1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Microsoft Visual C++ Runtime Library Error Message

Discussion in 'Windows XP' started by brillo1902, Sep 17, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    I keep getting the above message when i double click on my Internet Explorer icon. If i use system restore then it allows me to use IE until the next time that i log on. The full error message is below.

    Microsoft Visual C++ Runtime Library

    Runtime Error

    Program: C:\Program Files\Internet Explorer\iexplore.exe

    Here also is my hiJackThis log file

    Logfile of HijackThis v1.99.1
    Scan saved at 15:40:20, on 17/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINDOWS\System32\TrayIcon.exe
    C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125165695300
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126446338046
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Welcome to TSG :)

    You're definitely infected...

    Hijack This is running from the Temp folder.
    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log
     
  3. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    Logfile of HijackThis v1.99.1
    Scan saved at 15:40:20, on 17/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINDOWS\System32\TrayIcon.exe
    C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125165695300
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126446338046
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  4. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    It's still in Temp.

    Let's try this.

    Make a folder in "My Documents"
    Call it something like "HJT"

    Then click here: http://216.180.233.162/~merijn/files/HijackThis.exe

    Choose 'Save'. Make sure you save it to the folder you just created.

    Then rerun it from there and post a new log.
     
  5. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    so that i could use IE to do this log. The previous ones were with Firefox which still allows me to access the net despite the error. This log is after system restore using IE.

    Logfile of HijackThis v1.99.1
    Scan saved at 19:08:43, on 17/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINDOWS\System32\TrayIcon.exe
    C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125165695300
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126446338046
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D54BA293-7B83-4318-B274-2D0EDD06CDDC}: NameServer = 62.6.40.162 194.74.65.69
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  7. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    i hope i have done this right

    since rebooting the runtime error has reoccured so i am only able to access teh net via firefox but here are the results of the log and scan

    HJT Log

    Logfile of HijackThis v1.99.1
    Scan saved at 20:09:27, on 17/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINDOWS\System32\TrayIcon.exe
    C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe
    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125165695300
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126446338046
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  8. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    Ewido Scan results

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 20:05:38, 17/09/2005
    + Report-Checksum: 7CCFF4E3

    + Scan result:

    HKU\S-1-5-21-220523388-343818398-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.109:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.110:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.111:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.262:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.265:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.277:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.279:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.294:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.295:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.296:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.303:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.304:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.306:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.316:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.317:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.318:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.319:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.322:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.324:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.335:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.357:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.358:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.359:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.360:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.361:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.362:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.364:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\a2r1d3mi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.190:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.194:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.235:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.260:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.267:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.278:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.281:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.298:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.299:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.310:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.311:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.316:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.328:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.329:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.338:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.341:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.342:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.343:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.346:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.347:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.348:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.349:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.350:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.353:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.358:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.359:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\rpewovsq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.238:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.239:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.241:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.243:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.247:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.270:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.272:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.273:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.291:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.292:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.293:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.294:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.295:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.296:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.300:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.301:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.302:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.303:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.304:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.317:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.319:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.329:C:\Documents and Settings\Robert Hepworth\Application Data\Mozilla\Firefox\Profiles\uggd8llk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
     
  9. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert hepworth@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Cookies\robert [email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Robert Hepworth\Desktop\Save\o-n6303a.zip/Keygen.exe -> TrojanDropper.Delf.gi : Cleaned with backup
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> Heuristic.Win32.Dialer : Cleaned with backup


    ::Report End

    Cheers mate
     
  10. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Be back shortly with instructions.
     
  11. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
    Save it to your desktop.
    DO NOT run it yet.
    --------------------------------------------------------------------------
    Is this normally your homepage?

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://64.34.164.206/ri_forum/index.php

    If not, you can add that to the Hijack This fixes.
    --------------------------------------------------------------------------
    With IE closed, run Hijack This again.
    Put a checkmark on these entries and hit "fix checked":

    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe

    O4 - HKLM\..\Run: [Sygate Personal Firewall] wins.exe

    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] spool32.exe

    O4 - HKLM\..\RunServices: [Sygate Personal Firewall] wins.exe

    O4 - HKCU\..\Run: [Sygate Personal Firewall] wins.exe

    O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] spool32.exe

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)


    Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

    Double-click on Killbox.exe to run it.
    Now put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file.
    Click Yes.
    Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\spool32.exe

    C:\WINDOWS\system32\wins.exe


    Note: It is possible that Killbox will tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.

    Exit the KillBox.

    Also in safe mode navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  12. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    that is normally my homepage

    doing the rest now
     
  13. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Thanks for clarifying that :)
     
  14. brillo1902

    brillo1902 Thread Starter

    Joined:
    Sep 17, 2005
    Messages:
    10
    Logfile of HijackThis v1.99.1
    Scan saved at 20:58:47, on 17/09/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\WINDOWS\System32\TrayIcon.exe
    C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Robert Hepworth\My Documents\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
    O4 - HKLM\..\Run: [BBStart] C:\Program Files\BT Voyager 100 ADSL Modem\BT Broadband.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
    O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125165695300
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126446338046
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  15. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Looks clean. How are things now?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/399759