cbarevent er.1
HKEY_CLASSES_ROOT\dapiebar .dapiebarb and
HKEY_CLASSES_ROOT\dapiebar .dapiebarb and.1
HKEY_CLASSES_ROOT\typelib\ {095006d5- 6da6-4cdc- 864e-74980 15816bc}
HKEY_CLASSES_ROOT\typelib\ {72920511- e300-44c1- 8565-2fd66 d7a7246}
HKEY_CLASSES_ROOT\typelib\ {79516451- 3e3e-453a- 8968-37942 f7979f3}
HKEY_LOCAL_MACHINE\softwar e\classes\ .daf\conte nt type
HKEY_LOCAL_MACHINE\softwar e\classes\ .dal\conte nt type
HKEY_LOCAL_MACHINE\softwar e\classes\ anigifctrl .anigif\in sertable
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{000 0cc75-acf3 -4cac-a0a9 -dd3868e06 852}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{235 d7a27-de65 -49f0-bfcf -d5c3bc3b2 e67}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{5bf a1daf-5edc -11d2-959e -00c00c02d a5e}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{61a b12e1-a5ff -11d1-b2e9 -444553540 000}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{629 99427-33fc -4baf-9c9c -bce6bd127 f08}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{6dc 82d15-92f2 -11d1-a255 -00a0c932c 7df}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{811 0aea1-ad5b -4b90-883f -04a9a33b1 06e}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{823 51441-9094 -11d1-a24b -00a0c932c 7df}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{973 8b9e6-8afa -11d2-959e -444553540 002}
HKEY_LOCAL_MACHINE\softwar e\classes\ clsid\{f85 2086b-10e6 -4743-9a3f -d8257a0a5 9e3}
HKEY_LOCAL_MACHINE\softwar e\classes\ daffile\ed itflags
HKEY_LOCAL_MACHINE\softwar e\classes\ dalfile\ed itflags
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {03d365cb- 878a-4495- 9350-7c677 43335d9}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {5252ac41- 94bb-11d1- b2e7-44455 3540000}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {5b985d95- d4ee-44e5- ae57-b8865 9b9dee4}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {5bfa1dae- 5edc-11d2- 959e-00c00 c02da5e}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {7892ba33- 7984-43a5- a8f5-27ed0 afe6143}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {82351440- 9094-11d1- a24b-00a0c 932c7df}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {f32c7705- 1dad-4b09- b60a-40f1d 9b3dbc9}
HKEY_LOCAL_MACHINE\softwar e\classes\ interface\ {f68145e9- 7785-4bb4- a20a-16e8a 425972c}
HKEY_LOCAL_MACHINE\softwar e\classes\ protocols\ name-space handler\ftp\zda\clsid
HKEY_LOCAL_MACHINE\softwar e\classes\ protocols\ name-space handler\ftp\zda\pattern1
HKEY_LOCAL_MACHINE\softwar e\classes\ protocols\ name-space handler\https\zda\pattern1
HKEY_LOCAL_MACHINE\softwar e\classes\ protocols\ name-space handler\http\zda\clsid
HKEY_LOCAL_MACHINE\softwar e\classes\ protocols\ name-space handler\http\zda\pattern1
HKEY_LOCAL_MACHINE\softwar e\classes\ typelib\{0 95006d5-6d a6-4cdc-86 4e-7498015 816bc}
HKEY_LOCAL_MACHINE\softwar e\classes\ typelib\{5 bfa1da1-5e dc-11d2-95 9e-00c00c0 2da5e}
HKEY_LOCAL_MACHINE\softwar e\classes\ typelib\{5 fe38345-35 a8-11d3-bd 27-000021c 9a4d9}
HKEY_LOCAL_MACHINE\softwar e\classes\ typelib\{7 9516451-3e 3e-453a-89 68-37942f7 979f3}
HKEY_LOCAL_MACHINE\softwar e\classes\ typelib\{8 2351433-90 94-11d1-a2 4b-00a0c93 2c7df}
HKEY_LOCAL_MACHINE\softwar e\microsof t\internet explorer\extensions\{66969 5bc-a811-4 a9d-8cdf-b a8c795f261 c}
HKEY_LOCAL_MACHINE\softwar e\microsof t\windows\ currentver sion\explo rer\browse r helper objects\{0000cc75-acf3-4ca c-a0a9-dd3 868e06852}
HKEY_LOCAL_MACHINE\softwar e\microsof t\windows\ currentver sion\unins tall\downl oad accelerator plus beta
HKEY_LOCAL_MACHINE\softwar e\speedbit
HKEY_CLASSES_ROOT\clsid\{0
HKEY_CLASSES_ROOT\clsid\{0
HKEY_CLASSES_ROOT\clsid\{2
HKEY_CLASSES_ROOT\clsid\{6
HKEY_CLASSES_ROOT\dapiebar
HKEY_CLASSES_ROOT\dapiebar
HKEY_CLASSES_ROOT\dapiebar
HKEY_CLASSES_ROOT\dapiebar
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
HKEY_LOCAL_MACHINE\softwar
ASKER
Pete & LucF:
I apologize for not originally indicating that I'm a novice with respect to registry issues and not comfortable the techniques used to manually remove the entries, which is why I had tried to download Spybot or PestControl.
