1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Kazaa-b-gone problem

Discussion in 'Virus & Other Malware Removal' started by Lambdaphi874, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Lambdaphi874

    Lambdaphi874 Thread Starter

    Joined:
    Jul 22, 2003
    Messages:
    73
    Hey, i was trying to take Kazaa off of my friends computer and the internet stopped working after that. When i used the program it said that it couldn't delete C:\program files\newdotnet and C:\program files\downloader couldn't be deleted because they were in use. This is the site where I got the file from, i used what i thought was the same program on my computer and it worked but this one apparently messed it up. I've heard that kazaa has dll's associated with the internet and i figure something along those lines happened with this. How am I supposed to fix it without access to the net on that computer?? Thanks for the help, and here's the site that i got the kazaa-b-gone from...

    http://www.hot-cab.com/security.htm

    Thanks for the help....
     
  2. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    Maybe you could try uninstalling and deleting thos efiles in safe mode.
    How to start in Safe Mode

    If your friend doesn't have the latest HijackThis d/l'ed can you maybe save a copy of HT zip and try get a log from their machine that you can save and post here from your pc?
     
  3. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Download both LSPFix www.cexx.org/lspfix.zip and Hijack This www.tomcoyote.org/hjt/ to a floppy disk , copy both to your friend's computer. Run LSPFix to resore internet-connectivity. Unzip Hijack This to the Desktop , Scan Hijack This for a log only , ( Don't fix or uninstall anything yet ) Press scan , Scan button becomes Save Log button , Save the log ( NotePad ) to the Desktop . Have your friend return here to the Security Forum and Post a new thread with the Hijack This Scanlog , Someone will gladly offer assistance with the correct removal of Kazaa and it's associated garbage.

    Good luck
     
  4. Lambdaphi874

    Lambdaphi874 Thread Starter

    Joined:
    Jul 22, 2003
    Messages:
    73
    I'll try that LSP fix thing..here's the log...

    Logfile of HijackThis v1.97.2
    Scan saved at 3:51:40 PM, on 10/1/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AIM95\aim.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Netropa\OSD.exe
    C:\Documents and Settings\Prince\Desktop\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPAL~1.0EV\FpLaunch.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Dell Home (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O16 - DPF: Win32 Classes -
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  5. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
    The LSPfix is needed to get connecton back. Make sure to include all references to new.net in the fix. To be sure, reboot and goto add/remove programs and uninstall new.net.

    That should be connectivity sorted then.

    I'm not sure about this entry, and according to the info in the link I've provided microsoft haven't fully tested this yet. Probably best to ignore unless you're specifically suffering from the problem that is described in the link.
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
    mosearch mosearch.exe Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here


    These 2 can be fixed in HijackThis:
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"
    O16 - DPF: Win32 Classes -
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...meInstaller.exe
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168392

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice