can anyone view this and tell me if anything looks suspicious about it. A friend of mine is still having problems showing on her spybot S&R. I know that she has kazaa and her son needs it for his music in school. any suggestions?


Logfile of HijackThis v1.96.1
Scan saved at 9:49:41 PM, on 10/1/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 700\BIN\HPOSTR03.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 700\BIN\HPOVDX03.EXE
C:\WINDOWS\SYSTEM\HPOHID03.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SOL.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.iwon.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: HP OfficeJet Series 700 StartUp.lnk = C:\Program Files\HP OfficeJet Series 700\bin\HPOstr03.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .asf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdspl ay.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37765.6900347222
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab

These two I'd question:
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab
and this one
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab

They are from advertising sites (the latter site wasn't even there when I pinged it), and can be deleted from the C:\Windows\Downloaded Program Files folder. They'll probably be named with the the parts I put in blue for each listing. Hope that helps any.

-off-topic-
There is an ad-free, spyware-free version of Kazza (their site, www.k-lite.tk, is down, but my friend's site has the installer on it) you can download from <a target="_blank" href=http://ftp://unknown634:nukeme@lphs.sytes.net/downloads/p2p/klitekpp241d.exe>here</a> (copy the link, and remove the http:// the system put in itself.)

Unknown_Entity

-----------------
And now it all falls to pieces...

A good bit of advice, as unknown634 said uninstall Kazaa & then install KaZaA LiTe but first after you've uninstalled Kazaa run this little gem first KaZaA LiTe (http://www.spywareinfo.com/~merijn/files/kazaabegone.zip>KaZaA-Be-Gone</a>) just in case you can't find it elsewhere Good Luck with it .... Have you tried AdAware it is a program that compliments SpyBot S&D, they both work well together .... <a target="_blank" href=http://www.lavasoftusa.com/>AdAware Site</a> They both find spyware & other nasty stuff /images/forums/icons/crazy.gif...




<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>

OK but answer me this question? I have 2 computers,one is Win98 & has zone alarm & spybot, spybot is clean everytime I do a scan.
My other computer, XP, has the built in firewall enabled,but everytime I scan with spybot, I have all kinds of tracking cookies to delete. is the XP firewall not a very good firewall?

thanks,butterflywrenn

XP's built-in one is basic: you'd be better off buying one in stores. I don't any really good ones off-hand, but I'm sure someone else has some good reccomendations. I use <a target="_blank" href=http://www.lavasoftusa.com/support/download/>Ad-aware</a> also, and it works good for me, even though I go through my cookies and delete all but ones that keep me logged into sites using a program of my own design.

-Unknown_Entity

-----------------
And now it all falls to pieces...

Oh yeah I think ZoneAlarm is far superior ... I use it on my Win98SE setup & it blocks everything nicely .... my sister has Winxp with the firewall & I deleted over 200 spyware including tracking cookies & all from her computer, she was so shocked ... her children got a lesson from me about some of these music sites they visit ...... I recomended sacking KaZaA to her & going with KaZaA LiTe .... good luck /images/forums/icons/smile.gif


<font color=blue>&gt;&gt;Hally&lt;&lt;
&gt;&gt;&gt;/images/forums/icons/laugh.gif&lt;&lt;&lt;</font color=blue>