Can't Get Rid of kazaa - tryed everything

Question

lvlIk3 0 Light Poster

17 Years Ago

hey.. i can't get rid of kazaa, it is listed on the add/remove list but when i try to remove it it comes up with this message:

-----------------------------------------------------------------------
Error loading C:\WINDOWS\system32\cd_clint.dll

The specified module could not be found
-----------------------------------------------------------------------

It is not running in the processes or anywhere else, any help would be appreciated.

windows-virus

5 Contributors
21 Replies
497 Views
2 Weeks Discussion Span
Latest Post 17 Years Ago Latest Post by kylethedarkn

All 21 Replies

FC Jamison 31 Posting Pro in Training

17 Years Ago

It sounds like you deleted kazaa without going through add/remove programs first. Unless you want to try and dig it out of the registry, reinstall kazaa and then remove it through add/remove programs

DMR 152 Wombat At Large

17 Years Ago

cd_clint.dll is actully a component of the CyDoor adware parasite... er, I mean... program that is bundled with Kazaa and some other "free" applications. Running one of the following free antispyware utilities should remove the CyDoor remainders for you:

ewido antispyware (trial version)
Ad Aware SE Personal
SpyBot Search & Destroy

goldeagle2005 33 Finkus Stinkalotus

17 Years Ago

And henceforth, avoid KaZaA. Full of spyware.

DMR 152 Wombat At Large

17 Years Ago

avoid KaZaA. Full of spyware.

Yes, as are file-sharing programs and file-sharing sites as a whole. Given that, and the fact that most of the downloadable content is being illegally shared, it's best to avoid that sort of activity all together.

DMR 152 Wombat At Large

17 Years Ago

I'm going to move this thread to our virus & spyware forum, as this is revealing itself to be that sort of problem.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

lvlIk3 0 Light Poster · Answer 1 · 2006-08-10T03:00:35+00:00

It sounds like you deleted kazaa without going through add/remove programs first. Unless you want to try and dig it out of the registry, reinstall kazaa and then remove it through add/remove programs

reinstalling kazaa has made the computer much worse and it still comes up a message (attatched to this)
-------------
also.. after installing ewido anti-spyware it keeps coming up with messages saying that a toolbar on my browser has an error on it (i clean and quarantine it every time)
------------
Also after reinstalling kazaa i went through the processes on my computer and found multiple adware and spyware..
Please help before it gets any worse

DMR 152 Wombat At Large Team Colleague · Answer 2 · 2006-08-10T03:23:17+00:00

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download the free HijackThis utility. Once downloaded, create a folder for HJT outside of any Temp/Temporary folders and move the downloaded HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
Do not run the program yet.

2. If you do not have the latest version of ewido (version 4), please download that version now from http://www.ewido.net/en/download/.
If you do have the latest version, download and install the most current updates for the program. In either event, do not run the program yet.

If you are installing the new version of ewido:

Close all other Applications and then run the ewido installer
Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
It is very important to get the updates
When updating has finished, close Ewido.

3. Download ATF-Cleaner and save it to your desktop or another convenient folder.

4. * Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Log in to the Administrator account.

* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

* Reboot the computer normally.

* Run HjackThis, but do not have it fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here. Also post the contents of report log that ewido generated.

.

lvlIk3 0 Light Poster · Answer 3 · 2006-08-10T05:18:05+00:00

ok.. hers the results

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:46:01 PM 8/9/2006

+ Scan result:

C:\Program Files\INSTAFINK -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\NewCfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\Uninstall.exe -> Adware.404Search : No action taken.
C:\Program Files\INSTAFINK\instafink.dll -> Adware.404Search : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\Mik3\Local Settings\Temporary Internet Files\Content.IE5\GZF7C7P3\asmfiles[1].cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm25.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\adm4005.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdata.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admdloader.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admfdi.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\admprog.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\asmend.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminfo3.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dminstall7.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetup.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\dmsetupbig.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jsinstall.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\jslegals.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Download Manager\selectdir1st.txt -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\gradient.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\notconnected.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\offline.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\LocalPages\pixel.gif -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Help.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Sav3BD.tmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\Skin.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\back.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\close.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\forward.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help-topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\help.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\maximise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottom.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_bottomright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_left.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\mb_topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\message.xml -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\minimise.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\points.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\redeem.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\refresh.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\right.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\settings.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\start.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\top.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-pro.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft-reg.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topleft.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\topright.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-disabled.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-over.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet-sel.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Skin\wallet.bmp -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\Temp Internet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\settings.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\setup.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\Points Manager\sysdetect.dll -> Adware.Altnet : No action taken.
C:\RECYCLER\S-1-5-21-1784492029-1465058494-1690550294-1012\Dc22.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\DownloadManager -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM.ADM\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Adware.Altnet : No action taken.
C:\Program Files\TBONBin -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : No action taken.
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Adware.InstaFinder : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Reports -> Adware.InstaFinder : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\INSTAFINK\Stat -> Adware.InstaFinder : No action taken.
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10001-116.sig -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Adware.P2PNetworking : No action taken.
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Adware.P2PNetworking : No action taken.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> Adware.PeerNet : No action taken.
C:\Program Files\RXToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\additional_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\background.jpg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rx.xml -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxtoolbar.cfg -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\rxwebsearches.xsl -> Adware.RXToolbar : No action taken.
C:\Program Files\RXToolBar\sfcont.bin -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo.1 -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CLSID -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Classes\RXToolBar.TBInfo\CurVer -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKU\S-1-5-21-1784492029-1465058494-1690550294-1012\Software\RX ToolBar -> Adware.RXToolbar : No action taken.
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : No action taken.
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\9G75J5BQ\zpopup[2].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.
C:\Documents and Settings\Marvin\Local Settings\Temporary Internet Files\Content.IE5\T0IQA1GR\zpopup[1].cgi -> Not-A-Virus.Exploit.HTML.UrlSpoof.a : No action taken.

