Tech Support Forum - View Single Post

DragonsRemix · 11-30-2005, 07:23 AM

Thanks again for like the fiftieth time. I really appreciate all the help. No new antispyware.log came up after the second run, though. at least i don't think so. all that showed up on the scan results was one profiler cookie. so i'm posting what showed up in the first antispyware.log. So far i haven't been having any problems.

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Magnet'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'ScanFolder' in 'Software\Kazaa\Advanced'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\Search'
Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'AutoConnected' in 'Software\Kazaa\UserDetails'
Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter'
Found 'SkinsDir' in 'Software\Kazaa\Skins'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\User\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\User\Desktop\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Finished Cleaning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

Logfile of HijackThis v1.99.1
Scan saved at 9:21:47 AM, on 30/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.com:8059/Java/cfs31235.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133214705890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

11-30-2005, 07:23 AM	#7 (permalink)
DragonsRemix Registered User Join Date: Nov 2005 Posts: 19 OS: XP	Thanks again for like the fiftieth time. I really appreciate all the help. No new antispyware.log came up after the second run, though. at least i don't think so. all that showed up on the scan results was one profiler cookie. so i'm posting what showed up in the first antispyware.log. So far i haven't been having any problems. Started Scanning Internet Cookies Programs in Memory Windows Registry Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\ResultsFilter' Found '' in 'Software\Kazaa\Settings' Found '' in 'Software\Kazaa\Transfer' Found '' in 'Software\KaZaA\CloudLoad' Found '' in 'Software\KaZaA\ConnectionInfo' Found '' in 'Software\KaZaA\LocalContent' Found '' in 'SOFTWARE\Classes\ed2k' Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command' Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\Advanced' Found '' in 'Software\Kazaa\InstantMessaging' Found '' in 'Software\Kazaa\LocalContent' Found '' in 'Software\Kazaa\Skins' Found '' in 'Software\Kazaa\UserDetails' Found '' in 'SOFTWARE\Kazaa\Bandwidth\in' Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found '' in 'SOFTWARE\Kazaa\Bandwidth\out' Found '' in 'SOFTWARE\Magnet' Found 'LastSearchHash' in 'Software\Kazaa' Found 'ScanFolder' in 'Software\Kazaa\Advanced' Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging' Found '' in 'Software\Kazaa\Search' Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter' Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer' Found 'CacheHost' in 'Software\Kazaa\Transfer' Found 'CachePort' in 'Software\Kazaa\Transfer' Found 'CountryCode' in 'Software\Kazaa\UserDetails' Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent' Found 'DlDir0' in 'Software\Kazaa\Transfer' Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent' Found 'AutoConnected' in 'Software\Kazaa\UserDetails' Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter' Found 'SkinsDir' in 'Software\Kazaa\Skins' Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer' Found 'UserName' in 'Software\Kazaa\UserDetails' Found 'FirewallStatus' in 'SOFTWARE\Kazaa' Found 'ListenPort' in 'SOFTWARE\Kazaa' Found 'my_ip_address' in 'SOFTWARE\Kazaa' Found 'network_config' in 'SOFTWARE\Kazaa' Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa' Found 'UDP_receive_status' in 'SOFTWARE\Kazaa' Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX' Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}' Internet URL Shortcuts Files and Directories Found '' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' Found '' in 'C:\Program Files\WinMX' Found 'errcatch.exe' in 'C:\Program Files\WinMX' Found 'uninstall.exe' in 'C:\Program Files\WinMX' Found 'WinMX.exe' in 'C:\Program Files\WinMX' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' in shortcut areas. Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' in startup areas. Cleaning 'C:\Documents and Settings\User\Start Menu\Programs\WinMX' Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas. Checking for 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas. Cleaning 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' Checking for 'C:\Program Files\WinMX' in shortcut areas. Checking for 'C:\Program Files\WinMX' in startup areas. Cleaning 'C:\Program Files\WinMX' Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\colors.dat' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\library.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\library.dat' Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\license.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\license.txt' Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\settings.dat' Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Desktop\' [SCANMODS] The file 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' [SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' [SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\User\Desktop\' [SCANMODS] The file 'C:\Documents and Settings\User\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. [SCANMODS] The file 'C:\Documents and Settings\User\Desktop\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' [SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module. Finished Cleaning Started Scanning Internet Cookies Found 'tribalfusion.com' in 'Internet Explorer Cache' Found 'atdmt.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Finished Cleaning Logfile of HijackThis v1.99.1 Scan saved at 9:21:47 AM, on 30/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\zHotkey.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://irc.chatway.com:8059/Java/cfs31235.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133214705890 O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/en/ulcontrolxp.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe