aright, i've gotten here and this teen ran into a stone wall

Kwitko

Any virus scanner should have detected and removed this. I don't see any AV software running on your machine. If that's the case, you should get something on there ASAP. In the meantime, you can use a quick online scanner like Trend Micro's HouseCall.

Report back to us after you've run a virus scan.

Distovol

hey man do you have another link to a virus scanner because I get a stupid Internet Explorer error msg when I try to run it...thx

Distovol

hey wait, i did a bitdefender virus scan and it took 20 min but it scanned my entire computer and found d2ke.exe and d2ka.exe. it also found kazaabackupfiles//download_me.exe
but i still go to that stupid website if i go to www.sdfasdfajsdfaksjdflkjbxbxcv.com, plz help..

Distovol

OH NO IT'S ALL BACK, EVERYTHING CAME BACK, I DONT KNOW WHAT TO DO, SOMETHING KEEPS REPRODUCING THEM
Logfile of HijackThis v1.97.7
Scan saved at 12:22:47 PM, on 6/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
E:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
F:\Program Files\Kazaa Lite\clean.kmd
E:\Program Files\Adaware 6\Ad-aware 6\Ad-watch.exe
E:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.counter-strike.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.counter-strike.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {322B3F9E-9FCC-4065-B803-FD339E860B6F} - C:\WINDOWS\System32\kjcdcfa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] E:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] E:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [VOBID] E:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] E:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Remote Control] E:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam.exe -silent
O4 - HKCU\..\Run: [Iomega Automatic Backup] E:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

profdlp

Did you disable system restore before the last cleanup? That might help.

Also, sorry if I missed it, but did you do the cleanup in Safe Mode?

Hang in there - you are very close to being out of the woods. At least you know how to get rid of it. Now all we need to do is figure out how to drive a stake through its heart.

Distovol

i like da sound of dat...ima post back here tonight, gonna getrid of it in safe mode and turn of System Restore

Distovol

okay please listen to me, i restarted in afe mode and removed evrything and now im clean, but whenver I go to a random false website (i.e. wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww.asssssssssssssssssssssssssssssssssssssssdddddddddddddddddddddfffffffffffffffffffffffffffffffffffffffffffffff.coooooommmmm,,,9280192381023898798 it takes me to this stupid spyware one http://s1di.ewizard.cc/index.php?aid=20038 plz help me !!

Distovol

here's an update, everytime I run Spysweeper to clean up spyware, it picks up CoolWWW EVERYTIME, plz help!

Distovol

oh no sorry for posting 3 times but now also whenver I restart me computer, it says CPU IS UNWORKABLE, OR WAS PREVOUSLY Removed or something similar, PRESS F1 TO CONTINUE plz HELp!!!!!!!

shwaip

Ok. Please do not (quadruple) post. You will helped if you are calm, polite and patient. We do not recieve anything for helping you, only the satisfaction that we've helped someone solve a problem. You posted four...4!... times within an hour. I check the forums frequently, however, an hour is easy to pass doing anything. You most likely got very few responses because you posted like that. I can understand that you want this removed, but you are not the focus of all of our lives.

Your latest error, the CPU one, is most likely unrelated. Probably due to a dead CMOS battery or something like that.

here's an update, everytime I run Spysweeper to clean up spyware, it picks up CoolWWW EVERYTIME, plz help!

This means you have a CWS infection. Disable system restore, Boot into safe mode and try the CWShredder tool again.

Then reboot, and re-enable system restore. Create a new restore point as well.

Distovol

right sorry i just want to get this stupid thing fixed
but it still goes on man, system rest. is off, ran CWS in safe mode, got rid of it...now my spy sweeper doesn't find it but it's still there....plz help man!
i already fixed the cmos problem
ps-thx shwaip for bringing me this far