Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Many problems


  • This topic is locked This topic is locked
27 replies to this topic

#16 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 22 March 2007 - 02:40 PM

Hi Klois,

Did you manage to run a scan with AVG Anti-Rootkit, if so can you post the log.

What problems did you get when trying to uninstall Kazaa Media Desktop? Please give details of any messages you may have got.

Your HJT log is clear now.

The items shown on your Kaspersky log are as follows.

Backup files for HJT
Quarantined files for Norton AV
Infected System Restore points

None of these can infect you the backups and Quarantine files are encrypted, your Restore points will only infect you if you try to do a restore, we'll clean them out in due course.

Are you still having the black screen problems?

Please send me the AVG Anti-Rootkit log please, along with a HJT log for any other accounts on your computer (please name them so I can tell them apart)
Gary R

Posted Image

    Advertisements

Register to Remove


#17 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 22 March 2007 - 09:36 PM

Ah, I'm sorry, I meant to tell you that there was nothing found when I did the rootkit. The Kazaa message I get when I try to uninstall it is as follows : Error Loading C:\Windows\System32\cd_clint.dll, The specified module could not be found. I have a feeling that I just deleted the whole Kazaa folder a long time ago and didn't properly uninstall it. And yes, I am still getting black screens and I did actually try to do a system restore. I'll post a HJT log on my next post. Oh yea, sorry, all previous things were done under my account, Jeremy. The next post's HJT post was made from my dad's name, Gary. There is also another user, my sister, Gretchen. We all use the computer a fair amount, although I use it the most.

Edited by klois, 22 March 2007 - 09:48 PM.


#18 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 22 March 2007 - 09:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:38:00 PM, on 3/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Bit Comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#19 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 23 March 2007 - 02:14 AM

Hi Klois,

Looks like Kazaa has not been fully removed from your system, and there are some registry entries that may need removing.

Download RegSearch by Bobbi Flekman.
  • Create a folder in your C: drive C:\Regsearch, and extract all the files from the zip archive into that folder.
  • Double click regsearch.exe to launch the programme.
  • Copy/Paste the following into the Search Box Kazaa Media Desktop 2.1.1
  • On the next line Copy/Paste Kazaa
  • Click OK.
Regsearch will now search your Registry for the required strings, when it is finished it will open a Notepad file RegSearch.txt, saved to the Regsearch folder.

Copy/Paste that file into your next post please. (Do not attempt to remove anything that RegSearch finds).

The 2nd HJT log looks clean, can you post one from the 3rd account please.

Edited by Gary R, 23 March 2007 - 02:15 AM.

Gary R

Posted Image

#20 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 23 March 2007 - 11:54 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:49:50 PM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blazefind.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {00000000-15D9-4736-AB29-131578A45F2B} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt0_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman 2005
; Version: 2.0.2.0

; Results at 3/23/2007 1:32:46 PM for strings:
; 'kazaa media desktop 2.1.1'
; 'kazaa'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\Bandwidth]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\Bandwidth\in]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\Bandwidth\LastEstimate]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\Bandwidth\out]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\CloudLoad]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\CloudLoad]
"ShareDir"="C:\\Program Files\\Kazaa\\My Shared Folder"
"ExeDir"="C:\\Program Files\\Kazaa"