Pete: What are your instructions regarding your original comment?
LucF: I'll head over to Hijackthis and follow your suggestion.
Can either of you recommend a quick tutorial on registry changes?
Sam
I apologize for not originally indicating that I'm a novice with respect to registry issues and not comfortable the techniques used to manually remove the entries, which is why I had tried to download Spybot or PestControl.
Pete: What are your instructions regarding your original comment?
LucF: I'll head over to Hijackthis and follow your suggestion.
Can either of you recommend a quick tutorial on registry changes?
Sam
ASKER
LucF:
Here's the log file:
Logfile of HijackThis v1.97.7
Scan saved at 11:40:00 , on 01/09/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSR TE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP. EXE
C:\WINDOWS\SYSTEM\MSG32.EX E
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.E XE
C:\WINDOWS\SYSTEM\HPOOPM07 .EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSS HLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA GENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSE SCN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\WINDOWS\SYSTEM\QTTASK.E XE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCA N PRO\HPLAMP.EXE
C:\WINDOWS\SYSTEM\HPSJVXD. EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EX E
C:\WINDOWS\SYSTEM\SPOOL32. EXE
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\WINDOWS\SYSTEM\DDHELP.E XE
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\WINDOWS\SYSTEM\RNAAPP.E XE
C:\WINDOWS\SYSTEM\TAPISRV. EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES. EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKT HIS.EXE
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = https://ssologin.prudential.com/servlet/getAccessLogin?LOCALE=pol_en_US&AUTHMETHOD=UserPassword
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEH ELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9 05236F6F65 5} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSS HL.DLL
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E XE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07 .exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VS O\MCMNHDLR .EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VS O\mcvsshld .exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\mcagent .exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE NT\MCUPDAT E.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\Scanregw.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK. EXE" -atboottime
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionSca n Pro\hplamp.exe"
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd. exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIREC TCD.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO \mcvsrte.e xe /embedding
O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-WATCH.EXE /min
O4 - HKCU\..\Run: [Adaware Bootup] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"
O8 - Extra context menu item: Download using LeechGet - file://C:\PROGRAM FILES\LEECHGET 2003\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\PROGRAM FILES\LEECHGET 2003\\Parser.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\PROGRAM FILES\LEECHGET 2003\\Wizard.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGI NS\nppdf32 .dll
O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPLee chGet.dll
O12 - Plugin for .js: C:\Program Files\Opera7\PLUGINS\NPLee chGet.dll
O12 - Plugin for .doc: C:\Program Files\Opera7\PLUGINS\NPLee chGet.dll
O12 - Plugin for .zip: C:\Program Files\Opera7\PLUGINS\NPLee chGet.dll
O16 - DPF: {D30CAFF0-087B-11D3-82D8-0 06094695CE C} (McAfee PC Clinic FaManager Class) - http://download.mcafee.com/molbin/Clinic/FirstAid/FACheck/mgfactl.cab
O16 - DPF: {23047A90-8511-11D2-87A5-2 0C252C1000 0} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
O16 - DPF: {4AE3239D-18C5-11D3-9634-0 060080A3AB 6} (McAfee PC Clinic System Information Class) - http://download.mcafee.com/molbin/Clinic/sysinfo/sicomp.cab
O16 - DPF: {CDB74794-A3BA-4733-B6F6-5 9BF16D6C15 A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-A BCDEFFEDCB A} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {0C568603-D79D-11D2-87A7-0 0C04FF158B B} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C 18E1ADA438 9} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-8 7445BF59E7 2} (SystemInfo Class) - http://iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-4 7A8489BB47 F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37910.355150463
O16 - DPF: {0E5F0222-96B9-11D3-8997-0 0104BD12D9 4} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9F0F185C-B50B-11D2-B53F-0 0A0C98684A C} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
O16 - DPF: {13E39F7E-FDA8-11D2-99DC-0 0C04FF40D5 2} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/OilChange/MGOcFilt.cab
O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0 800300004C 2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
Thanks
Sam
Here's the log file:
Logfile of HijackThis v1.97.7
Scan saved at 11:40:00 , on 01/09/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSR
C:\WINDOWS\SYSTEM\MSGLOOP.
