Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Start Iexplore.exe


  • Please log in to reply
12 replies to this topic

#1 AirmanNL

AirmanNL

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 09 December 2005 - 03:03 AM

when i click to start Internet Explorer i get this error:

IEXPLORE.EXE - Application Error

The application failed to initialize properly (0xc0000005). Click on OK to terminate the application

I can access internet explorer through the control panel by clicking windows update on the side. The computer is running Norton Antivirus 2004 pro. Any help is deeply appreciated. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:53 AM, on 12/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Dan Loerch\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: IEObject Class - {58EA989D-FD9C-4660-B6BC-9AE5296DA453} - C:\WINNT\system32\LXRSGE~2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [jt2s3uck] C:\WINNT\system32\jt2s3uck.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: JumpDrive TouchGuard Auto Login - {DED62EF1-948C-4ED6-9625-AF4285E78995} - C:\WINNT\system32\LXRSGE~2.DLL
O9 - Extra 'Tools' menuitem: JumpDrive TouchGuard Auto Login - {DED62EF1-948C-4ED6-9625-AF4285E78995} - C:\WINNT\system32\LXRSGE~2.DLL
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

Edited by AirmanNL, 09 December 2005 - 03:50 AM.


BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 December 2005 - 11:16 AM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log – If the Ewido log is too large attach it.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 AirmanNL

AirmanNL
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 09 December 2005 - 02:33 PM

Ran Ewido, here is the log

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:06:31 PM, 12/9/2005
+ Report-Checksum: 254532B

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{012B0571-2CD6-11D4-810D-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{062EFA84-8BBB-11D3-80D0-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0922EC19-9EC7-11D3-80B9-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0E42926F-96D8-11D3-80D5-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0E429271-96D8-11D3-80D5-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1348E05A-21C7-4134-B4A4-3C12234FCA3F} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1E587528-41AA-4F19-97E8-BB75ACC3035C} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{20F36AF3-3486-4BB6-8BCB-F1F8ABE74D07} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{212B99A0-9CF6-11D3-80B7-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{29089B98-AF05-4769-B627-86A745D4B672} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2DA93E50-9D08-11D3-80D5-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2FCFB3FD-7184-4C42-AED3-30FFF0119964} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{34FDD882-5530-4A90-89CD-416612C8855E} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{43F1B4AD-92EF-4DB3-BDA9-12335B012DD0} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{50D7C4AB-3C82-11D4-8111-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{58C59F56-CA66-4B5D-9132-ECEA5193BE5A} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{788E0D0E-CAF7-473B-9183-76BE6D30DC9A} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7AA7D1C3-F0F8-460C-936D-B5886D0928EB} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7F0F5DA6-84CB-11D4-8137-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{832786EC-9632-4919-8972-59F79D621C87} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{899BE974-D575-48BB-A9C7-1D24E8042BE4} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8BEE173B-C006-4F0E-ACD2-84A882BEBCFF} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{910E67A6-BD53-46DF-8434-41498B7D22F7} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9464C98E-B5F1-4C6A-BD3F-9696E3BD081E} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{97284959-A553-4576-859C-B3B3FF283DE0} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A0CA55A0-A112-11D3-80D6-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A0CA55A1-A112-11D3-80D6-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A4B977F5-1EFC-4DA0-B9C2-67C53CBA140F} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A9E67CBE-7A42-47BE-962A-C07E73C34FBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AEB17FC4-2A52-4945-9866-81CC343A59E3} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B0DB6360-8D7F-11D4-8137-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B0E9399E-FE6F-43B0-98D3-2F47080DDE4A} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BFCBF73B-6EB2-49C1-ADCA-CF0CD589B140} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0CAD17E-00A3-4F40-9015-D569C3114BA3} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C4D86DC8-B73B-4470-9914-3DAC14EE6F95} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C7291310-3C8C-11D4-8111-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C81B4B57-B06B-409D-AED0-028051683796} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CBE7D5E6-90A2-11D3-80D1-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CBE7D5E8-90A2-11D3-80D1-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CD74B15B-A1D3-11D3-80BC-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CE2EAB19-E31D-43CA-A860-F95A2CA50040} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D14D6792-9B65-11D3-80B6-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DC86768F-5ADF-4D84-9DE8-FD047B1FE8F5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDD1E8CA-678D-4C9A-A472-CE9578B14DC5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E28FCB53-8C8E-11D3-80D1-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EA3B6C62-70A6-11D1-B69E-444553540000} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EB07A6D3-8E36-11D4-8138-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FFE56921-248B-4C75-9EEE-01706310E371} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{07FA131E-2EB2-446F-93D2-9F877320010B} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{74232635-A013-49F2-B869-1B1AB932D944} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BF986691-7F7B-4F94-85E0-20E75350701F} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BFA2C963-FC24-4770-8C19-0D5A1CD58DF9} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{FA4DE133-D3C3-4ED4-92D1-CD4DDE839AB3} -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Comet Systems -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\BHOs -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\Library\Initialization -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\Products -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\Services -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\AR\Services\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR\Library\Initialization -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR\Products -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR\Services -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\CCAR\Services\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\BHOs -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Products -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Products\Screensaver -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Products\Screensaver\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Products\Travel -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Products\Travel\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Services -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Applications\EXPLORER\Services\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\ConfigManager -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\ConfigManager\Categories -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\ConfigManager\Installed -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\ConfigManager\Library -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\IEBands -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\IEBands\Horizontal -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\IEBands\Vertical -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\IEToolbar -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Offsets -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Offsets\comet.exe -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Offsets\Explorer.EXE -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Offsets\iexplore.exe -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Offsets\inst43.exe -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Platform -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Products -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Products\PLATFORM -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Products\SCREENSAVER -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Products\TRAVEL -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns\0001 -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns\0001\OPENED -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns\0001\ZAPPED -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns\TR01 -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Messaging\Campaigns\TR01\ON_ORBITZ -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Update -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Services\Update\Product -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\Stub -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Comet Systems\UpChk -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\NavExcel -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\NavExcel\NavHelper -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\NavExcel\NavHelper\v2.0.4d -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-790525478-746137067-1060284298-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Christi \Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-18f08ee7-48c8f082.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @coxhsi.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @ehg-foxsports.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @ehg-zoomerang.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\christi @z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Christi \Cookies\nick @advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dan \Cookies\dan@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Dan \Local Settings\Temp\Cookies\dan@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Dan \Start Menu\Programs\Startup\DLHelperEXE.exe -> Spyware.Thumper : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Nick \Cookies\nick @trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @coxhsi.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ehg-cafepress.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @ehg-hasbro.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sierra \Cookies\sierra @z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Sierra \Local Settings\Temporary Internet Files\Content.IE5\6O9VNI5Z\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\RECYCLER\NPROTECT\00000001.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00000002.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00000007.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00000008.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00000010.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-790525478-746137067-1060284298-1000\Dc299.exe -> Adware.SAHA : Cleaned with backup
C:\WINNT\Downloaded Program Files\se001.exe -> Heuristic.Win32.Dialer : Cleaned with backup