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\ConnectionInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\ConnectionInfo]
; Contents of value:
; +n8@xb
98@
H8@'8@.M &8@¬k+8@` P
)8@ @B
98@{
E8@ lB3>8@/դ
78@C ?18@A8L8@/A 8@U#A7
3O8@D;O8@ 98@1y+ 8@G#AA <8@TU=8@U
'18@5JB. >8@ֆCI]8@!8B8@!A (8@@uC8@ *8@!"A$8@㗃/8@- 98@έA 2G8@X|A3O8@l57@! F8@!A
78@A"= ~8@*A6t8@L #8@z"AF8@*H>8@.8@hA:
<8@= /5@yHAL< O8@#A%27@ߠ8b5@;
D , O8@ [8@?18@#AJ7@C
@}8@ZӥC
0Q8@AgJ8@">Av
V8@PD  -18@PR:m6@bUA A8@ <8@#1 98@;A98@Ѿ@8@;)B+7=R8@NA]8@NI$18@{wA3O8@ 
98@4A28@Ao
88@CC8@[B 18@v C 18@Nl ; 8@q:h8@M98@g88@H,E8@vA M8@q7Ap
V8@5ڥ:8@کCz98@
q=1h8@3O
$8@, >8@m=)O8@ 8v8@M[B_> 8@ I <8@}?P8@*DCp3}8@K*/8@p,Da8@  ;8@ŢE-8@B68@)DB :8@I B78@G6H18@8 >8@Ս6#5@p(<8@WC 3A8@#A
@ s8@  h8@SV18@%gB8@
b 88@P4 O8@7S 48@GC <8@-e.8@>` J8@\CE}8@
^18@ I8@]D=8@
' <8@ze18@:"AV 98@ . 8Q8@q9Bs45@,A68@FAh8@9?8@<N8@B3 4 8@A
:8@/H8@6 &8@#A>8@AsM#8@\<h8@0h8@//8@ 88@6BNi8@5As36@l .8@2 68@WA>8@ 38@G]
48@EBK
TO8@Ls8@أ 58@V8@UbAC8@fT!AC
1O8@d?c8@'uM8@:A5J5@ $
18@z
B8@!AZJ_8@A#O8@-6<
4}8@.8@>8@on
?8@9EBB O8@ @}8@Cz ,8@ D8@WA~ <O8@J CB.
"18@'C' 8@K/C D8@sG8@3C /8@< 8@MJΌ
58@?>8@b=8@.A/
:8@B=8)8@A<D8@&C 818@ y+18@I8@H :}8@~J:\8@K18@sj/dE8@6N
;W6@1xӌ08@<v?8@nB
D8@:8@ F8@.$ 18@Ҁ<
T<8@#C5}8@V'8@BnP8@; Rc8@ L- 8@]`A "8@X
 68@) #8@POB 8@$ 18@
"KazaaNet"=hex:01,ed,2b,0f,18,6e,06,1f,02,f5,d7,38,40,e7,78,af,80,62,0a,39,02,\
c7,da,38,40,19,9c,05,9a,c8,0a,48,02,ab,d8,38,40,9f,7f,0f,18,cb,07,27,02,f5,\
d7,38,40,2e,db,da,18,4d,09,26,01,f0,cc,38,40,85,c2,ac,cf,6b,0e,2b,02,13,da,\
38,40,60,0c,50,d8,ee,0a,29,01,bf,ce,38,40,09,40,19,42,05,0a,39,02,b1,bf,38,\
40,82,a8,a1,18,7b,0a,45,01,f0,cc,38,40,fc,0b,6c,42,33,0e,3e,02,13,da,38,40,\
2f,d5,a4,18,d8,0d,37,02,1c,ce,38,40,8d,8a,a4,43,0b,07,3f,01,31,d8,38,40,15,\
dd,18,41,38,05,4c,01,8b,da,38,40,2f,95,1b,41,c3,0b,18,03,d7,d9,38,40,e4,55,\
23,41,37,0d,33,02,4f,da,38,40,bf,a1,08,44,80,08,3b,02,4f,da,38,40,f2,ef,a5,\
18,e6,0c,39,02,1c,ce,38,40,a3,31,0f,18,79,05,2b,00,f5,d7,38,40,47,c7,23,41,\
41,0c,3c,02,8b,da,38,40,a4,54,55,82,18,05,3d,02,c7,da,38,40,dd,55,0d,18,83,\
0e,27,02,31,d8,38,40,35,9e,4a,42,2e,0b,3e,02,d7,d9,38,40,d6,86,a4,43,49,06,\
