please help!

mentally_ill · 07-01-2004, 03:52 AM

Ok where do i start...

Firstly, i have installed Spybot Search and Destroy and Ad-Aware and run them both, but after removing everything i found, and re-installing kazaa (along with diet kazaa which i use...) but the problems just got worse.

- I have been having problems with web pages with ActiveX
- I have had a "mysearchbar" page come up when i start Internet Explorer
- I keep getting messages saying my hard drive space is low when i HAD 800MB free
- It keeps coming up with messages about the pagefile or something
- I have found directory's with porn appear on my computer, and a bunch of videos 0k in size
- an entire directory that was full of stuff is now empty!
- the computer gows EXTREMELY slow compared to normal
- notepad seems to not be working and programs can't find it
- pages havn't been loading, or only certain ones do

Also i am in a house where 2 computers are connected to ADSL through a router if that makes any difference.

Here's the log from HijackThis:

Also, it came up with this error while scanning: "An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=C:\WINDOWS\control.ini, sSection=don't load, sValue=inetcpl) Error #5 - Invalid procedure call or arguement"

-----------------------------

Logfile of HijackThis v1.98.0
Scan saved at 10:15:05 p.m., on 1/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Jamie\Application Data\owdc.exe
D:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\ICQ\Icq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamie\Desktop\HijackThis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0B5A19-0029-45E7-A82E-5C1AEE88EF55}: NameServer = 192.168.7.1,202.27.184.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C0B5A19-0029-45E7-A82E-5C1AEE88EF55}: NameServer = 192.168.7.1,202.27.184.5

----------------------------

If there's anything else you need to know let me know, but i seriosly need help! I have assignments due and i'm having trouble because my computer is going so slow and it takes AGES to load anything, then usually locks up or something...

Will950 · 07-01-2004, 07:09 AM

I hate to tell you this, but it looks like you need a Cold beer and a format\reinstall! I could tell you what needs to get done but honestly it would not fix your problem completely. What you have is a REAL bad case of spyware, the search forum is easily fixed, active X needs a reload, your hard drive is getting low, your page file is easily fixed,the porn dirs are because of spyware, dir full of stuff is probally still there but because you computer is so slow you can't see it, spy ware will make you computer slow as hell, notepad offten gets attacked by spyware, I'll sume it all up. SPYWARE, and lots of it. format that computer and start over, hen get adware pro with adwatch, and a good virus scanner and start loading stuff back on. If you use Kazza, get rid of it as soon as you download Kazza lite.

Just some advice- let me know how it turns out

mentally_ill · 07-01-2004, 11:52 AM

Well i feared i would have to do that, and i've already started backing things up. I just have a few questions though.

1) What is the best anti-virus to use (currently i have Norton Antivirus 2004 but it seems a bit resource hungry...)

2) Is Adware Pro the 'Lavasoft Ad-aware' software? and is it the best one to use for stopping adware/spyware from getting on the computer, (i have heard that Spybot S&D is good aswell)?

3) My friends still using kazaa lite have been complaining of slower download speeds, is there a new version that doesn't have this problem?

4) What is the best firewall program to use that isn't too resource hungry?

Thanks heaps for the fast reply too. Ya see the other computer in the house is full of it too, so you really did us two favours =)

I'll let ya know how it goes...

~~Lobos~~ · 07-01-2004, 09:44 PM

hi mentally_ill

welcome to TSF

uninstall through your control panel add/remove programs

this contains Lop malware please uninstall

Messenger Plus! 3

spykiller.exe this one produces false positives used as goad to purchase
--------------------------------------------------------------------------

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

-----------------------------------------------------------------------------------------------------------------------------------

To enable the viewing of Hidden files follow these steps:

How to see Hidden files and Folders

reboot into safe mode

How to boot into safe mode

delete

these file

C:\Documents and Settings\Jamie\Application Data\owdc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\netdd.exe

these folders

delete both of thesefolder if there and if you decided to not keep them
D:\Program Files\SpyKiller
D:\Program Files\Messenger Plus! 3

empty your recyle bin

reboot to normal
--------------------------------------------------------------------------------
Click here to download AdAware 6 181

Run AdAware
Before you scan with AdAware, check for updates of the reference file 01R325 27.06.2004
by clicking Check for updates now, and following the prompts.

Now to set it up for optimum performance...

Make sure the following settings are configured. Remember that ON=GREEN.

