Jump to content


Photo

please help


  • This topic is locked This topic is locked
12 replies to this topic

#1 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 June 2004 - 08:33 AM

My computer is acting very strange and has a new tool bar .. could you please check my log and tell me what to do, I have just run a adaware scan and it says that there are lots of things on it that it cannot delete and I don't know what else to do to get rid of them. I am also having trouble signing into my MSN messenger. My son has downloaded Kazaa, I've been told that this can cause a lot of the problems that we're getting ... is it possible to delete this and replace it with Kazaa-lite?

Any help or advice is much appreciated as the computer is running very slow and has lots of problems and pop-ups, it seems to take me to other pages and stops me from getting on some ... please help

Thanks


Betty

Logfile of HijackThis v1.97.7
Scan saved at 14:33:06, on 22/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\scrnsize.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\suzy\Local Settings\Temp\Temporary Directory 11 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.co...rchPageHome.htm
R3 - Default URLSearchHook is missing
F1 - win.ini: run=c:\windows\system32\scrnsize.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.9.0\HbHostIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.9.0\HbHostIE.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Scrnsize] c:\windows\system32\scrnsize.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.9.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.4.9.0\Hbinst.exe /Upgrade
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Helpex32] c:\windows\system32\helpex32.exe
O4 - HKCU\..\Run: [Diskinf] c:\windows\system32\diskinf.exe
O4 - HKCU\..\Run: [Scrnsize] c:\windows\system32\scrnsize.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Edited by bettyboo, 23 June 2004 - 05:58 AM.


#2 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 25 June 2004 - 02:07 AM

I know that you are all very busy, but could someone please help me ... looking at my log I can probably guess some of things that need to be deleted but I am reluctant to check anything for fixing until someone who knows a bit more about computers than me takes a look.

I have run the adaware but like I said it tells me that there are some things on there that it cannot delete :unsure: this sounds like it may be serious.


Thank you

#3 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 29 June 2004 - 11:00 AM

:weep: I am still having huge problems with my computer, it won't let me download any virus scanner and it still has extra toolbars .... can anyone please point me the right direction to get some help?

Thanks you


Bettyboo

Edited by bettyboo, 29 June 2004 - 11:00 AM.


#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 29 June 2004 - 02:24 PM

Kazaa is probably the root cause of your problems! It is a regular vermin farm, and Kazaalite sill uses the infested Kazaa network, besides being is an illegal cracked program that will not be suggested on this site. A spyware free alternative is WinMX.

When uninstalling Kazaa, also uninstall P2P networking. If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.co...rchPageHome.htm
R3 - Default URLSearchHook is missing
F1 - win.ini: run=c:\windows\system32\scrnsize.exe

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.9.0\HbHostIE.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.4.9.0\HbHostIE.dll


O4 - HKLM\..\Run: [Scrnsize] c:\windows\system32\scrnsize.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.9.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.4.9.0\Hbinst.exe /Upgrade
O4 - HKCU\..\Run: [Helpex32] c:\windows\system32\helpex32.exe
O4 - HKCU\..\Run: [Diskinf] c:\windows\system32\diskinf.exe
O4 - HKCU\..\Run: [Scrnsize] c:\windows\system32\scrnsize.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

Reboot and delete

files
c:\windows\system32\scrnsize.exe
c:\windows\system32\helpex32.exe
c:\windows\system32\diskinf.exe

folders
C:\Program Files\Hotbar

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 02 July 2004 - 06:56 AM

Done everything that you have told me. Computer is going a lot faster but still cannot get onto the msn messenger ... refuses to let me sign in ... it says system error or something.

How do I get rid of Kazza and the P2P networking? ... I've tried to odoit through add and remove programs but it won't let me :( what do I do??

Is my log cleaner now?

Thank you

Betty




Logfile of HijackThis v1.97.7
Scan saved at 12:44:18, on 02/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mousebut.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Documents and Settings\suzy\Local Settings\Temp\Temporary Directory 21 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
F1 - win.ini: run=c:\windows\system32\mousebut.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Vid32cntl] c:\windows\system32\vid32cntl.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - HKCU\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

Edited by bettyboo, 02 July 2004 - 07:17 AM.


#6 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 02 July 2004 - 07:56 AM

Just tried to download Kazaabegone [http://spywareinfo.c...azaabegone.zip] so that I could get rid of Kazaa once and for all, but I cannot get it to download ... it keeps saying 'cannot find server' :techsupport: is there something else I can use??

Edited by bettyboo, 02 July 2004 - 07:57 AM.


#7 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 07 July 2004 - 11:11 AM

:weep:

Edited by bettyboo, 07 July 2004 - 11:11 AM.


#8 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 07 July 2004 - 02:44 PM

First, uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

F1 - win.ini: run=c:\windows\system32\mousebut.exe

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Vid32cntl] c:\windows\system32\vid32cntl.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Mousebut] c:\windows\system32\mousebut.exe
O4 - HKCU\..\Run: [Mousebut] c:\windows\system32\mousebut.exe

Reboot and delete

files
c:\windows\system32\mousebut.exe

folders
c:\program files\altnet
C:\WINDOWS\System32\P2P Networking

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#9 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 07 July 2004 - 05:03 PM

Logfile of HijackThis v1.97.7
Scan saved at 22:47:37, on 07/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\suzy\Local Settings\Temp\Temporary Directory 25 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

#10 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 08 July 2004 - 11:05 AM

computer working better but still can not get onto msn window messager. it wont let me get rid of kassa from the add and remove bit

#11 bettyboo

bettyboo

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 July 2004 - 06:01 PM

when i go onto add and remove to get rid of kazza it comes up with install shield [r] setup launcher

#12 JG427

JG427

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,020 posts

Posted 09 July 2004 - 06:34 PM

Just tried to download Kazaabegone  [http://spywareinfo.c...azaabegone.zip] so that I could get rid of Kazaa once and for all, but I cannot get it to download ... it keeps saying 'cannot find server'  :techsupport:  is there something else I can use??

alternate download sites for kazaabegone

http://www.spychecke.../kazaagone.html
http://www.majorgeek...wnload3446.html
http://www.snapfiles.../kazaagone.html
Posted Image
-----------Posted Image

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 22 November 2005 - 10:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button