5d,01,c9,d6,38,40,bb,21,0e,18,38,07,42,01,c9,d6,38,40,ed,fb,21,41,1a,09,28,\
02,d7,d9,38,40,40,07,a2,18,75,06,43,01,f0,cc,38,40,8e,0c,a9,18,b2,05,2a,02,\
1c,ce,38,40,f4,21,22,41,9f,05,24,02,8b,da,38,40,e3,97,83,18,ea,12,2f,01,1c,\
ce,38,40,2d,93,80,18,00,09,39,01,1c,ce,38,40,ce,ad,19,41,ed,0b,32,01,47,ce,\
38,40,a2,58,7c,41,ed,06,33,01,4f,da,38,40,6c,c0,da,18,92,05,16,01,35,c4,37,\
40,c4,1d,aa,18,21,0b,46,02,1c,ce,38,40,04,96,21,41,93,0a,37,02,d7,d9,38,40,\
1e,e9,1b,41,22,05,3d,00,7e,ca,38,40,07,2a,18,41,8f,07,36,01,74,cd,38,40,c0,\
4c,d9,0c,f5,0e,23,02,d7,d9,38,40,d0,7a,22,41,ad,04,46,02,d7,d9,38,40,2a,95,\
a9,18,48,04,3e,02,1c,ce,38,40,c4,07,04,18,90,0e,2e,02,b9,d7,38,40,dc,68,18,\
41,3a,0d,3c,02,d7,d9,38,40,8d,f2,19,18,3d,09,2f,02,04,9c,35,40,79,48,1e,41,\
4c,08,3c,00,4f,da,38,40,10,bc,23,41,25,0f,32,01,c5,07,37,40,e7,df,a0,18,f1,\
0e,38,02,01,62,35,40,3b,06,0d,44,8b,09,2c,00,4f,da,38,40,a6,e6,ba,18,a4,0b,\
5b,02,8b,da,38,40,c2,d7,03,18,bc,0e,3f,02,31,d8,38,40,1b,d7,23,41,b9,07,4a,\
02,89,07,37,40,06,fa,a3,43,82,0d,40,02,7d,d7,38,40,5a,d3,a5,43,d3,0a,30,02,\
51,d6,38,40,d2,0f,1d,41,67,10,4a,02,8b,da,38,40,22,3e,a4,41,76,0d,56,02,ab,\
d8,38,40,50,44,00,18,df,0b,2d,02,31,d8,38,40,a7,50,a5,88,52,08,3a,01,c6,6d,\
36,40,62,55,19,41,97,0c,41,02,06,ca,38,40,c4,1c,1a,18,00,06,3c,02,1c,ce,38,\
40,d5,23,31,18,d6,09,39,02,b9,cb,38,40,c4,3b,1a,41,b0,07,39,02,d7,d9,38,40,\
d1,be,a1,18,e2,06,40,02,1c,ce,38,40,3b,d6,29,42,2b,08,37,02,3d,52,38,40,4e,\
9c,1f,41,99,0e,5d,02,8b,da,38,40,4e,49,0f,18,04,12,24,02,31,d8,38,40,7b,77,\
1b,41,cb,06,33,01,4f,da,38,40,0c,9a,9e,18,1d,0a,39,02,1c,ce,38,40,15,34,18,\
41,a0,07,32,02,d7,d9,38,40,a8,e6,1f,41,6f,0a,38,02,13,da,38,40,13,ab,a3,43,\
d3,04,43,01,05,d7,38,40,86,5b,a0,42,f3,06,00,02,31,d8,38,40,76,20,a5,43,13,\
0c,31,01,f5,d7,38,40,88,4e,a1,18,6c,0c,3b,00,d9,cb,38,40,71,a2,a7,18,80,06,\
3a,02,68,cd,38,40,1e,4d,a4,18,e6,05,39,02,c3,da,38,40,b8,b1,ae,81,67,06,38,\
02,8b,da,38,40,48,ca,2c,18,b6,07,45,02,bf,ce,38,40,15,76,ab,41,bb,09,4d,02,\
8b,da,38,40,71,37,1f,41,70,0d,56,01,9b,d9,38,40,35,da,a5,18,e2,0e,3a,02,1c,\
ce,38,40,da,a9,a5,43,7a,04,39,01,8d,d6,38,40,0d,71,da,18,3d,07,31,02,68,cd,\
38,40,06,84,33,18,4f,0d,24,02,8b,da,38,40,7f,83,2c,18,7f,09,3e,01,bf,ce,38,\