C:\WINDOWS\SYSTEM\MSG32.EX
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.E
C:\WINDOWS\SYSTEM\HPOOPM07
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSS
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCA
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\SYSTEM\QTTASK.E
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PRECISIONSCAN\PRECISIONSCA
C:\WINDOWS\SYSTEM\HPSJVXD.
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EX
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\MSTASK.E
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\RNAAPP.E
C:\WINDOWS\SYSTEM\TAPISRV.
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKT
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.E
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VS
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VS
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\Scanregw.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionSca
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIREC
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO
O4 - HKCU\..\Run: [Lavasoft Adwatch] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-WATCH.EXE /min
O4 - HKCU\..\Run: [Adaware Bootup] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"
O8 - Extra context menu item: Download using LeechGet - file://C:\PROGRAM FILES\LEECHGET 2003\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\PROGRAM FILES\LEECHGET 2003\\Parser.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\PROGRAM FILES\LEECHGET 2003\\Wizard.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGI
O12 - Plugin for .exe: C:\Program Files\Opera7\PLUGINS\NPLee
O12 - Plugin for .js: C:\Program Files\Opera7\PLUGINS\NPLee
O12 - Plugin for .doc: C:\Program Files\Opera7\PLUGINS\NPLee
O12 - Plugin for .zip: C:\Program Files\Opera7\PLUGINS\NPLee
O16 - DPF: {D30CAFF0-087B-11D3-82D8-0
O16 - DPF: {23047A90-8511-11D2-87A5-2
O16 - DPF: {4AE3239D-18C5-11D3-9634-0
O16 - DPF: {CDB74794-A3BA-4733-B6F6-5
O16 - DPF: {CAFEEFAC-0014-0001-0001-A
O16 - DPF: {0C568603-D79D-11D2-87A7-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {76D90D08-EAB7-46D8-BF99-8
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {0E5F0222-96B9-11D3-8997-0
O16 - DPF: {9F0F185C-B50B-11D2-B53F-0
O16 - DPF: {13E39F7E-FDA8-11D2-99DC-0
O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0
Thanks
Sam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thankyou all.
I began to work through your comments and ended up purchasing Pest Patrol which eliminated DAP.
For the record, it appeares that DAP attempted to block only downloads from the Spybot and JV16 Powertools and Pest Patrol. Interesting.
In any event, I was able to download the programs by copying and pasting the download urls into Leechget interfaceto effect the downloads by copying and pasting the download url's into its interface.
Thanks, again
Sam
I began to work through your comments and ended up purchasing Pest Patrol which eliminated DAP.
For the record, it appeares that DAP attempted to block only downloads from the Spybot and JV16 Powertools and Pest Patrol. Interesting.
In any event, I was able to download the programs by copying and pasting the download urls into Leechget interfaceto effect the downloads by copying and pasting the download url's into its interface.
Thanks, again
Sam
Glad UR Fixed - and ThanQ
IMHO, you have a good program in Pest Patrol, in addtion, to prevent future
Browser Hijacts and/or Foistware, etc:
you should\
have some software programs to fight the Adware, Marketing Spyware, Foistware and Browswer High Jack Programs.
Under this category, I would suggest you download and both free versions of Ad Aware and Spybot and keep them \
current:
Ad-aware Standard Edition is THE award winning, free*, multicomponent detection and removal utility that has consistently lead the industry in safety, user satisfaction, support and reliability.
http://www.lavasoft.de/software/adaware/
http://www.lavasoftusa.com/
"SpyBot Search & Destroy" (It is freeware
Spybot can be downloaded at
www.Spybot.com
http://beam.to/spybotsd
In addition to these download and install either one of these next two:
Spyware Blaster
BootLIST 088
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time
Prevent Spyware From Being Installed Utility
Mary Adams writes - I take good care of my Computer and don't
install any garbage or junk. But when my two teenage sons visit
for the weekend they always leave my Computer running slow and I
get errors I never had before their visits.