::Report end

----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:48:35 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Mik3\Desktop\Desktop stuff\Virus Detectors\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [BullguardoptIn] C:\WINDOWS\Temp\BullGuard\bulldownload.exe
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

DMR 152 Wombat At Large Team Colleague · Answer 4 · 2006-08-11T03:45:21+00:00

Your use of file-sharing programs has brought you more than just the CyDoor adware; you have other "unwanted guests" as well.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open your Add/Remove Programs control panel and uninstall any and all programs listed there which relate to the following:

Altnet
TopSearch
Points Manager
RXToolbar
InstaFinder/InstaFink
BestOffers
Need2Find

* Download ATF-Cleaner and save it to yor desktop or another convenient location. Don't run the program yet.

* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\RunOnce: [RXToolBar] regsvr32 /s "C:\Program Files\RXToolBar\RXToolBar.dll"
O4 - Startup: csrss.lnk = ?
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

* Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Log in to the Administrator account.

* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido and configure it as follows:

- In the main ewido window, click on the "Scanner" option.
- In the Scanner window, click on "Settings" tab.
- Under the "How to act?" heading, set the "default action for detected malware" to Delete.
- Under "How to scan?" and "Possibly Unwanted Software", make sure all boxes are checked.
- Under "Reports", select "Automatically generate report after every scan".
- Under "What to scan?", Select "Scan every file".

Click on the "Scan" tab and then click "Complete system scan". Have ewido delete all malicious items it finds.

* * Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Locate and delete the following files if they still exist:

C:\Documents and Settings\Mik3\Local Settings\Temp\asmfiles.cab
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll

* Delete the following folders entirelyif they still exist:

C:\Program Files\INSTAFINK
C:\Program Files\Altnet
C:\Program Files\TBONBin
C:\WINDOWS\system32\P2P Networking
C:\Program Files\RXToolBar
C:\Program Files\SurfAccuracy

* Empty your Recycle Bin and reboot normally.

* Run HijackThis again and post the new log. Also post the log that ewido generated.

-

lvlIk3 0 Light Poster · Answer 5 · 2006-08-11T10:26:27+00:00

alright everything went good except for that when i tryed to remove O4 - Startup: csrss.lnk = ? it came up with the messages that i have attached

thanks for the help so far and here is my current hijack log

--------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:23:43 AM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mik3\Desktop\Desktop stuff\Virus Detectors\HijackThis.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

DMR 152 Wombat At Large Team Colleague · Answer 6 · 2006-08-11T13:49:36+00:00

1. Reboot into Safe Mode again and delete the "csrss.lnk" file. You'll find it in the C:\documents and settings\Your_username\start menu\programs\startup folder.
Empty your Recycle Bin after that and reboot normally.

2. I'd like to see the last ewido report also. Can you please that?

lvlIk3 0 Light Poster · Answer 7 · 2006-08-11T22:30:12+00:00

Alright.. i deleted the csrss but for some reason the log was not saved for the ewido scan.. i know that the only thing that it reported to delete was something that started with Not-A-Virus________
---
I can do another scan if you would like but im sure that the old report is nowhere to be found on the computer
----
One more thing, -- in the add/remove screen it still says that kazaa is there but it now comes up with a message when i try to remove it.
-------------
Error loading C:\PROGRA~1\COMMON~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll

The specified module could not be found
-------------

lvlIk3 0 Light Poster · Answer 8 · 2006-08-16T04:35:10+00:00

hey.. I don't know if im being really cautious here or not but can you just check my hijack log once more there's at least one that im not sure about which is the
016 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
If you someone could just check it over for me that would be great.. thanks alot
--------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:34:23 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\hijack this\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

DMR 152 Wombat At Large Team Colleague · Answer 9 · 2006-08-16T12:19:03+00:00

in the add/remove screen it still says that kazaa is there but it now comes up with a message when i try to remove it.