40,6d,a5,0e,18,3d,08,29,02,4f,da,38,40,ca,1a,ff,cc,18,0b,38,02,76,cb,38,40,\
19,4d,5b,42,5f,0f,3e,00,d6,ca,38,40,98,c1,a8,18,80,09,49,00,3c,cc,38,40,f4,\
05,7d,18,3f,0f,50,02,c9,cc,38,40,2a,44,a3,43,70,08,33,02,7d,d7,38,40,4b,90,\
a7,18,2a,06,2f,02,1c,ce,38,40,70,2c,e1,44,61,07,08,03,c7,da,38,40,f8,0c,a3,\
18,bb,0c,3b,01,1c,ce,38,40,b8,c5,a2,45,2d,07,04,03,c7,da,38,40,91,18,0e,18,\
42,0f,36,02,f5,d7,38,40,29,d9,44,42,ad,0c,3a,02,13,da,38,40,49,00,bc,42,88,\
08,37,02,13,da,38,40,47,36,06,18,96,0e,48,01,31,d8,38,40,13,d9,38,9c,ee,0b,\
3e,02,d7,d9,38,40,91,b5,d5,8d,ae,06,36,02,84,23,35,40,70,19,a6,18,28,05,3c,\
02,1c,ce,38,40,06,57,a0,43,e0,0c,33,02,41,d7,38,40,9c,bd,23,41,0d,05,40,00,\
73,cf,38,40,fd,09,a6,18,f7,09,1e,02,68,cd,38,40,53,56,97,18,dc,08,1b,02,31,\
d8,38,40,25,67,18,18,da,06,42,02,c7,da,38,40,93,0d,a8,18,62,0b,38,01,1c,ce,\
38,40,bb,50,a7,18,34,0c,4f,02,1c,ce,38,40,37,53,b8,18,ee,0c,34,01,bf,ce,38,\
40,b7,47,a5,43,00,08,3c,02,8d,d6,38,40,2d,b2,82,18,65,0f,2e,02,c7,da,38,40,\
11,3e,d1,18,60,09,4a,02,c7,da,38,40,5c,b5,a5,43,d4,06,45,02,7d,d7,38,40,e7,\
b9,0a,18,c9,0e,5e,02,31,d8,38,40,1a,12,a5,18,14,09,49,01,1c,ce,38,40,b4,5d,\
a8,18,44,08,3d,02,1c,ce,38,40,04,ac,83,18,1d,0a,27,00,3c,cc,38,40,05,c0,7a,\
a8,65,0f,31,02,d8,ca,38,40,fd,3a,22,41,56,09,39,02,13,da,38,40,09,8f,2e,18,\
d3,0b,38,02,51,cc,38,40,71,9d,39,42,73,0e,34,02,07,8f,35,40,bd,2c,1b,41,b5,\
06,36,02,d7,d9,38,40,46,a4,1d,41,68,08,1d,03,8b,da,38,40,39,b8,ae,81,02,08,\
3f,01,d7,d9,38,40,3c,9b,91,18,7f,0e,4e,02,8b,da,38,40,ac,bb,b1,42,33,0b,34,\
00,9b,d9,38,40,9f,7f,1f,41,04,0d,3a,02,9b,d9,38,40,c4,2f,a7,18,d8,0e,48,01,\
f0,cc,38,40,01,ed,e0,8d,36,09,26,02,d7,d9,38,40,b7,9f,23,41,f4,07,3e,02,8b,\
da,38,40,18,c8,18,41,73,10,4d,01,23,d9,38,40,c5,15,5c,18,c8,06,3c,01,68,cd,\
38,40,bb,98,83,18,82,06,30,02,68,cd,38,40,c0,2f,03,18,f4,0e,2f,02,f5,d7,38,\
40,fb,86,a5,18,92,0c,38,02,1c,ce,38,40,bc,36,19,42,d4,06,4e,02,69,cc,38,40,\
f8,35,1f,41,73,08,33,02,9d,fe,36,40,16,a8,1a,18,6c,0c,2e,02,13,da,38,40,32,\
1c,19,81,b9,0c,36,01,d7,d9,38,40,57,a0,1f,41,93,12,3e,02,8b,da,38,40,b0,ec,\
1b,18,c7,0c,33,02,d7,d9,38,40,c9,47,5d,18,d6,0a,34,02,1c,ce,38,40,e2,b5,45,\