I then have to run Ad-Adware to get rid of all the Spy Software
they seem to install even though they never admit to installing
any Spy Software it's always there after they leave mucking up my
Computer. Is there a way to prevent them from installing Spy
Software in the first place?
*** Try the utility below, free of course:
http://www.javacoolsoftware.com/spywareblaster.html
OR
WinPatrol 5.2
Supports Windows 95, 98, ME, 2000, NT and XP
·
· Detect if your default Home Page has been hijacked.
Message #: 291886From: J RAMSent: 8/29/2003 1:32 PM
A. DAVY...this is the I've seen,and it does a-lot more things including stopping worms and spyware.. it's free
http://www.winpatrol.com/
I use SpyBlaster, but I have read a lot of good things about WinPatrol
If you are using an always on BroadBand Connection, I would also suggest that you look into some sort
of Trojan Fighting Program such as Tauscan or Pest Patrol which are not "Free." If you are using
Dial Up, it less likely you need this type of protection.
To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced. Uncheck the two Enable Install on Demand options
Additional Protection that you might consider
PestPatrol 4.0 its not free:
http://www.zdnet.com/supercenter/stories/review/0,12070,563571,00.html
ZDNet Review
December 10, 2002
When you're on the Internet, you're vulnerable to all kinds of malicious code. Your antivirus software will weed out some of the Trojan horses, and your firewall will stop some malicious users from getting inside your PC. But to rid your system of the other bad stuff--poisoned Java and ActiveX Web scripts, for example--you'll need a program that's dedicated to doing just that. PestPatrol stops password crackers; keystroke logging; ad-serving software, cookies, Trojan horses; and possible distributed denial-of-service attacks, making it a crucial safeguard for your desktop or network server. If you want to keep your computer and data
FREE PEST SCAN
PestPatrol News July/August 2003 issue
Date: 8/11/2003 6:34:06 AM Pacific Daylight Time
From: newsletter@pestpatrol.com
To:
Thanks to everyone who helped with the launch of PestScan last month - and to all of you who've tried it since. If you haven't tried PestScan yet, go to www.pestscan.com and see for yourself. Tens of thousands of people have scanned their PCs for spyware since we launched PestScan just two weeks ago, so we think we can chalk that one up as a successful launch!
http://www.pestscan.com/
Excellent Online Spyware Detection
langalist] LangaList Standard Edition 2003-08-25
Date: 8/24/2003 11:18:54 PM Pacific Daylight Time
In reply to http://www.langa.com/newsletters/2003/2003-07-31.htm#4 ,
where we mentioned a new online spyware detection service from
PestPatrol ( http://www.pestscan.com/ ) , reader Jim Eshelman wrote:
Fred... I thought I'd mention that I've had free
adware/spyware online scanning on my site for several months
now at
http://aumha.org/a/noads.htm
All I've actually done is implement locally Andrew Clover's
wonderful parasite scanning script, which your readers can
also access directly at his goldmine-of-a-site
http://doxdesk.com/parasite/ . My implementation is primarily
a convenience for people already accessing my site, and also a
page devoted to *nothing but* the parasite scan. In its second
month it zoomed to be one of the most visited pages on my
site. I've been using Andrew's scanning script for quite a
while in a user environment of around 6,000 corporate users,
and so far it has caught every single major spyware or adware
item on the user machines. (Spot checking with more intensive
software finds only a few cookies missed.) This is quite
valuable in an enterprise setting because the popular and
reliable tools, such as Ad-Aware, are only free for
noncommercial use. Where an IT department is willing to budget
for business copies, one is left to choose between cheating
and using the freeware anyway (something not high on my list
of favorite things to do!) or use an alternative tool. The
Clover scanning script has covered the issue splendidly so
far.--Jim Eshelman
Thanks, Jim. Well done!
************************** ********** ********** ********** ********** ****
Browser Hijacts and/or Foistware, etc:
you should\
have some software programs to fight the Adware, Marketing Spyware, Foistware and Browswer High Jack Programs.
Under this category, I would suggest you download and both free versions of Ad Aware and Spybot and keep them \
current:
Ad-aware Standard Edition is THE award winning, free*, multicomponent detection and removal utility that has consistently lead the industry in safety, user satisfaction, support and reliability.
http://www.lavasoft.de/software/adaware/
http://www.lavasoftusa.com/
"SpyBot Search & Destroy" (It is freeware
Spybot can be downloaded at
www.Spybot.com
http://beam.to/spybotsd
In addition to these download and install either one of these next two:
Spyware Blaster
BootLIST 088
Date: 5/23/2003 9:59:18 PM Pacific Daylight Time
Prevent Spyware From Being Installed Utility
Mary Adams writes - I take good care of my Computer and don't
install any garbage or junk. But when my two teenage sons visit
for the weekend they always leave my Computer running slow and I
get errors I never had before their visits.
