Microsoft Visual C++ Runtime Library - Please Help Hijackthis log included

Microsoft Visual C++ Runtime Library
Runtime Error!
C:\WINDOWS\EXPLORER.EXE
abnormal program termination
This program has requested the runtime to terminate it in
an unusual way. Please contact the applications support
team for more info.

Microsoft Visual C++ Runtime Library
Runtime Error!
C:\Program Files\Internet Explorer\IEXPLORE.EXE
abnormal program termination
This program has requested the runtime to terminate it in
an unusual way. Please contact the applications support
team for more info.

Each time after I access another user account on my PC, other than the active one, any program I try to use that uses windows explorer gives me a runtime error. Internet explorer, my documents, etc. Please help.

Here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:28 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kris\My Documents\Programs\Eraser\Eraser\eraser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\dlcdcoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...lcache=2&hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Kris\My Documents\Programs\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Documents and Settings\Kris\My Documents\Programs\Eraser\Eraser\eraser.exe -hide
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

There is nothing unusual in your HijackThis LOG. What were you doing immediately before this error message? Were to running a malware scan of some sort?



Lets try a couple of things which may help to improve matters:


Clean out TEMPORARY FILES:
To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner http://www.ccleaner.com/downloadbuilds.asp

Install Options:

• Don't install any Toolbars, or other programs, should it ask you!
• Just uncheck the option of installing the Yahoo toolbar.

It will put a shortcut on your Desktop.

Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.

• Uncheck ‘Cookies’ option (advisable)
• Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
• Click the ‘Analyse’ button.
• Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.

Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).

• Click the Download BUTTON. On the next page click the Download now BUTTON.
• Save and then install (Run) from the save location.
  
• Open/Run ewido anti-spyware
  
• Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
  
  
  Quote:

  Click on the Update now LINK at the top of the window Click on the Start update button Wait for the update to download and install

• This is very important to get the LATEST updates
  
• Click on the Status ICON
  • Under "Your computers Security"
    Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
• Click on the Scanner ICON at the top of the window
  
• Click on the Settings tab then select Recommended Actions and choose Quarantine
• When updating has finished. Close Ewido.

We will be using this tool in a later step.




Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

______________________________


[The following quoted (purple) instructions were originally included in error - please ignor]______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan:

• Click on the default Status ICON and select the Scan now LINK.
  
  OR
  
  
• Click on the Scanner ICON . Select the Scan TAB.
  
  
  • Select Complete System Scan. Ewido will now begin to scan your system.

• If Ewido finds anything it will list them in the Preview WINDOW:
  • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
  • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).
  
  
• When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
• Copy and paste the EWIDO scan results into your next post.
• Close Ewido and REBOOT.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Where do I find the Smitfraudfix Folder that I am supposed to open after I rebot in safe mode.

Sorry - the Smitfraudfix instructions were included in error. Please ignor that part of the fix instructions (which I have now highlighted in purple on your latest post).

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Here's my Ewido Report:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:28:45 AM 8/11/2006

+ Scan result:



:mozilla.147:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.183:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.234:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.302:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.358:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.419:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.420:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.421:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.422:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.428:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.449:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@cratebarrel.112 .2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@educationsucces s.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@lsfnetwork.122. 2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@msnportal.112.2 o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@pch.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.216:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.365:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.389:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.390:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.391:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.392:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@media.adrevolve r[2].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.15:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.17:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.400:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.401:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.407:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.408:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.410:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.369:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.320:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.85:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.312:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.330:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.331:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.332:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.333:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.334:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.316:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.317:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.326:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.327:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.265:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.286:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.397:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.398:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.409:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.273:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.277:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.278:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.432:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.433:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.434:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.435:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.206:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.214:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.279:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.280:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.281:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.282:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.299:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.300:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.301:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.321:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.322:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.324:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.325:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.163:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.423:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.426:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.427:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.430:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.431:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.436:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.437:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.438:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.446:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.448:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.231:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Masterstats : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@image.mastersta ts[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.217:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.34:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@www.myaffiliate program[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.165:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@data1.perf.over ture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@data2.perf.over ture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@data3.perf.over ture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@data4.perf.over ture[2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.394:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.395:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.396:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.399:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.130:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.131:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.132:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.303:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.304:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.305:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.306:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.102:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.103:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.104:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.157:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.335:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.75:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.76:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.405:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.52:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.82:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.86:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.59:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.60:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.61:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.62:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@web-stat[2].txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.258:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.367:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.368:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ashleigh\Cookies\ashleigh@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Kris\Cookies\kris@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.21:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.22:C:\Documents and Settings\Ashleigh\Application Data\Mozilla\Firefox\Profiles\547y0l58.default\coo kies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

Ewido found a lot of low risk tracking cookies that may also create performance hits or other anomalies.


Please re-run the EWIDO scan and select the 'quarantine' option or delete if you wish (now or later).


Your runtime issues could be the result of many issues. Let us know if you are still see that error message and how frequently.