::Report End



And here is the HiJack log

Logfile of HijackThis v1.99.1
Scan saved at 12:28:50 PM, on 12/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon05.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Dan Loerch\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEObject Class - {58EA989D-FD9C-4660-B6BC-9AE5296DA453} - C:\WINNT\system32\LXRSGE~2.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 December 2005 - 03:54 PM

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

NavExcel - Media Gateway

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

O4 - HKLM\..\Run: [Media Gateway] C:\PROGRA~1\MEDIAG~1\MEDIAG~1.EXE

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab


DL http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Now paste these folders in and then make sure Deltree is checked before hitting the red x

C:\Program Files\NavExcel
C:\PROGRAM FILES\MEDIAGATEWAY

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 AirmanNL

AirmanNL
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 09 December 2005 - 05:25 PM

add/removed media gateway from control panel
Used HJT to fix marked
Killbox only came up with one or more files do not exist
c:\winnt\temp\ was empty
nothing in recycle bin to empty
Still get application error for IExplore.exe

here is the lastest log file in normal mode

Logfile of HijackThis v1.99.1
Scan saved at 3:15:24 PM, on 12/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon05.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Dan Loerch\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEObject Class - {58EA989D-FD9C-4660-B6BC-9AE5296DA453} - C:\WINNT\system32\LXRSGE~2.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 December 2005 - 05:29 PM

IE Fix - http://windowsxp.mvps.org/IEFIX.htm - Repair - http://www.theeldergeek.com/repair_ie6.htm
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 AirmanNL

AirmanNL
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 10 December 2005 - 03:30 AM

My windows 2000 disc is no longer in a usable condition. The fix requires the CD. Any known fix not requiring the windows Cd???

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 10 December 2005 - 11:58 AM

http://www.microsoft.com/windows/ie/downlo...p1/default.mspx
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 AirmanNL

AirmanNL
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 10 December 2005 - 04:09 PM

used the link to reinstall ie6sp1. Also tried microsoft updates Q831167, and IE6.0sp1-KB889293-Windows-2000-XP-x86-ENU. No luck still, same error pops when i try to open it :thumbsup:

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 10 December 2005 - 04:43 PM

http://www.experts-exchange.com/Operating_...Q_20490543.html

Scroll down until you see accpeted answer and see if it helps

I'd check you memory and do CHkdsk first
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:12 PM

Posted 12 December 2005 - 12:27 PM

Do you still have a 'i386' folder on your PC, containing the service pack files? (Search using Windows Explorer)

If so, maybe this would work:

Go to the directory C:\WINNT. Rename the file Explorer.exe to explorer.old. Go to C:\WinNT\ServicePackFiles\i386 and copy the latest version of Explorer.exe from the I386 folder to c:\winnt.
This action should be undertaken with IE closed.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#12 AirmanNL

AirmanNL
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 December 2005 - 06:47 PM

I've given up. Installed Firefox and its working fine. Thx for the help anyways

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:12 PM

Posted 12 December 2005 - 06:49 PM

Just to jump in here, if you want to get IE working again, i have a fix that will probably work:

Go to start > run and copy and paste next line in the field:

regedit /a C:\backupkey.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM

Then open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPCKDM]


Save this as "fix.reg" Choose to save as *all files and place it on your desktop.

It should look like this: Posted Image

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot and open your Internet Explorer.
Post a new hijackthislog in your next post.

David

Edited by D-Trojanator, 12 December 2005 - 06:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users