I then have to run Ad-Adware to get rid of all the Spy Software
they seem to install even though they never admit to installing
any Spy Software it's always there after they leave mucking up my
Computer. Is there a way to prevent them from installing Spy
Software in the first place?
*** Try the utility below, free of course:
http://www.javacoolsoftware.com/spywareblaster.html
OR
WinPatrol 5.2
Supports Windows 95, 98, ME, 2000, NT and XP
·
· Detect if your default Home Page has been hijacked.
Message #: 291886From: J RAMSent: 8/29/2003 1:32 PM
A. DAVY...this is the I've seen,and it does a-lot more things including stopping worms and spyware.. it's free
http://www.winpatrol.com/
I use SpyBlaster, but I have read a lot of good things about WinPatrol
If you are using an always on BroadBand Connection, I would also suggest that you look into some sort
of Trojan Fighting Program such as Tauscan or Pest Patrol which are not "Free." If you are using
Dial Up, it less likely you need this type of protection.
To prevent spyware from downloading into your computer, do not allow Install on Demand in the IE settings. With Internet Explorer open, go to Tools > Options > Advanced. Uncheck the two Enable Install on Demand options
Additional Protection that you might consider
PestPatrol 4.0 its not free:
http://www.zdnet.com/supercenter/stories/review/0,12070,563571,00.html
ZDNet Review
December 10, 2002
When you're on the Internet, you're vulnerable to all kinds of malicious code. Your antivirus software will weed out some of the Trojan horses, and your firewall will stop some malicious users from getting inside your PC. But to rid your system of the other bad stuff--poisoned Java and ActiveX Web scripts, for example--you'll need a program that's dedicated to doing just that. PestPatrol stops password crackers; keystroke logging; ad-serving software, cookies, Trojan horses; and possible distributed denial-of-service attacks, making it a crucial safeguard for your desktop or network server. If you want to keep your computer and data
FREE PEST SCAN
PestPatrol News July/August 2003 issue
Date: 8/11/2003 6:34:06 AM Pacific Daylight Time
From: newsletter@pestpatrol.com
To:
Thanks to everyone who helped with the launch of PestScan last month - and to all of you who've tried it since. If you haven't tried PestScan yet, go to www.pestscan.com and see for yourself. Tens of thousands of people have scanned their PCs for spyware since we launched PestScan just two weeks ago, so we think we can chalk that one up as a successful launch!
http://www.pestscan.com/
Excellent Online Spyware Detection
langalist] LangaList Standard Edition 2003-08-25
Date: 8/24/2003 11:18:54 PM Pacific Daylight Time
In reply to http://www.langa.com/newsletters/2003/2003-07-31.htm#4 ,
where we mentioned a new online spyware detection service from
PestPatrol ( http://www.pestscan.com/ ) , reader Jim Eshelman wrote:
Fred... I thought I'd mention that I've had free
adware/spyware online scanning on my site for several months
now at
http://aumha.org/a/noads.htm
All I've actually done is implement locally Andrew Clover's
wonderful parasite scanning script, which your readers can
also access directly at his goldmine-of-a-site
http://doxdesk.com/parasite/ . My implementation is primarily
a convenience for people already accessing my site, and also a
page devoted to *nothing but* the parasite scan. In its second
month it zoomed to be one of the most visited pages on my
site. I've been using Andrew's scanning script for quite a
while in a user environment of around 6,000 corporate users,
and so far it has caught every single major spyware or adware
item on the user machines. (Spot checking with more intensive
software finds only a few cookies missed.) This is quite
valuable in an enterprise setting because the popular and
reliable tools, such as Ad-Aware, are only free for
noncommercial use. Where an IT department is willing to budget
for business copies, one is left to choose between cheating
and using the freeware anyway (something not high on my list
of favorite things to do!) or use an alternative tool. The
Clover scanning script has covered the issue splendidly so
far.--Jim Eshelman
Thanks, Jim. Well done!
**************************
Use HijackThis : http://www.webattack.com/download/dlhijackthis.shtml and post the logfile here, we should be able to point you the lines to remove.
Greetings,
LucF