__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

I'm still having the same problem. It's after I log onto my user account on XP. I will use it for a while then my wife will log on to her account and try to open anything that uses explorer; Internet explorer, Windows explorer, etc. Then the runtime error occurs when it trys to open. I can access the internet through Mozilla or use any other program that dosen't operate through exploer without any errors.

Let's run one more scan and if that doesn't show anything you should go to the XPHelp section of this forum and see if they can help as this is the malware section.




Try running this:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.
Please print these instructions as you will be going into safe mode.
Reboot your computer into Safe Mode by following the following steps:

Reboot.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 8/19/2006 9:23:10 AM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...
UPX! 7/16/2006 744 AM 5118288 C:\Program Files\Firefox Setup 1.5.0.4.exe

Checking %WinDir% folder...

Checking %System% folder...
aspack 3/18/2005 6:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/4/2004 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 8/2/2006 8:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/2/2006 8:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 6:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 6:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/19/2006 9:27:08 AM S 2048 C:\WINDOWS\bootstat.dat
8/18/2006 12:16:46 PM RHS 88 C:\WINDOWS\system32\384F756848.sys
8/18/2006 12:16:46 PM HS 3350 C:\WINDOWS\system32\KGyGaAvL.sys
7/5/2006 758 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
7/28/2006 7:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
7/27/2006 9:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
7/21/2006 4:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
6/26/2006 2:47:22 PM S 11929 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
7/13/2006 9:24:46 AM S 13050 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
7/14/2006 11:13:00 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
7/14/2006 10:53:20 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
8/19/2006 9:27:04 AM H 8192 C:\WINDOWS\system32\config\default.LOG
8/19/2006 9:27:14 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/19/2006 9:27:08 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8/19/2006 9:27:30 AM H 102400 C:\WINDOWS\system32\config\software.LOG
8/19/2006 9:27:10 AM H 1122304 C:\WINDOWS\system32\config\system.LOG
8/11/2006 8:59:06 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DA T.LOG
8/2/2006 6:10:12 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\e7322429-114a-418b-ab17-6adae1d2c100
8/2/2006 6:10:12 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/17/2006 10:03:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\86838c6d-664e-48c9-a92f-9b12f663bd01
8/17/2006 10:03:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/19/2006 9:26:20 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/11/2006 1244 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/11/2006 1244 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/11/2006 1244 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AVROEDGI\desktop.ini
8/11/2006 1244 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GQMOMYHD\desktop.ini
8/11/2006 1244 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\T2WJYLP7\desktop.ini
8/11/2006 1244 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ZTCGRLNN\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation6/10/2005 11:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 11/18/2004 11:02:36 AM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
RealNetworks, Inc. 11/9/2005 4:54:50 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 1/6/2004 5:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 6:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/27/2006 6:17:26 AM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
8/11/2004 6:15:06 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/9/2005 4:41:34 PM 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
11/9/2005 418 PM 2109 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
11/14/2005 10:50:08 PM 1908 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/11/2004 6:07:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
8/11/2004 6:15:06 PM HS 84 C:\Documents and Settings\Kris\Start Menu\Programs\Startup\desktop.ini
12/16/2005 9:28:52 AM 676 C:\Documents and Settings\Kris\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/11/2004 6:07:12 PM HS 62 C:\Documents and Settings\Kris\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Er asext
{8BE13461-936F-11D1-A87D-444553540000} = C:\DOCUME~1\Kris\MYDOCU~1\Programs\Eraser\Eraser\e rasext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ew ido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Kris\My Documents\Programs\ewido-antispyware4.0\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{C FC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\Erasext
{8BE13461-936F-11D1-A87D-444553540000} = C:\DOCUME~1\Kris\MYDOCU~1\Programs\Eraser\Eraser\e rasext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Kris\My Documents\Programs\ewido-antispyware4.0\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}
McAfee AntiPhishing Filter = c:\program files\mcafee\spamkiller\mcapfbho.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Documents and Settings\Kris\My Documents\Programs\Spybot\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}
MenuText = McAfee AntiPhishing Filter : c:\program files\mcafee\spamkiller\mcapfbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
MCUpdateExe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
IAAnotif C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
DMXLauncher C:\Program Files\Dell\Media Experience\DMXLauncher.exe
CTSysVol C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTHelper CTHELPER.EXE
CTDVDDET "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
UpdReg C:\WINDOWS\UpdReg.EXE
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
MimBoot C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe

DLCDCATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtim e.dll,_RunDLLEntry@16
dlcdmon.exe "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
MemoryCardManager "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
MSKAGENTEXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
MSKDetectorExe C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
!ewido "C:\Documents and Settings\Kris\My Documents\Programs\ewido-antispyware4.0\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
CursorXP "C:\Program Files\CursorXP\CursorXP.exe" -s
PhotoShow Deluxe Media Manager C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/19/2006 9:33:24 AM

One more,


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.