 |  |  |  |  |  |  |  |
Can't Get Rid of kazaa - tryed everything
 |
hey.. i can't get rid of kazaa, it is listed on the add/remove list but when i try to remove it it comes up with this message:
-----------------------------------------------------------------------
Error loading C:\WINDOWS\system32\cd_clint.dll
The specified module could not be found
-----------------------------------------------------------------------
It is not running in the processes or anywhere else, any help would be appreciated.
-----------------------------------------------------------------------
Error loading C:\WINDOWS\system32\cd_clint.dll
The specified module could not be found
-----------------------------------------------------------------------
It is not running in the processes or anywhere else, any help would be appreciated.
•
•
Join Date: Jun 2004
Posts: 434
Reputation: 
Solved Threads: 20
Posting Pro in Training
It sounds like you deleted kazaa without going through add/remove programs first. Unless you want to try and dig it out of the registry, reinstall kazaa and then remove it through add/remove programs
cd_clint.dll is actully a component of the CyDoor adware parasite... er, I mean... program that is bundled with Kazaa and some other "free" applications. Running one of the following free antispyware utilities should remove the CyDoor remainders for you:
ewido antispyware (trial version)
Ad Aware SE Personal
SpyBot Search & Destroy
ewido antispyware (trial version)
Ad Aware SE Personal
SpyBot Search & Destroy
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Jun 2005
Posts: 1,412
Reputation:
Solved Threads: 43
And henceforth, avoid KaZaA. Full of spyware.
Touch eyeballs to screen for cheap laser surgery
•
•
•
•
Originally Posted by goldeagle2005
avoid KaZaA. Full of spyware.
Last edited by DMR; Aug 9th, 2006 at 4:24 pm.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
•
•
Originally Posted by Deacon J
It sounds like you deleted kazaa without going through add/remove programs first. Unless you want to try and dig it out of the registry, reinstall kazaa and then remove it through add/remove programs
reinstalling kazaa has made the computer much worse and it still comes up a message (attatched to this)
-------------
also.. after installing ewido anti-spyware it keeps coming up with messages saying that a toolbar on my browser has an error on it (i clean and quarantine it every time)
------------
Also after reinstalling kazaa i went through the processes on my computer and found multiple adware and spyware..
Please help before it gets any worse
I'm going to move this thread to our virus & spyware forum, as this is revealing itself to be that sort of problem.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Please do the following:
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
1. Download the free HijackThis utility. Once downloaded, create a folder for HJT outside of any Temp/Temporary folders and move the downloaded HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
Do not run the program yet.
2. If you do not have the latest version of ewido (version 4), please download that version now from http://www.ewido.net/en/download/.
If you do have the latest version, download and install the most current updates for the program. In either event, do not run the program yet.
If you are installing the new version of ewido:
4. * Reboot your computer in Safe Mode by doing the following :
* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
* Open Ewido
* Run HjackThis, but do not have it fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here. Also post the contents of report log that ewido generated.
.
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
1. Download the free HijackThis utility. Once downloaded, create a folder for HJT outside of any Temp/Temporary folders and move the downloaded HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
Do not run the program yet.
2. If you do not have the latest version of ewido (version 4), please download that version now from http://www.ewido.net/en/download/.
If you do have the latest version, download and install the most current updates for the program. In either event, do not run the program yet.
If you are installing the new version of ewido:
- Close all other Applications and then run the ewido installer
- Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait Ewido will open main screen automatically.
- Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
- It is very important to get the updates
- When updating has finished, close Ewido.
4. * Reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Log in to the Administrator account.
* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
* Open Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close Ewido.
* Run HjackThis, but do not have it fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here. Also post the contents of report log that ewido generated.
.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
ok.. hers the results
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:46:01 PM 8/9/2006
+ Scan result:
C:\Program Files\INSTAFINK -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\NewCfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Uninstall.exe -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm25.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4005.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdata.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdloader.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admfdi.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admprog.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asmend.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminfo3.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminstall7.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetup.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jsinstall.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jslegals.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir1st.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Help.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Skin.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\message.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Temp Internet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\settings.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\setup.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\sysdetect.dll -> Adware.Altnet : No action taken.
C:\RECYCLER\S-1-5-21-1784492029-1465058494-1690550294-1012\Dc22.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\DownloadManager -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : No action taken.
C:\Program Files\TBONBin -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Reports -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Stat -> Adware.InstaFinder : No action taken.
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-116.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : No action taken.
C:\Program Files\RXToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo.1 -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CLSID -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CurVer -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\RX ToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : No action taken.
