Kazaa messed my computer up so then I did the system recovery... it's like destructive recovery but it should've saved by data, but in this case, it didn't. My programs are still there but all the files in My Document, Music, Picture and Desktop are gone... So right now I'm looking for a good program that can help me get all the files bak...

Also, after I get Kazaa installed and run it, it started to collect every file and shortcut from start menu and desktop to the folder C:\Program Files\Kazaa\My Unshared Folder... so now how am i suppose to return them bak to their original location? I barely ever back up my computer (if ever) so... I would really appreciate the help

Now I'm kinda afraid of Kazaa... probably never install it again <.<

you probably got a virus, so first thing scan your computer with the latest online virus definitions, like free online trend micro housecall or others, just in case. then try to retrive your files.

Go to http://www.kaspersky.com and use the online scanner. This is your first priority.

After you've removed anything nasty on your system, try RecoverMyFiles or Ontrack EasyRecovery Professional for getting back those lost items.

I have kaspersky... it found some trojans and adwares in my computer... but then, the adware is still there after it get deleted =/ It's quite annoying cuz everytime I start IE the site call safetyhomepage.com popped up and tell me to download an anti-spyware or anti-virus program <.<

And as for RecoverMyFiles program, should I do the Complete Format Recover? I tried to the Complete File Search before and it just took forever to scan and ended up it got "Not Responding"...

Adware still there? Install, update and rrun Spybot Search & Destroy (http://www.spybot.info/en/index.html) and Lavasoft AdAware (http://www.lavasoft.de/) they're both free.
After that, get XoftSpy (http://filesharingtalk.com/vb3/showthread.php?p=1405050) and scan your system with that.
That should get rid of everything!
If you want to be absolutely sure there's nothing else nasty lurking, get HijackThis (http://www.tomcoyote.org/hjt/) and post scan results here.

As for recovering your files, we'll concentrate on getting rid of nasties first because that'll make things quicker, OK?

I've already ran Spyware Doctor, Spybot Search & Destroy, and Spy Sweeper too and the ad still haven't gone... Well, how about if we get straight to the point... I gotta do the Complete Format Recovery to get all my files bak? I wanna get my computer bak to 2 days ago... =/
Probably the adware is not harmful... or that it's not an adware at all and I'd made a mistake... Cuz the funny part is it tells me to download a Anti-Spyware/Anti-Virus program... weird?

If you want to be absolutely sure there's nothing else nasty lurking, get HijackThis (http://www.tomcoyote.org/hjt/) and post scan results here.

Thanks m8, i thought that i was safe with the progs i have but after runing HijackThis i saw some little "bugs flying around here"...

Usually with bad Malware I'd turn off System Restore as well then run a good Trojan remover . Even a trial one would work , say this one :

http://www.softpedia.com/get/Antivirus/Trojan-Remover.shtml

As for recover of delelted files it's hard to do but Winternals is quite good .

---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:31:22 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\IntCodec\isamonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\IntCodec\isamini.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1.FAM\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar4.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
-------------------------------------------------------------------------

So then I scanned with Hijackthis and got this... I don't know which to delete lol... also, thanks a lot for those program, they detected many threats off my computer...

@peat moss: thanks a lot, imma try the program rite now ^^

When you run HijackThis, you should extract it to it's own folder rather than from within an archive.

I'm assuming you have Windows XP - everyone does, don't they?

The popups are probably caused by SystemDoctor2006.

First, make sure you can see everything on your hard drive (you can change back these settings afterwards if you feel uncomfortable with them):
Open My Computer and click Folder Options on the Tools menu.
Click the View tab.
Enable the following options:
Display the contents of system folders with a checkmark
Show hidden files and folders using the option button.
Disable these options by removing the checkmarks:
Hide extensions of known file types
Hide protecetd operating system files
Click OK to exit.

Turn off System Restore:
Right-click My Computer and select Properties.
Click the System Rrestore tab, checkmark the option Turn off System Restore on all drives and click OK.

The best place to do the following is Safe Mode so you may want to save this to a text file on your desktop and boot to there.

Run HJT again, and close all IE and explorer windows.
Run the scan, checkmark these items and select Fix Checked.


O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download...reeInstall.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)

Clean your cache:
Open Internet Options from either Control Panel or IE's Tools menu. Click the Delete Files... button in the middle section, checkmark Delete all offline content and click OK
While you're here, you can prevent a lot of disk fragmentation by reducing the ridiculously high space allocation by clicking the Settings button and changing the value in the box to something more realistic (20 to 50 MB).
This should be done for all user accounts on the machine.

Clean your temporary directories:
Delete everything in the temporary folders. Windows XP has a temp folder for each user located at:

C:\Documents and Settings\<username>\Local Settings\Temp\
Also check these places:

C:\Windows\Temp\
C:\TEMP\
Nothing should be running from these folders and legitimate programs would never install themselves there (although Adobe sometimes leave their uninstall utilities in there, the sneaky buggers).

Clean your Prefetch:
Explore your way to here:

C:\WINDOWS\Prefetch
Delete everything inside this folder (but not the folder itself).


OK, now the recovery.

I think you misinterpret the meaning of Complete Format Recovery.
It sounds like you believe this will format your system and return it to what it was a couple of days ago.
That's not what it does. There is no way to do this unless you only received the machine two days ago and run a rescue disc supplied with the system by the OEM manufacturer.
A complete format recovery is an attempt to recover files that were on the hard drive before it was completely formatted.
This is the best option for you.

I haven't used RecoverMyFiles myself, although other people here have and have had success with it. It's a program that's held in high regard for its ability and price :).

I have used Ontrack EasyRecovery Professional (ERP) with quite a bit of success.
With ERP you select a partition to recover from and then a different partition or drive to recover to. It has to be a different partition or drive.
You can specify which file types to recover if you only want to restore documents or mp3s or avi files etc.
ERP detects the filetypes of what it finds by reading the file itself as there's no name information and consequently, although it recovered a helluva lot of files for me, it was down to me to open each one and rename manually.

One last thing.
Whichever recovery program you use, its success depends not only on whether the file has been partially overwritten but to a greater extent how fragmented the partition was before formatting, A fragmented file is spread out around the partition and the information detailing the locations of these parts is held in a place that is written over when you format.
If your partition was badly fragmented you may find that a large proportion of the files recovered are corrupt, unreadable, incomplete or even merged with another file.

Good luck, I hope it goes well.

Have a look at your start up folder aswell or use a program like Ccleaner to check what's running every time you start your computer you'll be surprised .

For Hijackthis you can post on their site to get it analyzed to better understand.
http://www.hijackthis.de/


Here it is stored for a short time : http://www.hijackthis.de/logfiles/c225a342480a0c515e22f5be873ec28b.html

And while your at it run a Regcleaner to clean up the debris . :)

Thanks a lot for the help, guys :lol: ... Now I'm finally able to get rid of all the junks in my computer... Now the recovery part *sigh*

EDIT:
hmmm... I think I've tried the Ontrack EasyRecovery Pro before. It was a trial version so I thought I would have let it run for a few minutes since I wouldn't be able to recover anything anyway. It was only a few minutes but I saw a lot of folders and stuff and it took a while to look at them all... If it ran for 2 hours I would die lol :lol: @_@

I also have EnCase... I heard that it's pretty good but I don't know how to use it... =.="