From main window click Start | Activate in-depth scan.

Then click Use custom scanning options | Customize and have these options switched ON...

Scan within archives
Scan active processes
Scan registryDeep scan registry
Scan my IE Favourites for banned URLs
Scan my host-files

Then click the Settings button.. (the gear icon on the top row) then Tweak | Scanning engine and check..

Unload recognised processes during scanning.
Cleaning engine.
Let windows remove files in use at next reboot.

and uncheck..

Automatically try to unregister objects prior to deletion.

Then click Proceed, to save your settings.

Now click the Scan button.

When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them
Restart your computer

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spybot - Search & Destroy 1.3

Then go Click here and download Spybot Search & Destroy 1.3

Install the program and launch it.

Before scanning press Online and Search for Updates.

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

come back and post a fresh log and tell me how you computers running

Lobos

Will950 · 07-02-2004, 07:20 AM

yeah adaware pro is the Lavasoft, it is good same as spybot. I use norton 2004 as well, seems to work for me. Kazza lite is the same as Kazza but it does not support ads and spyware. Get your self a little linksys router that has a firewall in it, they work very well without taking up resources.

Kazza as I have learned dishes out speed acording to your part. level. If it is below 500 your speeds will drop, I have mine up to 1000. It does seem to be a bit slower than the normal version but It does not send me spyware programs as well. I had a computer with Kazza on it, all I used it for was downloading DVDs, the system started to act funny (stoped playing DVDs) so I ran adaware on it, after 2 hours it found over 6,000 spyware on the pc. I formated and never used kazza again, just kazza lite. I have not had a problem

07-01-2004, 03:52 AM	#1 (permalink)
mentally_ill Registered User Join Date: Jul 2004 Location: New Zealand Posts: 2 OS: XP	please help! Ok where do i start... Firstly, i have installed Spybot Search and Destroy and Ad-Aware and run them both, but after removing everything i found, and re-installing kazaa (along with diet kazaa which i use...) but the problems just got worse. - I have been having problems with web pages with ActiveX - I have had a "mysearchbar" page come up when i start Internet Explorer - I keep getting messages saying my hard drive space is low when i HAD 800MB free - It keeps coming up with messages about the pagefile or something - I have found directory's with porn appear on my computer, and a bunch of videos 0k in size - an entire directory that was full of stuff is now empty! - the computer gows EXTREMELY slow compared to normal - notepad seems to not be working and programs can't find it - pages havn't been loading, or only certain ones do Also i am in a house where 2 computers are connected to ADSL through a router if that makes any difference. Here's the log from HijackThis: Also, it came up with this error while scanning: "An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=C:\WINDOWS\control.ini, sSection=don't load, sValue=inetcpl) Error #5 - Invalid procedure call or arguement" ----------------------------- Logfile of HijackThis v1.98.0 Scan saved at 10:15:05 p.m., on 1/07/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe D:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Documents and Settings\Jamie\Application Data\owdc.exe D:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe D:\Program Files\Speed Disk\nopdb.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\ICQ\Icq.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jamie\Desktop\HijackThis.exe C:\WINDOWS\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) F0 - system.ini: Shell= F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] D:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28177.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28177.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0B5A19-0029-45E7-A82E-5C1AEE88EF55}: NameServer = 192.168.7.1,202.27.184.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{8C0B5A19-0029-45E7-A82E-5C1AEE88EF55}: NameServer = 192.168.7.1,202.27.184.5 ---------------------------- If there's anything else you need to know let me know, but i seriosly need help! I have assignments due and i'm having trouble because my computer is going so slow and it takes AGES to load anything, then usually locks up or something...

07-01-2004, 11:52 AM	#3 (permalink)
mentally_ill Registered User Join Date: Jul 2004 Location: New Zealand Posts: 2 OS: XP	Well i feared i would have to do that, and i've already started backing things up. I just have a few questions though. 1) What is the best anti-virus to use (currently i have Norton Antivirus 2004 but it seems a bit resource hungry...) 2) Is Adware Pro the 'Lavasoft Ad-aware' software? and is it the best one to use for stopping adware/spyware from getting on the computer, (i have heard that Spybot S&D is good aswell)? 3) My friends still using kazaa lite have been complaining of slower download speeds, is there a new version that doesn't have this problem? 4) What is the best firewall program to use that isn't too resource hungry? Thanks heaps for the fast reply too. Ya see the other computer in the house is full of it too, so you really did us two favours =) I'll let ya know how it goes... Last edited by mentally_ill : 07-01-2004 at 12:00 PM.