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\9G75J5BQ\zpopup[2].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\T0IQA1GR\zpopup[1].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.
::Report end
----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:48:35 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Mik3\Desktop\Desktop stuff\Virus Detectors\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...38/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:46:01 PM 8/9/2006
+ Scan result:
C:\Program Files\INSTAFINK -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\NewCfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Uninstall.exe -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm25.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4005.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdata.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdloader.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admfdi.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admprog.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asmend.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminfo3.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminstall7.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetup.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jsinstall.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jslegals.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir1st.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Help.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Skin.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\message.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Temp Internet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\settings.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\setup.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\sysdetect.dll -> Adware.Altnet : No action taken.
C:\RECYCLER\S-1-5-21-1784492029-1465058494-1690550294-1012\Dc22.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\DownloadManager -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : No action taken.
C:\Program Files\TBONBin -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Reports -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Stat -> Adware.InstaFinder : No action taken.
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-116.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : No action taken.
C:\Program Files\RXToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo.1 -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CLSID -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CurVer -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\RX ToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : No action taken.
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\9G75J5BQ\zpopup[2].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\T0IQA1GR\zpopup[1].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.
::Report end
----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:48:35 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Mik3\Desktop\Desktop stuff\Virus Detectors\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...38/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
Your use of file-sharing programs has brought you more than just the CyDoor adware; you have other "unwanted guests" as well.
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
* Open your Add/Remove Programs control panel and uninstall any and all programs listed there which relate to the following:
Altnet
TopSearch
Points Manager
RXToolbar
InstaFinder/InstaFink
BestOffers
Need2Find
* Download ATF-Cleaner and save it to yor desktop or another convenient location. Don't run the program yet.
* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
* Reboot your computer in Safe Mode by doing the following :
* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
* Open Ewido and configure it as follows:
- In the main ewido window, click on the "Scanner" option.
- In the Scanner window, click on "Settings" tab.
- Under the "How to act?" heading, set the "default action for detected malware" to Delete.
- Under "How to scan?" and "Possibly Unwanted Software", make sure all boxes are checked.
- Under "Reports", select "Automatically generate report after every scan".
- Under "What to scan?", Select "Scan every file".
Click on the "Scan" tab and then click "Complete system scan". Have ewido delete all malicious items it finds.
* * Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Locate and delete the following files if they still exist:
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
* Delete the following folders entirelyif they still exist:
C:\Program Files\INSTAFINK
C:\Program Files\Altnet
C:\Program Files\TBONBin
C:\WINDOWS\system32\P2P Networking
C:\Program Files\RXToolBar
C:\Program Files\SurfAccuracy
* Empty your Recycle Bin and reboot normally.
* Run HijackThis again and post the new log. Also post the log that ewido generated.
-
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
* Open your Add/Remove Programs control panel and uninstall any and all programs listed there which relate to the following:
Altnet
TopSearch
Points Manager
RXToolbar
InstaFinder/InstaFink
BestOffers
Need2Find
* Download ATF-Cleaner and save it to yor desktop or another convenient location. Don't run the program yet.
* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
* Reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Log in to the Administrator account.
* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
* Open Ewido and configure it as follows:
- In the main ewido window, click on the "Scanner" option.
- In the Scanner window, click on "Settings" tab.
- Under the "How to act?" heading, set the "default action for detected malware" to Delete.
- Under "How to scan?" and "Possibly Unwanted Software", make sure all boxes are checked.
- Under "Reports", select "Automatically generate report after every scan".
- Under "What to scan?", Select "Scan every file".
Click on the "Scan" tab and then click "Complete system scan". Have ewido delete all malicious items it finds.
* * Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Locate and delete the following files if they still exist:
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
* Delete the following folders entirelyif they still exist:
C:\Program Files\INSTAFINK
C:\Program Files\Altnet
C:\Program Files\TBONBin
C:\WINDOWS\system32\P2P Networking
C:\Program Files\RXToolBar
C:\Program Files\SurfAccuracy
* Empty your Recycle Bin and reboot normally.
* Run HijackThis again and post the new log. Also post the log that ewido generated.
-
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: ishost, ismon problems... cant get rid of them....
- Next Thread: Explorer.exe trouble - Have Hijack This Log...
Views: 3813 | Replies: 21
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus firefox gaming gtaiv halloween herss.exe hijack hosting internet iphone logfiles malware mcafee messagelabs microsoft mobile msn nazi news norton obama onlinethreats paedophile panel parents patch pc pdf policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
