Cant get rid of DRUSEARCH :(

Discussion in 'adware, spyware & hijack cleaning' started by Spaceboy79, Jul 11, 2004.

Thread Status:
Not open for further replies.
  1. Spaceboy79

    Spaceboy79 Registered Member

    Joined:
    Jul 11, 2004
    Posts:
    1
    Tried to destroy it with hijackthis but Drueserch keeps reappearing every time i start i-net explorer. Here is the log of hijackthis :

    Logfile of HijackThis v1.97.7
    Scan saved at 4:42:27 PM, on 11/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
    C:\WINDOWS\System32\iteamre.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\hrtcm.exe
    C:\WINDOWS\System32\wumgr.exe
    C:\WINDOWS\System32\hce.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\simple1.exe
    C:\Program Files\Free Surfer\fs20.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\RamBooster\Rambooster.exe
    C:\Program Files\Washer\washer.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\NDrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
    C:\Documents and Settings\All Users\Application Data\Microsoft\PTF\system\ioFTPD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\Program Files\WinFax\WFXMOD32.EXE
    C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
    C:\Program Files\Overnet\overnet.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\xxxxxxxxxx\Desktop\HijackThis.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\xxxxxxxxxx\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/new/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/new/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/new/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/new/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/new/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://drusearch.com/new/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://drusearch.com/new/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://drusearch.com/new/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://drusearch.com/new/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://drusearch.com/new/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drusearch.com/new/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://4-v.net/srchasst.html
    O2 - BHO: Shorty - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\WINDOWS\win32app.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [AStart] C:\WINDOWS\AStart
    O4 - HKLM\..\Run: [avqtsvel] C:\WINDOWS\avqtsvel.exe
    O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
    O4 - HKLM\..\Run: [R] C:\documents and settings\xxxxxxxxxx\local settings\temp\R.exe
    O4 - HKLM\..\Run: [eanth_system_patcher] C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
    O4 - HKLM\..\Run: [93A9BC3E] C:\WINDOWS\System32\nvldee.exe
    O4 - HKLM\..\Run: [Microsoft Update] iteamre.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [hrtcm] C:\WINDOWS\hrtcm.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Microsoft IT Update] wumgr.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] hce.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [eMusicClient] C:\Program Files\Winamp\eMusic\eMusicClient.exe
    O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
    O4 - HKLM\..\Run: [ist service uninstall x] C:\WINDOWS\simple1.exe /u
    O4 - HKLM\..\RunServices: [55A05BE0] C:\WINDOWS\System32\nvldee.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] iteamre.exe
    O4 - HKLM\..\RunServices: [Microsoft IT Update] wumgr.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] hce.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpywareKilla] "C:\PROGRA~1\SPYWAR~1\SpywareKilla.exe" /s
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Microsoft Update] iteamre.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetsrv\services.exe
    O4 - HKCU\..\Run: [Microsoft IT Update] wumgr.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] hce.exe
    O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
    O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "xxxxxxxxxx"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O15 - Trusted Zone: www.mt-download.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.98/060159ca.exe
    O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38155.4024884259
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {D10B5C22-DC60-430D-B548-489CB49A2367} (FreeScan Class) - http://alternatedownload.zeroads.com/zerospyware/landingpage/files/zsfreescan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CEA4B13B-2798-4EF0-82B2-D84BE9949425}: NameServer = 206.47.244.61 206.47.244.139
    O19 - User stylesheet: C:\WINDOWS\color.css (file missing)
     
  2. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    HI Spaceboy79

    First update or download CWShredder to version 1.59.1
    CWShredder (http://www.spywareinfoforum.com/~merijn/files/CWShredder.exe)
    Use the Fix button and follow the instructions you will receive.

    Download Ad-aware from here: http://www.computercops.biz/downloads-file-292.html
    Install by double-clicking on the downloaded file.
    After installing but before running, update Ad-aware by using its Globe icon.
    After updating, shutdown and restart Ad-aware.
    Ad-aware is ready to scan and clean your system following these steps:

    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    "Unload recognized processes during scanning."
    Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    "Let Windows remove files in use after reboot."
    Press "Scan Now"
    Check option "Use Custom scanning options"
    Check option "Activate In-Depth Scan"
    Press "Select drives\folders to scan"
    Select the active partition which is usually C:
    Press "Next" to let Ad-aware scan your drives...
    If it finds "bad" files and registry keys, press "Next" again
    Right-click in that pane and choose "select all"
    Press "next"
    When it asks to remove all checked items, Press "OK"
    Close Ad-aware, reboot your system and go on to Step 2 below.


    Spybot S&D
    The download for Spybot S&D is available here: http://www.computercops.biz/downloads-file-108.html

    Install by double-clicking on the downloaded file.
    Run Spybot S&D from desktop icon or Start menu.
    Press "Search for updates" button to get list of updates available.
    Press "Download updates" button.
    Close all IE windows and close & restart Spybot S&D.
    Press "Check for problems" button.
    Have SpyBot remove all it marks in red by pressing "Fix selected problems".

    Close Spybot S&D, reboot your system .

    Empty your Temporary Internet Files and history in Internet Options. And clean out your
    %Userprofile%\Local Settings\Temp
    folder. It's a good idea to do that regularly.

    Then Disable system restore: Instructions here
    Reboot

    Enable System Restore.

    Pls. post another log. - but pls. save your HijackThis in its OWN folder - like C:\HijackThis.
     
Thread Status:
Not open for further replies.