Sometimes remnants of programs that have been uninstalled get "stuck" in the Add/Remove Programs control panel's list and need to be removed manually. To remove the Kazaa entry from the control panel, see this Microsoft support article.

* {1D6711C8-7154-40BB-8380-3DEA45B69CBF} is Kazaa-related; have HJT fix that entry.

* The following malicious entry should have been deleted if all went well:
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Habve HJT fix the above entry, reboot the computer, and run another HJT scan. Let us know whether or not theentry reappears.

lvlIk3 0 Light Poster · Answer 10 · 2006-08-19T08:11:05+00:00

hey.. thanks for the advice
Here's the hijack log-
-------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

DMR 152 Wombat At Large Team Colleague · Answer 11 · 2006-08-20T10:01:33+00:00

The RXToolbar adware is still present in your log. Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download the Killbox utility and save it to your desktop or another convenient folder.
- Right-click on the downloaded killbox.zip file.
- Choose "Extract all..." from the drop-down context menu.
- Follow the file extraction wizard's prompts to extract the killbox.exe program file.

* Download and install the most current updates for ewido.

* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix Checked" button:

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

* Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Log in to the Administrator account.

* Open Killbox.

- In the "Full Path of File to Delete" box, copy and paste the following
C:\Program Files\RXToolBar\sfcont.dll
- Select the "Standard File Kill" and "Unregister dll before deleting" options.
- Click on the button with the red circle with the X in the middle and then click Yes at the "Backup and delete..." confirmation prompt.
- You should then get a confirmation prompt that the deletion succeeded. Click the OK button and close killbox. Let us know if the deletion did not succeed.

* Open Ewido and configure it as follows:

- In the main ewido window, click on the "Scanner" option.
- In the Scanner window, click on "Settings" tab.
- Under the "How to act?" heading, set the "default action for detected malware" to Delete.
- Under "How to scan?" and "Possibly Unwanted Software", make sure all boxes are checked.
- Under "Reports", select "Automatically generate report after every scan".
- Under "What to scan?", Select "Scan every file".

Click on the "Scan" tab and then click "Complete system scan". Have ewido delete all malicious items it finds.
Close ewido after that, making sure to save the log file.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Locate and delete the following folder entirely:
C:\Program Files\RXToolBar

* Empty your Recycle Bin and reboot normally.

* Run HijakcThis again. Post the new HJT log, as well as the log from the Ewido scan.

lvlIk3 0 Light Poster · Answer 12 · 2006-08-22T04:05:45+00:00

hey.. alright when I did the killbox it said that the file did not exist but that was after I had deleted it on hijack, anyways, my ewido scan came up empty and I would also like to say that I appreciate all of the help you have given me so far -
here is the latest hijack scan results

-------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.jetsetpoker.com/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4438/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ums.uwo.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

DMR 152 Wombat At Large Team Colleague · Answer 13 · 2006-08-22T11:36:49+00:00

OK- the log looks good and clean now :)

How do things seem to be working now? Are there still other issues that we need to look in to?

lvlIk3 0 Light Poster · Answer 14 · 2006-08-23T08:09:24+00:00

well ive got some pretty random stuff.. for example in my control panel there is two programs called --- help finder and help features --- these programs have no size.. are they for windows or can they be deleted? another thing is that my wirelesses is on and off rite now but ive been told that that can be fixed by purchasing another modem.. you can find the full detail in a different thread i created but i thought i might as well mention it to you, I think thats all the problems for now but if any more come to mind then ill be sure to tell you

DMR 152 Wombat At Large Team Colleague · Answer 15 · 2006-08-23T13:00:50+00:00

Thanks for the update.

The help finder and help features control panels must be related to software that came with your particular computer or to other third-party software; tehy aren't standard Windows components.

I'll take a look at the other problem in the other thread you mentioned.

kylethedarkn 23 A.K.A. The Laughing Man Team Colleague · Answer 16 · 2006-08-25T08:30:46+00:00

Sorry to jump in here, but if you need a program like Kazaa I recomend Limewire. Unfortunetly this also downloads adware, but I found a loop hole in there plot. If you delete the folder C:\Documents and Setting\"Whatever the Admin is here\Complete\ then no adware will be downloaded. But you are still at risk from anything you download manually. Only download Things that at least 10 other people have downloaded.

Thats only if you need it.(By need I mean want it bad enough that your life would be miserable if you didn't have it)I you don't need it then ignore the above statement completely.

Can't Get Rid of kazaa - tryed everything

Recommended Answers Collapse Answers

All 21 Replies

Recommended Answers