07-01-2004, 07:09 AM	#2 (permalink)
Will950 Member Join Date: Jun 2004 Location: U.S. Virgin Islands Posts: 38 OS: 200-2003	I hate to tell you this, but it looks like you need a Cold beer and a format\reinstall! I could tell you what needs to get done but honestly it would not fix your problem completely. What you have is a REAL bad case of spyware, the search forum is easily fixed, active X needs a reload, your hard drive is getting low, your page file is easily fixed,the porn dirs are because of spyware, dir full of stuff is probally still there but because you computer is so slow you can't see it, spy ware will make you computer slow as hell, notepad offten gets attacked by spyware, I'll sume it all up. SPYWARE, and lots of it. format that computer and start over, hen get adware pro with adwatch, and a good virus scanner and start loading stuff back on. If you use Kazza, get rid of it as soon as you download Kazza lite. Just some advice- let me know how it turns out

07-01-2004, 09:44 PM	#4 (permalink)
~~Lobos~~ Troubled Join Date: Apr 2004 Location: California Posts: 943 OS: Windows XP	hi mentally_ill welcome to TSF uninstall through your control panel add/remove programs this contains Lop malware please uninstall Messenger Plus! 3 spykiller.exe this one produces false positives used as goad to purchase -------------------------------------------------------------------------- Run hijack this put a check next to these close all browsers and hit fix Make sure not to miss one R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jamie\LOCALS~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netde.exe O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKLM\..\Run: [Setup experation] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [xload32] C:\WINDOWS\System32\netdd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Tcap] C:\Documents and Settings\Jamie\Application Data\owdc.exe O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab ----------------------------------------------------------------------------------------------------------------------------------- To enable the viewing of Hidden files follow these steps: How to see Hidden files and Folders reboot into safe mode How to boot into safe mode delete these file C:\Documents and Settings\Jamie\Application Data\owdc.exe C:\WINDOWS\svchost.exe C:\WINDOWS\System32\netdd.exe these folders delete both of thesefolder if there and if you decided to not keep them D:\Program Files\SpyKiller D:\Program Files\Messenger Plus! 3 empty your recyle bin reboot to normal -------------------------------------------------------------------------------- Click here to download AdAware 6 181 Run AdAware Before you scan with AdAware, check for updates of the reference file 01R325 27.06.2004 by clicking Check for updates now, and following the prompts. Now to set it up for optimum performance... Make sure the following settings are configured. Remember that ON=GREEN. From main window click Start \| Activate in-depth scan. Then click Use custom scanning options \| Customize and have these options switched ON... Scan within archives Scan active processes Scan registryDeep scan registry Scan my IE Favourites for banned URLs Scan my host-files Then click the Settings button.. (the gear icon on the top row) then Tweak \| Scanning engine and check.. Unload recognised processes during scanning. Cleaning engine. Let windows remove files in use at next reboot. and uncheck.. Automatically try to unregister objects prior to deletion. Then click Proceed, to save your settings. Now click the Scan button. When scan is finished, check the little box to the left of each entry to select them for removal, and get rid of them Restart your computer ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Spybot - Search & Destroy 1.3 Then go Click here and download Spybot Search & Destroy 1.3 Install the program and launch it. Before scanning press Online and Search for Updates. Put a check mark at and install all updates. Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED. Restart your computer. come back and post a fresh log and tell me how you computers running Lobos

07-02-2004, 07:20 AM	#5 (permalink)
Will950 Member Join Date: Jun 2004 Location: U.S. Virgin Islands Posts: 38 OS: 200-2003	yeah adaware pro is the Lavasoft, it is good same as spybot. I use norton 2004 as well, seems to work for me. Kazza lite is the same as Kazza but it does not support ads and spyware. Get your self a little linksys router that has a firewall in it, they work very well without taking up resources. Kazza as I have learned dishes out speed acording to your part. level. If it is below 500 your speeds will drop, I have mine up to 1000. It does seem to be a bit slower than the normal version but It does not send me spyware programs as well. I had a computer with Kazza on it, all I used it for was downloading DVDs, the system started to act funny (stoped playing DVDs) so I ran adaware on it, after 2 hours it found over 6,000 spyware on the pc. I formated and never used kazza again, just kazza lite. I have not had a problem