Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: Microsoft Visual C++ Runtime Library Error Message


(!)

brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 10:49 AM #1
Solved: Microsoft Visual C++ Runtime Library Error Message
I keep getting the above message when i double click on my Internet Explorer icon. If i use system restore then it allows me to use IE until the next time that i log on. The full error message is below.

Microsoft Visual C++ Runtime Library

Runtime Error

Program: C:\Program Files\Internet Explorer\iexplore.exe

Here also is my hiJackThis log file

Logfile of HijackThis v1.99.1
Scan saved at 15:40:20, on 17/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125165695300
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126446338046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 11:26 AM #2
Welcome to TSG

You're definitely infected...

Hijack This is running from the Temp folder.
It needs to be in a permanent folder on the hard drive.
It will not function properly from there and it cannot create and restore backups from there.

Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to C:\Program Files
Rerun it from there and post a new log
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 01:32 PM #3
have i done it right this time?
Logfile of HijackThis v1.99.1
Scan saved at 15:40:20, on 17/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125165695300
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126446338046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 01:36 PM #4
It's still in Temp.

Let's try this.

Make a folder in "My Documents"
Call it something like "HJT"

Then click here: http://216.180.233.162/~merijn/files/HijackThis.exe

Choose 'Save'. Make sure you save it to the folder you just created.

Then rerun it from there and post a new log.
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 02:13 PM #5
Ive just used system restore
so that i could use IE to do this log. The previous ones were with Firefox which still allows me to access the net despite the error. This log is after system restore using IE.

Logfile of HijackThis v1.99.1
Scan saved at 19:08:43, on 17/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125165695300
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126446338046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 02:16 PM #6
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 03:14 PM #7
right
i hope i have done this right

since rebooting the runtime error has reoccured so i am only able to access teh net via firefox but here are the results of the log and scan

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 20:09:27, on 17/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125165695300
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126446338046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 03:15 PM #8
And
Ewido Scan results

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:05:38, 17/09/2005
+ Report-Checksum: 7CCFF4E3

+ Scan result:

HKU\S-1-5-21-220523388-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 03:16 PM #9
continued...............(coz text was too long)
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@e-2dj6wfk4gmazihq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@e-2dj6wfliwic5aep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@e-2dj6wfmyqkcjalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@e-2dj6wjkockdzwfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@ehealthcaresolutions.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Robert Hepworth\Desktop\Save\o-n6303a.zip/Keygen.exe -> TrojanDropper.Delf.gi : Cleaned with backup
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> Heuristic.Win32.Dialer : Cleaned with backup


::Report End

Cheers mate
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 03:21 PM #10
Be back shortly with instructions.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 03:26 PM #11
Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
--------------------------------------------------------------------------
Is this normally your homepage?

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php

If not, you can add that to the Hijack This fixes.
--------------------------------------------------------------------------
With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe

O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe

O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe

O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)


Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\spool32.exe

C:\WINDOWS\system32\wins.exe


Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the KillBox.

Also in safe mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 03:38 PM #12
yes
that is normally my homepage

doing the rest now
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 03:38 PM #13
Thanks for clarifying that
brillo1902's Avatar
brillo1902 brillo1902 is offline
Junior Member with 10 posts.
THREAD STARTER
 
Join Date: Sep 2005
17-Sep-2005, 04:00 PM #14
done everything......i think and heres the log
Logfile of HijackThis v1.99.1
Scan saved at 20:58:47, on 17/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125165695300
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126446338046
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,638 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Sep-2005, 05:20 PM #15
Looks clean. How are things now?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