42,4b,0d,54,02,4f,da,38,40,ba,01,bf,18,04,06,4c,02,73,cf,38,40,9d,05,ff,d8,\
a3,09,35,02,c7,da,38,40,f5,89,b4,8c,a8,08,56,02,8b,da,38,40,55,62,1f,41,f6,\
08,43,01,13,da,38,40,66,54,21,41,43,0a,31,01,4f,da,38,40,64,fb,1d,a5,a9,07,\
3f,02,63,ca,38,40,27,c3,03,18,75,07,4d,01,f5,d7,38,40,3a,b5,1e,41,a7,0e,35,\
02,4a,a3,35,40,c6,00,93,ac,24,0d,00,02,31,d8,38,40,85,7a,e6,80,0e,0d,42,02,\
8b,da,38,40,b4,af,21,41,5a,07,4a,01,5f,d9,38,40,b5,dd,dd,41,08,0e,23,02,4f,\
da,38,40,2d,36,f2,18,3c,0d,34,02,7d,cd,38,40,a0,a1,9f,cf,02,07,2e,01,d7,d9,\
38,40,cd,1f,bd,18,8c,07,3e,02,bf,ce,38,40,6f,e2,6e,8a,88,0a,3f,01,c7,da,38,\
40,8e,39,45,42,c9,06,42,00,4f,da,38,40,97,8d,0c,18,c5,05,40,01,7d,d7,38,40,\
1f,9f,a7,43,7a,0c,2c,01,c9,d6,38,40,01,b1,a4,18,cd,09,44,01,c7,da,38,40,57,\
d6,1d,41,7e,0c,3c,02,4f,da,38,40,4a,0c,43,42,2e,0a,22,02,31,d8,38,40,bc,27,\
a3,43,27,05,00,02,f5,d7,38,40,4b,bb,2f,18,43,0b,44,02,8b,da,38,40,73,82,aa,\
18,cd,0e,47,02,8b,da,38,40,f8,33,a7,43,ac,0b,2f,02,f5,d7,38,40,b8,b0,c0,8c,\
ea,05,3c,00,13,da,38,40,4d,10,4a,ce,8c,0a,35,01,af,cb,38,40,3f,ce,d1,d8,c2,\
05,3e,01,c7,da,38,40,b9,62,be,18,05,0f,3d,02,1c,ce,38,40,f8,2e,1a,41,2f,0d,\
3a,01,8b,da,38,40,af,ac,08,42,3d,06,38,02,29,c0,38,40,a3,e4,1f,41,3c,0f,44,\
02,8b,da,38,40,fd,26,a7,43,e8,0b,38,02,31,d8,38,40,8a,9d,0c,18,79,0e,2b,02,\
31,d8,38,40,89,e3,a1,18,c0,06,49,01,1c,ce,38,40,b1,48,a3,ac,ac,0c,3a,02,7d,\
cd,38,40,ac,fb,7e,18,4a,0e,3a,01,5c,ce,38,40,03,e4,1e,18,4b,08,31,01,13,da,\
38,40,73,6a,2f,18,64,04,45,01,bf,ce,38,40,36,4e,88,18,83,0d,3b,02,57,fb,36,\
40,31,78,d3,8c,82,06,30,02,8b,da,38,40,cb,3c,a4,18,76,10,3f,02,8b,da,38,40,\
6e,c9,f0,cd,42,0a,44,02,b6,cc,38,40,c2,f6,1c,18,1b,0f,3a,02,13,da,38,40,a3,\
c1,a6,18,ec,0c,46,02,1c,ce,38,40,2e,0e,a1,18,24,0c,15,02,31,d8,38,40,d2,80,\
a0,18,3c,0a,54,02,3c,cc,38,40,23,fd,a3,43,e8,07,35,02,7d,d7,38,40,d0,56,11,\
18,ac,08,27,02,f5,d7,38,40,8f,c1,bc,42,6e,06,50,01,d7,d9,38,40,3b,fd,8f,ac,\
a7,0b,52,02,63,ca,38,40,94,d9,00,18,4c,0e,2d,00,f5,d7,38,40,5d,e6,60,41,e2,\
0c,22,02,d7,d9,38,40,bc,58,0d,18,b3,0b,36,01,f5,d7,38,40,29,8b,0b,23,9c,05,\
04,03,c7,da,38,40,bd,50,4f,42,f0,0b,08,03,c7,da,38,40,24,11,a6,ac,aa,0c,05,\
03,31,d8,38,40

