0

i downloaded kazaa and ever since ive been getting popups so i delted it ran lavasoft adware remover and spybot but they keep on popping up...can someone please help me its driving me insane!

11
Contributors
30
Replies
31
Views
13 Years
Discussion Span
Last Post by Zanatose
0

i downloaded kazaa and ever since ive been getting popups so i delted it ran lavasoft adware remover and spybot but they keep on popping up...can someone please help me its driving me insane!

mate if i were you i would definetly unnistall KAZAA and install KAZAA LITE RESSURECTION here. kazaa is full of spyware and is pretty pants ive been using klite for about 2 years now and recently upgraded to KLR (kazaalite resurrection) and it rocks.
Id also install spybot S&D, update and run and delete the spyware it finds and you should also reinstall adaware.
at least run both of these and then let us know the results!
:D

0

i deleted kazaa and the pop ups still keep continuing...i forgot to put that in my first post but i ran the kazaa be gone and ill let you know if it stops

0

run msconfig from the run prompt....on most computers your computer will run just fine if you disable everything...the coorpiartion computers cant though

0

You might also want to disable the Windows Messeging service (*NOT* Windows Messenger) since a lot of spammers now utilize the smb service to run ads.

Also check the registry to see what programs/services/apps are being started at boot time (which can be done via Spybot and Ad-Aware, if you choose to use them.)

0

well the kazaa be gone didnt work...and the soulseek link didnt work. when you sya windows messagine do you mean AIM? are there any other things that i can do?

and if seeing my hijack this log would help just ask

0

when you sya windows messagine do you mean AIM?

No, I mean the Windows SERVICE called "messenger."

Start | Settings | Control Panel | Administrative Tools | Services

Find and disable the service called "messenger."

(AIM = AOL Instant Messenger)

0

i downloaded kazaa and ever since ive been getting popups so i delted it ran lavasoft adware remover and spybot but they keep on popping up...can someone please help me its driving me insane!

You should download and run the following utilities from Gibson Research: DCOMbob.exe, ShootTheMessenger.exe, and uPNP.exe. The first one shuts off the DCOM/RPC function that Blaster/Nachi/Welchia uses to infect systems, the second shuts off the Messenger service (which is not the same as AIM, MSN Messenger. or Yahoo! Messenger) to prevent spam pop-ups (and is likely giving you your problems), and the third turns off Universal Plug-and-Play, a security risk. All of these procedures are reversible, of course.

0

that Gibson research thing is somewhat confusing...ive noticed that when other people have posted about pop ups someone asks for their hijack this log. would it help if i posted mine?

0

that Gibson research thing is somewhat confusing...ive noticed that when other people have posted about pop ups someone asks for their hijack this log. would it help if i posted mine?

I don't want to sound condescending or denigrate your computer skills, but I am trying to make it as easy as possible for you here.

In this case. it is as easy as it can be, thanks to Steve Gibson. Here's what you do:

* Go to http://grc.com/default.htm
* Go to the middle of the page. You will see large screen icons for the three programs I mentioned earlier.
* Click on each in turn to run it. You see, because they are the uncompressed executables, they don't even need to be installed -- when the download dialog opens, simply choose Open instead of Save.
* Each program offers tests, so you can check each function before you turn it off.

While a HijackThis log may be useful in general, I don't think it's that kind of problem. Of course, I could be wrong. In any case, the Gibson utilities should be run on all XP installs.

0

its ok i dont think your trying to denigrate my computer skills its just that i went to the site and tried the DCOM one and i enabled it and it told me to restart my comp so i did and then it wasnt enabled and i wasnt sure what to do so i tried the tests and the Local one said nothing was present on my comp and then the Remote port test sent me to some site which i wasnt sure what to do so im just unsure of what im supposed to do...whats my next step with those sites?

oh and you said it runs on all XP installs i have 2000 so idk if that would make it any difference :/

0

i did the site again and got the DCOM disabled and my port is in stealth mode which it says might be due to firewall but yea i guess ill wait to see if the pop ups stop

0

try the soulseek link in my profile, it should take you to the home page (ive tested it) goto the "news" link and at the top of that page there should be a hyperlink called "here" that is the latest ver of slsk. If that doesnt work go back to the haomepage and click downloads there youll find the version im on (152)

if this sounds complicated its not the page is very easy to navigate

0

what exactly is soulseek?
and the google search bar thing. is the pop up blocker only for blocking popups from internet sites? because im getting the popups when my IE isnt open

and heres my hijack this log

Logfile of HijackThis v1.97.7
Scan saved at 12:45:12 PM, on 2/26/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\woqhcinm.exe
C:\Program Files\AIM+\AIM+.exe
C:\Documents and Settings\Administrator\Application Data\ecue.exe
C:\WINNT\system32\wapisvsu.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soulseek\slsk.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6B4F55CD-E8E8-BABC-567A-B97D4FDC3A94} - C:\WINNT\system32\twlrbhkd.dll
O2 - BHO: (no name) - {9087892C-912F-4B54-A612-B52275B48052} - C:\WINNT\system32\mll_qmic.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D8B1AACB-1C65-A9E1-FAAA-BAA8B436B837} - C:\WINNT\system32\ozhrrrol.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [mctdepfp] C:\WINNT\woqhcinm.exe
O4 - HKLM\..\Run: [HOVCJQ] C:\WINNT\HOVCJQ.exe
O4 - HKLM\..\Run: [zzb] c:\WINNT\System32\zzb.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKLM\..\RunServices: [Windows Media Player] wmplay32.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINNT\System32\
O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - HKCU\..\Run: [zzb] c:\WINNT\System32\zzb.exe
O4 - HKCU\..\Run: [Sius] C:\Documents and Settings\Administrator\Application Data\ecue.exe
O4 - HKCU\..\Run: [WTSS] C:\WINNT\system32\wapisvsu.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37582.6713194444
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/overball/install.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

0

and if you dont want the google toolbar (its basically google right there in your browser where you are) you could look here for some free pop-up blockers and free trial versions aswell:D

0

i would recommend google pop up blocker to anyone, its the best pop up blocker AND it has a google search bar that you type stuff in and it takes you to google and shows you the results (very handy)

0

there are a number of things in the log that need fixing ,but i have to go to work now ,will get time later to help you with it .

Also don't run hijack from the zip unzip to its own folder so it will be able to make backups
C:\unzipped\hijackthis[1]\HijackThis.exe

0

WIN MX is the best no add P2P check it out... and of course get spy bot - search and destroy... to get ride of all the ads and spyware you downloaded and will download in the future. and if you have an open connection to the internet get a firewall i use Zone Alarm only couse its free im all about free... and GET RIDE OF KAZAA in the long run your slowly killing your computer take it from one who used Kazaa to send trojans etc. ...

0

WIN MX is the best no add P2P check it out...

i tried win mx figuring i couldnt comment until i did. and i promptly unnistalled its poorly laid out!! besides trojans and the like can be sent in ANY file its tw*ts who send for malicious reasons to ruin the experience for other people and exploit peoples knowledge of internet security. after all trial and error is how most people learn and unfortunately we soon learn about internet security!!?
kazaa lite resurrection has a filter to filter "suspicious" folders as do all kazaa lite programs and no spyware/adware and no ads to me its the best filesharing program and i have tried a few:D

no hard feelings
just my 2 pence

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.