|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
May 26th, 2004, 12:36 AM
|
||||
|
||||
I Need Answers :)
i decided to ditch kazaa and use limewire since my friend recommended it. I am tryint ot install it but i cant cause there comes a notive stating:
an error has occured while downloadin a file : http://installengine.com/cert20/isengine/isscript.msi I try to retry but it still wouldnt work 
|
|
#2
May 26th, 2004, 12:54 AM
|
|||
|
|||
|
A lot of people need answers here, that's the nature of this forum, but for the most part, if anyone does have questions to ask, they tend to use a little more respect/politeness towards all the great helpers here, it doesn't cost a thing to maybe say "Please Help", or words to that effect. Saying "I Need Answers" isn't exactly the most subtle way of starting a post!!
|
|
#3
May 26th, 2004, 12:58 AM
|
||||
|
||||
|
Did you remove kazaa completely? Run an HJT log, so we can take a look.
Hijack This http://tomcoyote.com/hjt/ Click the above link, and a dialog box will open, choose ‘open’. It will down load click on SAVE. Save it the hard drive, make a new folder for it called 'hijack this'. Then after it's saved, double click on it to open it. Then click ‘scan’ and it will scan. Do not fix anything. Click ‘save log’ and save it to your 'hijack this' folder as a .txt file. Then open that file and copy and paste all the information into your thread. Someone will review it and let you know what needs to be fixed. Don't fix anything yet and post the log back into this same thread and if my directions seem a bit...obscure read the directions on the right side of the screen when you get to that link
|
|
#5
May 26th, 2004, 01:34 AM
|
||||
|
||||
|
Logfile of HijackThis v1.97.7
Scan saved at 8:32:44 PM, on 25/05/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\taskswitch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\kdyobr.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [bxdhjzvgagt] C:\WINDOWS\System32\kdyobr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Instant Messenger (TM) (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25e3177ed30cf50...p/RdxIE601.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...905.7433912037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O19 - User stylesheet: C:\WINDOWS\color.css here it is... and lufbra i didnt mean it like that ... but watever if it offended you srri... it was more like a desperate cry for help 
|
|
#7
May 26th, 2004, 01:40 AM
|
||||
|
||||
|
Guys....there's a smiley at the end of his 'I need answers'. I am like that too, I spew out words before I think and people take that as rude...when it's just me being over zealous or honestly....unthinking. I'm not making excuses, I'm just speaking from experience.
 And that's an awfully sad face at the beginning of 'I need answers'
|
|
#10
May 26th, 2004, 03:30 AM
|
||||
|
||||
|
TMAC:
Re-run Hijack this and put check marks next to the below entries then click 'fix checked' 02 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [bxdhjzvgagt] C:\WINDOWS\System32\kdyobr.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/25e3177ed30cf5...ip/RdxIE601.cab O19 - User stylesheet: C:\WINDOWS\color.css OK, i've edited this so many times, i'm surprised that something doesn't pop out of the computer to slap me. IN safe mode, delete these files. Safe mode: as soon as you reboot, start tapping F8 repeatedly, a window will load asking you how you want to start, choose safe mode. Search for these files and delete them. C:\WINDOWS\System32\kdyobr.exe C:\WINDOWS\color.css SOUNDMAN.EXE (all caps, nost soundman.exe) Then run the below scan to find whatever I may have missed Trendmicro: http://housecall.trendmicro.com/ choose ‘scan now it’s free’ then have it fix whatever it finds. Another thing is, after we get your system clean, you will need to dump the restore files, so don't let me forget to tell you about that. Last edited by Melodi; May 26th, 2004 at 05:00 AM.
|
|
#13
May 26th, 2004, 11:48 PM
|
||||
|
||||
|
umm k i think i followed everythign ya told me to do (btw the things ya told me to look for in the safemode thingy didnt work well i didnt find the programs) in addition everytime i fix the things in HJT, the nxt day my website still gets hijacked. also the url you gave me i try scanning wit it but my computer says there is something wrong with it and it closes all internet programs. . . lol why are comps SO complicated . . . lol
Last edited by tmac_no1; May 26th, 2004 at 11:49 PM. Reason: wrote something wrong
|
|
#14
May 26th, 2004, 11:55 PM
|
||||
|
||||
|
Hmmmm, well in the Spanish language every object is given a 'sex' and turns out that the computer is a female...That may explain something...Sorry girls...but I admit I'm often complicated. TMAC I'm going to have a friend of mine look at your posts and see what he says and I will be back to you. Did you turn off system restore? Did you go to windowsupdate and do all the critical updates? Is your XP firewall turned on. To do this go to the control panel and double click network connections, then right click on your connection then choose properties. In the advanced tab is a check box for the firewall.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| No answers? | Grabster | Windows 7 | 2 | April 19th, 2013 03:13 AM |
| Top 5 Smartest Answers | itschahat | Jokes Forum | 2 | June 5th, 2007 01:32 PM |
| Coflicting answers... | Mambonuts | Hardware | 8 | October 22nd, 2006 12:20 AM |
| In need of answers? | bAdWaYz | Open Discussion | 3 | July 22nd, 2005 02:19 PM |
All times are GMT +1. The time now is 03:39 PM.