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\LocalContent]

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\LocalContent]
"DownloadDir"="C:\\Program Files\\Kazaa\\My Shared Folder"
"DatabaseDir"="C:\\Program Files\\Kazaa\\Db"

[HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA\Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe]
"Path"="C:\\Program Files\\Kazaa"
@="C:\\Program Files\\Kazaa\\D:\\InstallShield\\Kazaa\\kazaa.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}]
"DisplayName"="Kazaa Media Desktop 2.1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.0\2.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.0.2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.0.2\2.0.2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.1.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd\Kazaa Media Desktop 2.1.1\2.1.1]

[HKEY_CURRENT_USER\Software\ahead\nero wave editor\Recent File List]
"File2"="C:\\Program Files\\Kazaa\\My Shared Folder\\Soundtracks The Wedding Singer - I Wanna Grow Old With You.mp3"

[HKEY_CURRENT_USER\Software\Kazaa]

[HKEY_CURRENT_USER\Software\Kazaa\Advanced]

[HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Audio]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\AudioWidth]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\ColumnOrder]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\ColumnSortStates1]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\ColumnSortStates2]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\ColumnWidths]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\CombinedSortedColumns]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Document]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\DocumentWidth]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Download Order]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Download Width]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Everything]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\EverythingWidth]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Picture]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\PictureWidth]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Settings]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\ShowWarningDialog]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Upload Order]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Upload Width]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\Video]

[HKEY_CURRENT_USER\Software\Kazaa\Kazaa Media Desktop\VideoWidth]

[HKEY_CURRENT_USER\Software\Kazaa\LocalContent]

[HKEY_CURRENT_USER\Software\Kazaa\LocalContent]
"DownloadDir"="C:\\Program Files\\Kazaa\\My Shared Folder"

[HKEY_CURRENT_USER\Software\Kazaa\Promotions]

[HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband]

[HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband]
"BBDbLoc"="C:\\Program Files\\Kazaa\\Db\\bb.db"
"NullImageLoc"="C:\\Program Files\\Kazaa\\broadband.gif"

[HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter]

[HKEY_CURRENT_USER\Software\Kazaa\Search]

[HKEY_CURRENT_USER\Software\Kazaa\Settings]

[HKEY_CURRENT_USER\Software\Kazaa\Settings]
"HelpDir"="C:\\Program Files\\Kazaa\\Help"
"Quarantine"="C:\\Program Files\\Kazaa\\Quarantine"

[HKEY_CURRENT_USER\Software\Kazaa\Skins]

[HKEY_CURRENT_USER\Software\Kazaa\Skins]
"SkinsDir"="C:\\Program Files\\Kazaa\\Skins"

[HKEY_CURRENT_USER\Software\Kazaa\SOCKS]

[HKEY_CURRENT_USER\Software\Kazaa\Transfer]

[HKEY_CURRENT_USER\Software\Kazaa\Transfer]
"DlDir0"="C:\\Program Files\\Kazaa\\My Shared Folder"

[HKEY_CURRENT_USER\Software\Kazaa\UserDetails]

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\AutoComplete\Directory]
; Contents of value:
;     
"C:\\Program Files\\Kazaa\\My Shared Folder"=hex:d4,07,05,00,02,00,12,00,11,00,\
09,00,04,00,90,00

; End Of The Log...

Edited by klois, 23 March 2007 - 12:07 PM.


#21 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 23 March 2007 - 05:14 PM

Hi Klois,

Latest HJT log looks OK.

