Jump to content


Photo

Kazaa messed up my computer :(


  • This topic is locked This topic is locked
2 replies to this topic

#1 ElaineFromLA

ElaineFromLA

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 July 2004 - 03:52 PM

Hi All!!
I posted this issue at computing.net and was redirected here. Like an idiot I downloaded Kazaa and now my computer is on strike. I discovered all the adware and popups the other day. When I attempt to run Norton, spybot, adaware or even housecall at trendmicro's site...my windows XP shuts down and restarts. I have gotten rid of several ad programs....cydoor, perfectnav....and even though I did extra manual steps beyond what Gain's site says...Bazooka is telling me I still have Gain in my computer.

I am basically at your mercy. From 1995 until this past January I have never had virus or ad issues....January I loaded Norton Antivirus and have had several to the point I have taken my computer in...upgraded to XP and had costly virus work. So on top of your expertise...would you suggest your favorite virus protection. I hate Norton's pop ups telling me something is trying to gain access to the internet or vice versa. What good is it if I have no idea what it is??? The pop up warning gets to be more annoying then the pop ups.

THANK YOU IN ADVANCE!!!
Elaine
Here is my Hijack log...it's fresh:





Logfile of HijackThis v1.98.0
Scan saved at 1:45:31 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Elaine\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kephyr.co...nav/index.phtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1li...h/weblaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....12119/CTPID.cab

#2 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 11 July 2004 - 10:44 PM

Hi, Elaine,

So you have been to the GAIN website to review their removal procedure and read what applications are supported?
Okay, then let's try this:

Open Task Manager and see IF you notice any of those applications such as:
Gator, Dashbar, Precision Time, Weatherscope... and others noted on GAIN's site. End the processes in Task Manager.
(although I do not see them in your log)

Run HJT and check to fix these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Your choice to remove this one:
Wild Tangent:
Read here:http://www.answersthatwork.com/
http://www.kephyr.co...ent/index.phtml
Do you use Wild Tangent? You decide if you want check to fix the installer.
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lim/install.cab
Reboot.

Clean out the temps:
Please delete your temporary files by deleting all files and folders that are in those folders (Do not delete the temp folder itself)
For example:
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, being sure to also select "Delete All Offline Content".

Purge System Restore.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore back on. A new Restore Point will be created.

Try running Ad-aware, Spybot, and Housecall.

Problem gone?
Microsoft MVP - Consumer Security

#3 Spewi

Spewi

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 August 2004 - 09:34 PM

would you suggest your favorite virus protection. I hate Norton's pop ups telling me something is trying to gain access to the internet or vice versa

Hello Elaine

Norton AntiVirus does not inform you if a program is trying to connect to the internet. However Norton Internet Security does as it is a combination of Norton AntiVirus and Norton Personal Firewall. It is the firewall portion that is alerting you.

I don't like Norton Personal Firewall, I find it very annoying and more difficult to configure than the free ZoneAlarm firewall. As a result, I don't like Norton Internet Security, even though I sell it... :thumbsdown:


In my personal opinion, Norton AntiVirus 2004 is the best antivirus software that money can buy. Though I do advocate turning off the Spyware Threats scanning since it cannot really do anything for most of them anyway.
AVG AntiVirus by GriSoft is about the best free anti virus that I have seen.

A combination of 'Spyboy Search and Destroy' and 'Spy Sweeper' seems to be one of the most effective combinations of spyware removal and protection that I have come across. Though the best protection would require a yearly subscription to Spy Sweeper...

Actually, compared to most of the systems I deal with on a daily basis, your computer is practically virgin clean...


The only ones that I would worry about are:
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
and the two IM trayicons...
And none of those are harmfull in anyway
Though while you are in msconfig, you could remove them from startup and see how things go...


if you are having problems running a scan, boot into "safemode with networking" by repeatedly hitting F8 during the boot process (if you see the Windows XP screen, you've missed it) then moving the highlight up to safemode with networking. This is my standard way of running a housecall.trendmicro.com

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button