Now to clean out Kazaa

Create a System Restore Point
  • Click Start > Run
  • Copy/Paste C:\Windows\System32\Restore\rstrui.exe into the Open: box.
  • Click OK.
  • This will open the System Restore window.
  • Click on Create a Restore Point then click Next.
  • Enter Restore from Reg Changes to the description box, then click Create.
  • A new Restore Point will be created, once finished click Close to exit.
Now
  • Click Start > Run type Notepad.exe click OK.
  • This will open a Notepad file.
  • Copy/Paste the contents of the code box below into Notepad. (Note: there should be no spaces before the first line, and a blank line at the end).
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\KaZaA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}]
"DisplayName"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe]
"Path"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Sharman Networks Ltd]

[-HKEY_CURRENT_USER\Software\Kazaa]

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Regfix.reg to your Desktop, save as File Type All Files or it won't work.
Double click on Regfix.reg and when prompted allow it to merge with the Registry.

Now delete this folder (if found).

C:\Program Files\Kazaa

Now check your list in Control Panel > Add Remove Programs and let me know if there's still an entry for Kazaa Media Desktop.

How's your computer running now, let me know of any remaining problems.
Gary R

Posted Image

#22 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 23 March 2007 - 10:18 PM

Thanks, that did the trick with Kazaa. My computer feels a lot better than what it did when we first started. However, I think I'm still getting those black screens (although I think the last one was a few days ago). Another thing is my internet is and has been acting odd. I have DSL with Netzero and they just recently started it. When we first got it, the DSL ran fine. When I first started getting problems with my computer, my DSL started acting weird. Then I started getting the problems with the computer. I was hoping that if I fixed my computer that my DSL would start correcting itself too. However, it hasn't. I looked online a lot on the Netzero support when I first thought it was just my DSL going bad. Nothing really stuck out as the reason for the problem except maybe new noise on my phone line, which I still haven't checked. I really should =/. So, to put it bluntly, can a virus screw up my DSL connection or screw up something it uses so it doesn't work properly? I'm actually using the DSL right now but I cannot download or connect to anything for longer than a few seconds (a few minutes at best). Sorry for the long story. Thanks for all your help.

#23 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 24 March 2007 - 01:01 AM

Hi Klois,

Not sure what the problem is with your DSL, to tell the truth it's outside my area of expertise.

I'm as sure as I can be that we've got rid of your Malware problems, but whether these have done some damage that is not apparent on any of the logs I've seen I couldn't say.

It may be worth uninstalling then re-installing the software supplied by your ISP (Internet Service Provider) and see if that resolves your problems, other than that I'm afraid I'm not much help. The line noise issue is certainly something that should be investigated with your service provider.

It may be worth posting to one of the Hardware Support forums with your problems and see if they have any suggestions (I've posted links to a couple below).

Hardware Support Forums
PC Pitstop
Virtual Dr.
Gary R

Posted Image

#24 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 24 March 2007 - 11:53 PM

Thanks for all your help and your recommendations. They have all lead me into the right direction. Also, thanks for all your time and patience. I feel like all of my virus and spyware problems have been taken care of. I knew I was having a problem with my connection and since i went to the PC Pitstop, I've learned that my uploading is what is wrong. It suggests disabling firewalls and now i'm looking it that. If I can't figure it out myself, I will either post on their forums or reformatting my computer. Thanks Again.

#25 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 25 March 2007 - 01:19 AM

You're welcome, glad we could help a little. Sorry we didn't resolve all your problems fully. Gary.
Gary R

Posted Image

    Advertisements

Register to Remove


#26 klois

klois

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 26 March 2007 - 01:24 PM

Actually, I disabled my firewalls (I had one on Norton, Norton is now history. I also had one with Netzero. That firewall is disabled now) and my internet is working decently. Sometimes I have to restart my modem but it is much more manageable now. Plus I have you to thank for getting my computer running a lot better and taking out harmful data. I now feel like my computer is reasonably close to what it used to be and the only thing that still worries me is that its a lil slow and acts a lil weird. By the way, I'm the one who installed the firewalls before I posted on here. Sometimes I feel like I'm actually bad for the computer than I am good =/ Anyway, Thanks a lot :) You helped out a lot more than a little.

Edited by klois, 26 March 2007 - 01:24 PM.


#27 Gary R

Gary R

    MRU Administrator

  • MRU Teachers
  • 1,462 posts

Posted 30 March 2007 - 02:29 PM

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Tom Coyote Donations

Gary R
Gary R

Posted Image

#28 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 30 March 2007 - 03:23 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users